Is WordPress GDPR compliant? What are the best WordPress GDPR plugins? let’s find out.
GDPR (General Data Protection Regulation) is the most trending topic of the current time entire world. It has created enough buzz in the world of WordPress as well. I was also searching for how to make my website compliance.
I read a couple of good articles to understand what is GDPR, how a WordPress website comes under GDPR rules. In this article, I will be sharing few good GDPR WordPress plugins (including the one I have installed on this website) to make your website as per GDPR guidelines.
Note: GDPR rules has been already forced from 25th May 2018. So, you have to make your website GDPR compliance as early as possible to keep your website safe.
What Is GDPR (General Data Protection Regulation)
The full form of GDPR is General Data Protection Regulation, I have mentioned a few times already. This is a special rule to strengthen and unify data protection for all individuals within the European Union. This will give good control of personal data for EU residents.
That means this is a special rule created mainly for European Union countries only. This will help them to protect their personal data usage online.
Then why are we worried?
The simple answer to this question is, as a blogger we create a website which can drive traffic from any country. Now whenever your content or website is accessing by any European Union countries, your content is also coming under the GDPR law.
So, that’s the reason we have to make our WordPress websites GDPR compliance. Even though you block traffic from European Union countries, but you can’t be 100% sure to stop someone from European Union countries visiting your website.
I read many such comments online, E.g. my website is related to Indian topics or hosted on a .IN extension etc. But what if some Indian visit your website from European Union countries while searching for something on the internet about India.
So, it is clear that we can control the traffic from European Union countries. Better let’s make our WordPress blog GDPR compliance.
What if my Website Comes under GDPR Non-compliance
As per GDPR law, in case your business found non-compliance then the fine could be up to 4% of a company’s annual global revenue OR €20 million (whichever is greater).
But don’t worry about this huge amount of fine. As there is a certain process of communication which will be followed by this heavy fine. This is the last stage of the process and you will be notified of various ways to get compliance or get rectified.
Here is a simple picture to explain the GDPR non-compliance process.
Popular GDPR WordPress Plugins To Make Your Website GDPR Compliance
Well, it is not 100% clear yet how one can make a website GDPR compliance. Every website is different, so there can’t be a simple solution or generic solution which can be applied at one go. So, considering some common website behaviors couple of GDPR WordPress plugins has come up to make your website compliance.
- WP GDPR Compliance By Van Ons
- GDPR Plugin by Trew Knowledge
- Delete Me (free)
- GDPR Cookie Consent By webtoffee
- GDPR Cookie Compliance By Moove Agency
WP GDPR Compliance By Van Ons
WP GDPR Compliance helps you as a site owner take care of:
- Keeping a consent log for supported plugins.
- Adding checkboxes to supported plugins for explicit visitor consent.
- ‘Right to access’ through encrypted audit logs.
- ‘Right to be forgotten’ by anonymizing user data.
GDPR Plugin by Trew Knowledge
This plugin is meant to assist a Controller, Data Processor, and Data Protection Officer (DPO) with efforts to meet the obligations and rights enacted under the GDPR.
- Consent management
- Privacy Preference management for Cookies with front-end preference UI & banner notifications
- Rights to erasure & deletion of website data with a double opt-in confirmation email
- Re-assignment of user data on erasure requests & pseudonymization of user website data
- Data Processor settings and publishing of contact information
- Right to access data by admin dashboard with email look up and export
Delete Me (free)
This plugin is good for a website which is kind of a forum or membership site. Where everyday users are interacting regularly responds to your articles. This plugin will make sure your data will not be stored anywhere. But in case if you have other plugins which can store data, this plugin can’t help.
How it works:
- A user clicks the delete link, which defaults to “Delete Account”, but can be changed.
- The user is asked to confirm they want to delete themselves.
- If confirmed, user and all their Posts, Links, and (optionally) Comments are deleted.
- Deleted user (optionally) redirected to landing page URL, the default is the homepage, can be changed or left blank.
GDPR Cookie Consent By webtoffee
As the name suggests, this is one of the simplest WordPress GDP plugins. This plugin will help you to become GDPR compliant with following features.
- The plugin will show a notice with Accept and Reject options. By default, the cookie value will be set to ‘null’. If the user clicks ‘Accept’ button the value with be changed to ‘yes’. IF the user clicks on ‘Reject’ the value will be set to ‘no’. Your developer can check this value to set a cookie
GDPR Cookie Compliance By Moove Agency
This plugin works perfectly to make your website GDPR compliance. You can do following things by installing this plugin.
- This plugin is designed to help you prepare your website for the GDPR regulations related to cookies but IT WILL NOT MAKE IT FULLY COMPLIANT – this plugin is just a template and needs to be set up by your developer in order to work properly.
- Once installed, the plugin gives you a template that you can customize; you can modify all text and colors to suit your needs.
- You can also allow users to enable and disable cookies on your site, however, this will require bespoke development work as every site is unique and uses different cookies.
Now, these plugins alone can’t make your website GDPR compliance. You have to do a couple of other things also. Let me tell you the things you should do to make your website compliance.
Steps To Make Your Website GDPR Compliance
WordPress is a very big CMS and it is not possible to make everything in line overnight. As soon as GDPR law enforced on 25th May 2018, WordPress has come up with a couple of changes to make WordPress GDPR compliance. Here are few of things you might have noticed after 25th may 2018.
Well, by default WordPress 4.9.6 now comes with the following GDPR enhancement tools. In case you are not able to see the GDPR checkbox below WordPress comment system, follow this tutorial.
So, if I have to summarise this entire process, it will be like this.
- Update your WordPress website to the latest version so that default GDPR settings apply to your website too.
- Create a privacy page using WordPress privacy generator settings. Do necessary changes as per your website need. What kind of data you are collecting from users and how you are using the same.
- Install any of the GDPR WordPress Plugins to show a cookie consent popup or notification.
This will make any default WordPress website GDPR compliance. But this is not the end of the story. As a website owner, we are using various other tools & plugins to make our business run smooth. E.g. contact forms, analytics, email marketing, online store, membership sites, etc.
You have to make sure that the plugin you are using, they also make themselves GDPR compliance. If not try to find a better alternative. generally with popular WordPress plugins, this should not be a worry. I have also shared couple fo good reference articles on this topic. As this is a new topic, we have to keep an eye to learn things and gradually adopt the changes to secure our online blogging business by keeping our website 100% GDPR compliance.
- The Ultimate Guide to WordPress and GDPR Compliance – Everything You Need to Know
- GDPR Compliance Tools in WordPress
- The Complete WordPress GDPR Guide: What Does the New Data Regulation Mean for Your Website, Business and Data?
- GDPR: How it Affects WordPress Site Owners and Developers
- Data protection infographic by European Commission
- Principles of the GDPR by European Commission
Legal Disclaimer / Disclosure
I am not a lawyer and none of the information available in this article should be considered legal advice. The information shared here is just for education purpose only. Although no single plugin or platform can offer 100% legal compliance due to various reasons, I am trying to share some ways to make WordPress site GDPR compliance based various available online references. You should consult a specialist internet law attorney to find out whether your website is 100% compliance or not.