On the 17th of May and just 8 days before the deadline, WordPress releases an Update (4.9.6) that contains new WordPress GDPR tools that can help you with regulation compliance. This looks like a quite rushed release considering that we all had 2 years to prepare for that day. This is the first release from WordPress about the GDPR and it includes a lot of manual work in order to manage the user data.
The prefilled takes into account the plugins and things you have on the website and the content will be like the one above. So, you have the main areas you need to include on the page with the suggested text but you’ll also have to include the data that individual plugins collect.
Export Personal Data tool:
The new WP update allows the webmaster to send all the data that the website has about any user by entering their email address into a simple form on the backend.
You can find this tool if you go to Tools > Export personal data, by using the username or the email address you can start the process. Then, an email will be sent to the user’s email address, to verify the request. After the confirmation, you can download the data as a zip file and the system will send this file to the user in an email. The file contains user’s details, comments, posts and any interaction with the website.
Erase Personal Data tool:
The same process applies to the deletion of the data with this update, so if the user wants the data to be erased, you need to go to Tools > Erase personal data and add the user’s email address. Then, an email will be sent to the user to verify the request and the webmaster can erase the personal data and the system will send an email to the user also.
We have already noticed some of the challenges:
- Other apps: If a user requests to export personal data, the webmaster needs to send all the info from the DB along with all their 3rd party apps (Google Analytics, Facebook, Shopify, etc.). And if a user wants all of them to be deleted, we need to do it from all the apps.
- User’s citizenship: the webmaster needs to confirm that the received request comes from an EU citizen.
Let us know in the comment section what you think about the new update. If you have any problems or questions about the GDPR, leave any questions in the comments area and we’ll try to answer them as soon as possible.