WordPress Plugins to Make Your Website GDPR Proof

WordPress Plugins to Make Your Website GDPR-Proof

WordPress Plugins to Make Your Website GDPR Proof

As the new EU privacy law — the General Data Protection Regulation (GDPR) — is about to come into effect, all sorts of plugins are marketed to help you get GDPR compliant. In this article we will share the 5 best WordPress plugins to Make Your Website GDPR-Proof!

What does the GDPR mean for Your website?

The General Data Protection Regulation (GDPR) is a EU-wide regulation that controls how companies and other organizations handle personal data. It is the most significant initiative on data protection in 20 years and has major implications for any organization in the world, serving individuals from the European Union.

If your website is serving individuals from the EU and you – or embedded third party services like Google and Facebook – are processing any kind of personal data, you need to obtain prior consent from the visitor.

To obtain valid consent, you need to describe the extent and purpose of your data processing in plain language to the visitor, prior to processing any personal data. This information must be available to the visitor at all times, e.g. as part of your privacy policy. You must also make available en easy way for the visitor to change or withdraw consent.

All consents must be logged as proof and all tracking of personal data, also by embedded third party services, must be documented, hereunder to which countries data is transmitted.

7 things that Your website needs to be GDPR compliant:

  • Cookie Consent;
  • Terms and Conditions Acceptance;
  • Privacy Policy;
  • Data Access;
  • Data Rectification;
  • Right To Be Forgotten;
  • Data Breach Notification.

GDPR Compliance Tools in WordPress

With WordPress 4.9.6. update website owners will be able to create GDPR compliant privacy policy in three steps:

  1. Adding a dedicated page for the policy.
  2. Adding privacy information from plugins.
  3. Reviewing and publishing the policy.

A new “postbox” will be added to the Edit Page screen when editing the policy. All plugins that collect or store user data will be able to add privacy information there. In addition it will alert the site owners when any privacy information changes after a plugin is activated, deactivated, or updated.

There is a new functionality to confirm user requests by email address. It is intended for site owners to be able to verify requests from users for displaying, downloading, or anonymizing of personal data.

A new “Privacy” page is added under the “Tools” menu. It will display new, confirmed requests from users, as well as already fulfilled requests. It will also contain the tools for exporting and anonymizing of personal data and for requesting email confirmation to avoid abuse attempts.

1. WP GDPR Compliance

The GDPR demands ‘explicit consent’ of your visitors to allow you to process their data. Whether you want your visitors to subscribe to a newsletter, fill in a contact form, or react to a message, permission is required. Such explicit consent can be realized by virtue of providing a tick box for example. However, should a tick box be marked by default, then you are overriding the ‘privacy by default’ principle.

Forcing explicit consent in your WordPress website is largely done manually. Again, make sure that tick boxes aimed at having users agree with your terms, are not ticked by default. Fortunately, WP GDPR Compliance imbeds such tick boxes for you and supports plugins like Contact Form 7, WooCommerce and WordPress Comments. The author of this plugin has announced future support for other plugins as well.

2. GDPR WP Plugin

This plugin is meant to assist a Controller, Data Processor, and Data Protection Officer (DPO) with efforts to meet the obligations and rights enacted under the GDPR. Features:

  • Consent management
  • Privacy Preference management for Cookies with front-end preference UI & banner notifications
  • Privacy Policy page configurations with version control and re-consent management
  • Rights to erasure & deletion of website data with a double opt-in confirmation email
  • Re-assignment of user data on erasure requests & pseudonymization of user website data
  • Data Processor settings and publishing of contact information
  • Right to access data by admin dashboard with email look up and export
  • Right to access data by Data Subject with front-end requests button & double opt-in confirmation email
  • Right to portability & export of data by Admin or Data Subject in XML or JSON formats
  • Encrypted audit logs for the lifetime of Data Subject compliance activity
  • Data Subject Secret Token for two-factor decryption and recovery of data
  • Data breach notification logs and batch email notifications to Data Subjects
  • Telemetry Tracker for visualizing plugins and website data

3. GDPR Cookie Compliance 

This plugin is designed to help you prepare your website for the GDPR regulations related to cookies but IT WILL NOT MAKE IT FULLY COMPLIANT – this plugin is just a template and needs to be setup by your developer in order to work properly.

Once installed, the plugin gives you a template that you can customise; you can modify all text and colours to suit your needs.

You can also allow users to enable and disable cookies on your site, however, this will require bespoke development work as every site is unique and uses different cookies.

4. The GDPR Framework

Easy to use tools to help make your website GDPR-compliant. GDPR is a whopping 88 pages of legal text. Becoming compliant takes a lot more than just adding a couple of checkboxes to your forms! But worry not, we’ve got it covered. You don’t need to drown your customers in pointless acceptance checkboxes if you know what you’re doing!

The WordPress GDPR Framework provides all the base features you need to make your site GDPR-compliant. This includes manual and automatic data download, export, anonymization and deletion, tracking and withdrawing consent, a privacy policy generator and more.

5. WP GDPR

This open source plugin will assist you making your website GDPR compliant by making personal data accessible to the owner of the data. Visitors (owners) don’t need user accounts to access their data. Everything works through a unique link and e-mails.

WP-GDPR integrates with some of the most well-known plugins through add-ons. This will make the data stored by the plugins available for the visitor to manage it.

The plugin creates a page where users can request access to their personal data, stored on your website. You can find this page in the list of WordPress pages. In the backend you’ll get an overview of the requests users send and you can see which plugins collect personal data and need a ‘ask for approval’ checkbox.

Users who ask to view their personal data will get an email with a unique url on which they can view, update and download their comments and ask for a removal per comment. When they ask for a removal, the admin has the ability to delete the comment through the wp-gdpr backend. All emails will be sent automatically.

Share this post