Surely you’ve received loads of emails over the past several weeks from companies saying they’ve updated their privacy policy or need to re-confirm your email address. This is all due to GDPR, or General Data Protection Regulation, established into law by the European Union.

Without getting in to the legalese of the law (spoiler alert – I’m not a lawyer), and while it may be annoying in the short term, ultimately the protections are in place to better protect you and your privacy online. So that’s all great, but you may be asking yourself: What does that mean for me and what do I need to do?

This article will cover the basics of what is required of you as a site owner and the tools available in WordPress for you to ensure compliance. Again, a disclaimer, this should not be interpreted as legal advice; and, if you have any serious questions about what is necessary for your business, consult an actual attorney.

What is Required of Site Owners?

The GDPR itself is around 200 pages long, so it covers many aspects of online privacy and how businesses need to handle the personally identifiable information of their users. To put it in plain English, it means businesses must inform users of the information they collect and why it’s being collected through the use of a Privacy Policy. Additionally, businesses must delete a user’s account and unsubscribe them from emails if requested.

Is WordPress GDPR Compliant?

Yes, as of WordPress 4.9.6, the core software of WordPress is GDPR compliant and offers tools to help site owners move towards compliance. With that said, since websites vary widely, no platform can offer 100% compliance. The compliance process will depend on your business and how users interact with your website.

With WordPress 4.9.6 and above, you now have new tools available for you to utilize, including:

Comments Consent

WordPress uses cookies when a user leaves a comment on a post, so that when a user visits again their user information is automatically filled for convenience. Due to the consent requirements of GDPR, you must get the user’s consent to store their information, so WordPress now adds a checkbox to ask the user if they want their information saved.

GDPR - Comment Consent

If your theme is not showing the consent checkbox, your theme may need updating. Also make sure you are logged out of your site or it won’t appear.

Data Export and Erase Feature

With the requirements around data handling in the GDPR, WordPress now offers a tool to let you export or erase a user’s personal data if they request it. These both can be found under the Tools menu in WordPress.

GDPR - WordPress Data Handling

Privacy Policy Generator

One of the most useful new tools in WordPress is the Privacy Policy generator. It will create a pre-made privacy policy that covers how the core software uses cookies and will also suggest additional text that may be applicable for your website.

Also, plugins that store and transmit user data can hook into the privacy policy generator to add additional text that covers how their plugin handles the data.

GDPR - Privacy Policy Generator

What Do I Need to Do?

These three new tools may be enough for the average WordPress site, but your website may have additional functionality that you need to consider. However, at the bare minimum, you need a Privacy Policy. So, we’ll go over how to use the privacy policy generator to create the page and link to it.

Before you do this however, if you are a real estate agent, your brokerage may already have a privacy policy template or requirements for a privacy policy so check with them.

Creating a Privacy Policy

To create your privacy policy page using the generator, login to your WordPress site. Note: these steps assume you are using an Equity child theme; if using a different theme, the steps to add the link will vary.

  1. Under the Settings menu, click Privacy.
  2. If you already have a Privacy Policy page, you can select it here, or click Create New Page.
  3. Review the page, add any additional required information, remove any irrelevant headings and Publish the page.
  4. Copy the link to the new page, and assuming you want to place the link in the footer, navigate to Equity > Footer Settings.
  5. In the section you want the link to appear, type Privacy Policy, then highlight it and click the Insert/Edit Link button and paste the permalink.
  6. Click Save to save your changes.

If you are TurnKey subscriber and would like help with these steps, contact our support team through your site dashboard.

Wrapping Up

The GDPR has already gone into effect as of May 25, 2018, and it’s unlikely your website is 100% compliant right now, but don’t freak out. You’re also unlikely to receive the scariest of punishments – a fine – as the EU states they will start with a warning, then a reprimand, and the fine is the last resort for willful negligence of the law. Just work towards compliance and everything will be fine.

In the end, the law is intended to protect you as a consumer. Being a business owner, protecting your customers should always be a top priority, so it can only help.


