Without getting in to the legalese of the law (spoiler alert – I’m not a lawyer), and while it may be annoying in the short term, ultimately the protections are in place to better protect you and your privacy online. So that’s all great, but you may be asking yourself: What does that mean for me and what do I need to do?
This article will cover the basics of what is required of you as a site owner and the tools available in WordPress for you to ensure compliance. Again, a disclaimer, this should not be interpreted as legal advice; and, if you have any serious questions about what is necessary for your business, consult an actual attorney.
What is Required of Site Owners?
Is WordPress GDPR Compliant?
Yes, as of WordPress 4.9.6, the core software of WordPress is GDPR compliant and offers tools to help site owners move towards compliance. With that said, since websites vary widely, no platform can offer 100% compliance. The compliance process will depend on your business and how users interact with your website.
With WordPress 4.9.6 and above, you now have new tools available for you to utilize, including:
If your theme is not showing the consent checkbox, your theme may need updating. Also make sure you are logged out of your site or it won’t appear.
Data Export and Erase Feature
With the requirements around data handling in the GDPR, WordPress now offers a tool to let you export or erase a user’s personal data if they request it. These both can be found under the Tools menu in WordPress.
What Do I Need to Do?
- Under the Settings menu, click Privacy.
- Review the page, add any additional required information, remove any irrelevant headings and Publish the page.
- Copy the link to the new page, and assuming you want to place the link in the footer, navigate to Equity > Footer Settings.
- Click Save to save your changes.
If you are TurnKey subscriber and would like help with these steps, contact our support team through your site dashboard.
The GDPR has already gone into effect as of May 25, 2018, and it’s unlikely your website is 100% compliant right now, but don’t freak out. You’re also unlikely to receive the scariest of punishments – a fine – as the EU states they will start with a warning, then a reprimand, and the fine is the last resort for willful negligence of the law. Just work towards compliance and everything will be fine.
In the end, the law is intended to protect you as a consumer. Being a business owner, protecting your customers should always be a top priority, so it can only help.
Listen to this post...
3 thoughts on “GDPR and Your WordPress Website”
I’m sincerely wanting you, the “provider” of services for Agents, to provide me a solution. Is there a way that your attorneys can write up a paragraph that agents using IDX can use on their own sites? This would be so helpful. I gave it a try. This was my best effort, but I think maybe your attorneys would come up with something that covers it best:
YOUR PERSONAL INFORMATION PROVIDED THROUGH THE PROPERTY SEARCH FUNCTIONS
Cookies: IDXBroker collects information about you and your browsing habits through cookies. The information collected can include the name of the domain and host from which you access the Internet, your IP address, your browser, software operating system, web log data (including the date and time you access this site), pages you visit, what you do during your visit, and what searches you performed.
Account: While using their site, you may sign up for an account with your email, and may choose to provide further identifying information. This will allow you to save your search perimeters or set up property alerts. It is a great feature.
When you provide information through the property search functions on my site, IDXBroker receives and processes it on my behalf. IDXBroker will collect, use, and share your information in a manner that is necessary for me to do my job. IDXBroker does not collect your information to use for any of its own purposes.
Hi Jill and thank you for your reply!
However, if the concern for punishment is significant, I must reiterate that this is not any official legal guidance or suggestion and an attorney familiar with GDPR law should be consulted.
I don’t have a huge concern about punishment, especially since very real estate sites in the US do not intend to market to the EU. But, I like to follow the law, and make every effort to comply. This was just a tricky situation that I was having a hard time figuring out how to present in my policy. And I thought you guys might “get it” more than me…being it is your product, and be able to help me.
That will be great to have it built in to the WordPress Privacy plugin. I downloaded that after reading your article…I did not know they had that…great tool. I have Jetpack and thought that all their supplied wording was almost overkill. But maybe this is what we should be doing.
I will look over that article as well. I am building, but am not live yet, so I don’t have an IDX account until my site goes live. Thanks for your response!