What is GDPR?

The General Data Protection Regulation (GDPR) is a European Union (EU) law taking effect on May 25, 2018. The goal of GDPR is to give EU citizens control over their personal data and change the data privacy approach of organizations across the world.

You’ve likely gotten dozens of emails from companies like Google and others regarding GDPR, their new privacy policy, and a bunch of other legal stuff. That’s because the EU has put in hefty penalties for those who are not in compliance.

The law gives certain rights to the users, which include:

  1. The right to be forgotten
  2. The right to data portability
  3. Right to access information related to you
  4. The right to make companies edit/correct/change the data about you

What is required under GDPR?

The goal of GDPR is to protect user’s personally identifying information and hold businesses to a higher standard when it comes to how they collect, store, and use this data.

The personal data includes name, email, physical address, IP address, health information, income, etc.

While the GDPR regulation is 200 pages long, here are the most important pillars that you need to know:

  1. Explicit Consent
  2. Rights to Data
  3. Breach Notification
  4. Data Protection Officers

Is WordPress GDPR Compliant?

Yes, as of WordPress 4.9.6, the WordPress core software is GDPR compliant. The WordPress core team has added several GDPR enhancements to make sure that WordPress is GDPR compliant. It’s important to note that when we talk about WordPress, we’re talking about self-hosted WordPress.org.

Having said that, due to the dynamic nature of websites, no single platform, plugin or solution can offer 100% GDPR compliance. The GDPR compliance process will vary based on the type of website you have, what data you store, and how you process data on your site.

By default, WordPress used to store the commenters name, email, and website as a cookie on the user’s browser. This made it easier for users to leave comments on their favorite blogs because those fields were pre-populated.

Due to GDPR’s consent requirement, WordPress has added the comment consent checkbox. The user can leave a comment without checking this box. All it would mean is that they would have to manually enter their name, email, and website every time they leave a comment.