It is an issue now quite current, as the new data protection law of EU (GDPR) comes into force on May 28, it is important to make sure that your site complies with the new regulations and in this article I will explain that it is not as complicated as it may seem.
What is GDPR?
The data protection law (GDPR) is the new reference text at European level for the protection of personal data. Strengthens and unifies data protection for people in the European Union.
This regulation will come into force at the end of May. If your site does not comply with the GDPR, you risk suffering heavy penalties. Surely the sites will be punished after a few months of its entry into force, but it is better to have your site ready now and unconcerned about this issue.
Which sites does it affect?
Unless your site is outside the European Union and no country in the European Union can access it, all sites must comply with the standard.
What should I do?
First, I understand that I am not a lawyer, only a developer is reading many things about it, so getting in touch with a lawyer to make sure your site complies with the GDPR would be a good idea. Each site is different and will have some peculiarities but here are some points that you can verify …
1. GOOGLE ANALYTICS
It depends on how you use Google Analytics on your site, but this point is very important. For my part, I use Google Analytics to track visitors and cookies to collect data. The data collected is processed anonymously. To comply with the new regulation, Google included a data processing amendment.
2. YOUR FORMS
Each form on your website that collects data such as names or email addresses must have a checkbox for the user to consent to the storage of their data.
In addition, you can find WordPress GDPR plugin on WP store to compliance with your website, it is fully compatible with Contact Form 7, Gravity Forms, WooCommerce and probably more add-ons in the future.
3. ECOMMERCE
WooCommerce is working on a new update to make your plugin compatible with the GDPR, so you probably do not have to do anything here. There is also WP GDPR Compliance that has a configuration for WooCommerce.
4. PRIVACY POLICY PAGE
If you have not already done so, you must create a Privacy Policy page to tell your users how you use your data. For example, if you request a username and an email for a support form, you must say that you are using your data to contact them and resolve their problem.
In conclusion, you can see that it is not difficult to make a WordPress site compatible with the GDPR. You just have to keep in mind that every time you collect personal data from a European user, you must inform them that you are collecting their data.