With the General Data Protection Regulation (GDPR) just around the corner, one side of the personal information that you hold may be within your WordPress website.
Back in April WordPress, as an organisation, started addressing the tools that each website administrator would need to address the operational requests that website users can submit to obtain a copy of their personal data, or even for the data to be removed. To do this the GDPR Compliance team were tasked with focusing on four main areas (https://wordpress.org/news/2018/04/gdpr-compliance-tools-in-wordpress/):
Add functionality to assist site owners in creating comprehensive privacy policies for their websites.
Create guidelines for plugins to become GDPR ready.
Add administration tools to facilitate compliance and encourage user privacy in general.
Add documentation to educate site owners on privacy, the main GDPR compliance requirements, and on how to use the new privacy tools.
As an administrator of a simple blog website that allows users to comment on posts, you could be holding onto personal data that includes:
Username
Email Address
Real Name
Now in the case of an e-commerce site the data gets more interesting and could then include:
Billing Address
Delivery Address
Credit Card Information
Purchase History
The list goes on depending on the product or service that you have built your site around.
With this new release we are seeing a lot more functionality that a normal point release.
Firstly, to let users know what you will be doing with their data, WordPress will be adding a new tool under Settings => Privacy that will guide you through creating a comprehensive privacy policy for your site.
Within this settings page you will be able to allocate a page to be your privacy policy in much the same way that you allocate a static homepage or your blog page.
Once you have allocated a page, when you enter the edit screen for the page, you will be greeted with a template to guide you through the process of building your policy.
You will see sections in yellow that will need to be removed and start with the introduction:
We have suggested the sections you will need. Under each section heading, you will find a short summary of what information you should provide, which will help you to get started.
Please edit your privacy policy content, making sure to delete the summaries, and adding any information from your themes and plugins. Once you publish your policy page, remember to add it to your navigation menu.
It also continues with the advice that
It is your responsibility to write a comprehensive privacy policy, to make sure it reflects all national and international legal requirements on privacy, and to keep your policy current and accurate.
As always this is a community effort and although this gets you a long way along the road, do seek proper legal advice if you feel that you need it for your site.
I hope that this gives you a good overview of the tools coming your way and I will continue on the next post with the features that will help you to manage personal data or right to erasure requests. If you need help with any of these features please do sign up for one of our UK based WordPress hosting plans and then just raise a ticket.
Use our domain name search to check your dream domain name
Wide Variety of Domains
Easy Registration Process
Free WHOIS Privacy
