How to Make Your Website GDPR Compliant

From May 25, 2018, the GDPR (General Data Protection Regulation) has been made mandatory for (a) websites based in the European Union or EU and (b) websites from around the globe who receive visitors from the EU. The GDPR has laid down certain guidelines to be followed, failing which steep penalties and fines are levied. As a website owner, it is important to comply with these norms to avoid attracting any penalty/fine and make your customer feel safe. While we usually recommend site owners to talk to a lawyer or a GDPR-professional for ensuring compliance with the regulations. Here is a quick to-do list that can help you make your WordPress website GDPR compliant.

Check your WordPress version – It should be 4.9.6 or higher

To help WP users, the developers released version 4.9.6 of WordPress which added some important features ensuring GDPR compliance:

  • An opt-in for comments cookies
  • Options to export and erase personal data (available under tools on your dashboard)
  • A tool to generate Privacy Policy for your website

As a WordPress user, you might be already aware of the importance of keeping the core, plugins, and themes updated at all times. If your business is not leaving you with enough time to install these updates when they are released, then you might want to consider a WP Hosting plan offering automatic WordPress updates.

Make the Privacy Policy GDPR-compliant

Under GDPR, you are required to include disclosures regarding the collection of data and cookies on your website. If your site includes contact forms, then ensure that you include a checkbox seeking the user’s approval to be contacted. You are also required to seek consent from every customer before sharing newsletters which can be done by creating a checkbox in the opt-in form. Necessary changes to the privacy policy need to be made too.

Cookie Disclosure

Apart from including a disclosure about using cookies in your privacy policy, you are required to add a notice about Cookie Disclosure and Acceptance on the first page visited by every user.

Option to add or delete personal information

You have to provide the users with an option to add or delete their personal information stored with you. A contact form can be created to receive such requests from users.

Notify users about updates in policy or incidents of data breach

If your website has user accounts or sends newsletters, then you are mandated to inform users of any changes in policy. Further, you have to notify the users of any data breach incidents.

Conclusion

These tips can help you make your WP website GDPR compliant to a great extent. However, you must remember that every website needs to take different steps to ensure compliance. Hence, talking to a lawyer or a professional can ensure that you don’t overlook any regulation. The online community expects your website to ensure the security and privacy of their data. Get your website GDPR-compliant and live up to the trust endowed upon you by your customers.