Businesses have been scrambling to write GDPR privacy policies and update their mailing lists for GDPR. In the rush, you might have missed the new WordPress GDPR tools that are designed to make your website compliant.
Here’s a quick guide to the new WordPress GDPR tools and settings.
- 1 About the New WordPress GDPR Tools
- 2 New GDPR Features in Automattic Plugins
- 3 Small Businesses Need to Act to be GDPR Compliant
About the New WordPress GDPR Tools
WordPress has been mulling over GDPR for a few weeks. Like most of us, it’s left the actual roll-out of its tools until late, so site owners are likely just discovering the new settings.
If you’ve not updated your WordPress core to 4.9.6 yet, you probably won’t even be aware that the tools are available.
The main changes you need to know about are:
- WordPress’ new personal data tools, which appear under the Tools menu as Export Personal Data and Erase Personal Data; these are essential for compliance, and will be doubly important for any site that accepts registrations
- A way to confirm personal data export or deletion by emailing the user
- New privacy guidance for plugin developers, including some useful information about Privacy By Design, a key GDPR concept
- An easier way to get cookie permissions, although most site owners probably do this already.
In order to access the new WordPress GDPR settings, you’ll need to update WordPress to the latest version, WordPress 4.9.6 Privacy and Maintenance Release.
It’s important to note that the new privacy settings are not the same as the old privacy setting in WordPress, which allowed you to hide your website from search engines; they were nothing to do with personal data.
This old privacy setting was renamed and moved in version 3.5, perhaps as a way to avoid confusion with the new settings for GDPR.
Setting Up GDPR WordPress Features
Once you’ve updated WordPress, you’ll see this pop-up next time you log in as an Administrator:
When you see this, you’ll have:
- New personal data tools for your website under Tools, so you can export one user’s data as a zip file, or erase the user’s data from your database
The first option, the data exports and erasure tools, will be handy for removing users and exporting the data you hold on them. You may not need these tools now, but it’s good they’re there.
The data erasure or download menu will also automatically ask the user for consent via email before their data is exported or removed, so you have consent from the right person beforehand.
This is more important than it looks. Why?
We’ve listed three free generators in our GDPR documentation blog. You could also follow the link from your Settings -> Privacy page in WordPress, which will take you to WordPress’ generic content suggestions. The page lives at http://your-domain.com/wp-admin/tools.php?wp-privacy-policy-guide
Where possible, I’d suggest using legal templates rather than generators. If you write your own policy, we can proofread and format it for you if you need a little help.
New GDPR Features in Automattic Plugins
Automattic, the team behind WordPress, has also updated some plugin settings, and changed its guidance for plugin users. There are lots of small changes, but here are the basics.
GDPR and Jetpack
Jetpack is a useful (and free) WordPress plugin that gives self-hosted WordPress users advanced features, similar to those provided to hosted WordPress.com users.
For example, you get some handy and interesting statistics about your site.
While Jetpack itself hasn’t changed much, it has launched a couple of tools that might be of interest to you:
- A Privacy Centre, which provides more information on data that’s collected through the plugin.
GDPR and WooCommerce
WordPress has its own Privacy Blog, but is fairly light on content at the moment.
However, it does mention WooCommerce changes.
The main tools WooCommerce users need are the Export Personal Data and Erase Personal Data menus, which are already live in WordPress itself. However, the WooCommerce plugin has also been tweaked to avoid unnecessary data collection, and obtain consent where it’s needed, which is also important.
If you use WooCommerce, update the plugin to version 3.4 if you haven’t already.
GDPR and WordPress.com
WordPress.com users can now opt out of having their data collected for analytics purposes.
You’ll also be able to close a WordPress.com account and delete your data. Until now, that was impossible.
WordPress.com shares many tools with Jetpack, so it’s worth also looking at the Jetpack Privacy Centre that I linked to above.
More Information on GDPR from Automattic
Some of these updates have come very late in the day, and businesses have plenty to do over the next 24 hours to get their sites ready.
Automattic is also still rolling out GDPR information and guidance; this blog post was only published in the early hours of 24th May, but includes some useful details on other Automattic services like Askismet and Polldaddy.
Small Businesses Need to Act to be GDPR Compliant
As with most things related to GDPR, it’s a case of “better late than never”.
It’s promising that the developers behind all Automattic plugins and software have focused on data deletion. This is something that other companies are not taking seriously yet.
We’ll almost certainly see improvements in the next few versions of WordPress.
Some web hosting providers, including InMotion Hosting and SiteGround*, offer automatic WordPress updates on some plans. It’s best to switch these automatic updates on to avoid the hassle of manually keeping your site up to date.
Latest posts by Claire Broadley (see all)
- Red Robot is Moving Back to Leeds – A Little Housekeeping - August 28, 2019
- 8 Ways to Get Quality Blog Post Topics - June 12, 2018
- Red Robot is 8 Years Old Today - June 8, 2018