Listen to this post...
Voiced by Amazon Polly
Agent Evolution Real Estate Marketing Solutions

3 thoughts on “GDPR and Your WordPress Website

  1. Jill Levenhagen says:

    I am a new Agent Revolution user (purchased the theme) and not yet launched yet as an agent. I’m working on my website and getting my license. Previously I was a blogger and I have extensive web experience. I called IDX Broker in early May to get some help on GDPR. I noticed that the IDX Broker site was not in compliance with GDPR. I spent two days getting my site compliant (my site is still not “live”). But most importantly, I didn’t understand how I should state the relationship between the agent and the IDX interface. We have to be very clear about how we collect, store, share, use and protect people’s private information. If it was just me collecting it, I know how to disclose. But, in the case of IDX, when people are using my site, it “LOOKS LIKE” they are on my site, but they could actually be in an IDX frame. They share their private info there, and in fact, they are sharing it to your site. You store it and keep it. I have an account in which to view it and use it. But, somehow I need to state this in my privacy policy. And, I feel like the privacy policy on IDX Broker needs to be more robust to be in GDPR compliance. I will have to tell people that they will also be under your privacy policy, and not just mine. So, they need to know how their private information is being collected, stored, shared, used and protected.
    I’m sincerely wanting you, the “provider” of services for Agents, to provide me a solution. Is there a way that your attorneys can write up a paragraph that agents using IDX can use on their own sites? This would be so helpful. I gave it a try. This was my best effort, but I think maybe your attorneys would come up with something that covers it best:

    Here is what I am writing in my Privacy Policy so far (regarding the IDX functions):

    The property search function of my site is managed by IDXBroker software.  It will appear that you are still on my site, but by using this function, you are using their site and are subject to their Privacy Policy.  They collect your information in two ways:

    Cookies:  IDXBroker collects information about you and your browsing habits through cookies. The information collected can include the name of the domain and host from which you access the Internet, your IP address, your browser, software operating system, web log data (including the date and time you access this site), pages you visit, what you do during your visit, and what searches you performed.

    Account: While using their site, you may sign up for an account with your email, and may choose to provide further identifying information.  This will allow you to save your search perimeters or set up property alerts.  It is a great feature.

    When you provide information through the property search functions on my site, IDXBroker receives and processes it on my behalf.  IDXBroker will collect, use, and share your information in a manner that is necessary for me to do my job. IDXBroker does not collect your information to use for any of its own purposes.

    The personal information you provide in this function is stored and protected by IDXBroker.  This information is available to me.  I will be keeping these “leads” and will treat this information as outlined in this Privacy Policy.  You are free to delete your information from IDXBroker, but remember that I will still have your contact information, and you can ask me to delete it anytime.  I will only use the information IDXBroker provides in my initial contact and follow-up concerning your property search, which may be by phone or personal email.  I will not add you to my bulk email list without your consent.

    • Dave Bonds says:

      Hi Jill and thank you for your reply!

      This is all great information and a great start for an example privacy policy template regarding IDX services.

      I do understand your concerns and IDX will be adding similar text to the suggested WordPress generated Privacy Policy that will essentially cover everything you’ve mentioned in your sample template.

      Additionally, IDX has a knowledge base article that shows how to link to your Privacy Policy page from your IDX account, so the link can be shown when the cookie consent banner is displayed.

      However, if the concern for punishment is significant, I must reiterate that this is not any official legal guidance or suggestion and an attorney familiar with GDPR law should be consulted.

      • Jill Levenhagen says:

        I don’t have a huge concern about punishment, especially since very real estate sites in the US do not intend to market to the EU. But, I like to follow the law, and make every effort to comply. This was just a tricky situation that I was having a hard time figuring out how to present in my policy. And I thought you guys might “get it” more than me…being it is your product, and be able to help me.

        That will be great to have it built in to the WordPress Privacy plugin. I downloaded that after reading your article…I did not know they had that…great tool. I have Jetpack and thought that all their supplied wording was almost overkill. But maybe this is what we should be doing.

        I will look over that article as well. I am building, but am not live yet, so I don’t have an IDX account until my site goes live. Thanks for your response!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.