On the 17th of May and just 8 days before the deadline, WordPress releases an Update (4.9.6) that contains new WordPress GDPR tools that can help you with regulation compliance. This looks like a quite rushed release considering that we all had 2 years to prepare for that day. This is the first release from WordPress about the GDPR and it includes a lot of manual work in order to manage the user data. 

The GDPR compliance tools include a privacy policy creator with the basic text and an export/erase personal data tool. Let’s see more details:

Privacy Policy Creator

You can find this update if you go to Settings > Privacy, there you can add either your privacy policy content or use the prefilled one.

The prefilled takes into account the plugins and things you have on the website and the content will be like the one above. So, you have the main areas you need to include on the page with the suggested text but you’ll also have to include the data that individual plugins collect.

However, what happens if you run an eshop or use other 3rd party apps Google Analytics, Facebook, Shopify, etc.? Please keep in mind that this prefilled Privacy Policy text is not enough and it doesn’t include all the needed information. After being advised by our partner on Unicorn Hosting, we can say that this update is the least that anyone can do in order to be GDPR ready.

Export Personal Data tool:

The new WP update allows the webmaster to send all the data that the website has about any user by entering their email address into a simple form on the backend.  

You can find this tool if you go to Tools > Export personal data, by using the username or the email address you can start the process. Then, an email will be sent to the user’s email address, to verify the request. After the confirmation, you can download the data as a zip file and the system will send this file to the user in an email. The file contains user’s details, comments, posts and any interaction with the website.

Erase Personal Data tool:

The same process applies to the deletion of the data with this update, so if the user wants the data to be erased,  you need to go to Tools > Erase personal data and add the user’s email address. Then, an email will be sent to the user to verify the request and the webmaster can erase the personal data and the system will send an email to the user also.

Challenges

We have already noticed some of the challenges:

  • Other apps: If a user requests to export personal data, the webmaster needs to send all the info from the DB along with all their 3rd party apps (Google Analytics, Facebook, Shopify, etc.). And if a user wants all of them to be deleted, we need to do it from all the apps.
  • User’s citizenship: the webmaster needs to confirm that the received request comes from an EU citizen.
  • Received requests: an easy way for the users to send their requests is to include a form on the Privacy Policy page.

As for the next steps you need to do, we would advise you to either hire a lawyer or contact Unicorn Hosting for professional assistance and a GDPR compliance package.

Let us know in the comment section what you think about the new update. If you have any problems or questions about the GDPR, leave any questions in the comments area and we’ll try to answer them as soon as possible.