GPDR (General Data Protection Regulation) is an EU law regulating the processing of data of EU citizens online, that replaces the 1995 DPD Law. It can seem daunting but if you follow our simple GDPR WordPress checklist, you’ll have the basics in place. It’s also an EU-wide regulation applying to every EU state.

This law applies to you even if your website or business is not located within the EU, if you at all in any way handle personal data of EU citizens.

It has been in effect since 2016, however there is a grace period to give businesses time to adapt to this new law. The grace period ends on May 25th, 2018.

Time you have left to implement GDPR compliance: [tminus t=”25-05-2018 00:00:00″/]

This probably means everyone, since the law is so broad in it’s definition of “personal data” and the EU has such a massive population, it’s likely your site meets the criteria to be required to comply. Better play it safe.

Now let me be clear, this GDPR WordPress checklist is not at all an ultimate guide that means you are 100% safe. Rather, think of this as the Absolute Basics you need to have in place:

GDPR WordPress Checklist: Basics

  • Contact Forms:

    Any contact form on your site captures personal information. Make sure your contact form has a checkbox at the bottom that asks the user for consent to capture his/her information. Put un unchecked checkbox there. Make sure you capture the date and time the user said yes to this.

    GDPR WordPress Checklist Form

    If you’re using either CF7 or Gravity Forms, use this plugin to achieve that: WP GDPR Compliance

  • Checkout Forms:

    Chances are you’re using WooCommerce or something similar for your eCommerce site. When you’re collecting data on the customer at the checkout page, be sure to enable them at checkout.

  • Email Subscription Forms:

    OK, this one actually makes sense. We all are doing our utmost best to build our email list, which means storing a lot of personal information ie Email addresses. The EU user needs to give unambiguous consent when signing up for your newsletter. Again, unchecked checkbox.

  • Encryption – (SSL):

    It’s required that EU citizen’s data be kept securely and must be encrypted. The best way to do this is by installing an SSL certificate on your site. Many hosts now offer Let’s Encrypt as a standard inclusion on their platforms. Check with your hosting provider, activate SSL and make sure that your web address looks like this:

    SSL Certificate
  • Updated Privacy Policy:

    You will need to update your privacy policy. What I did, is add a special section in our Privacy Policy called. General Data Protection Regulation. Under this I state the following:

    In the case of EU citizens (Say that) we apply the following rules:

    1. Retention Periods: State here how long you plan to keep the data.
    2. Right to be forgotten policy: State here where users can contact you to request all their data be removed. Good idea to have a dedicated email address for this.
    3. Third Party Data Sharing: State here if any third parties have access to the data and confirm here that you have contracts in place with them ensuring the same rules apply to the data as it does on your site.
  • GDPR Actions Page:

    This is not a legal requirement, but I’d recommend you do this on your site. Put a webpage up where all the actions EU citizens has rights to can easily be executed. Yes, this isn’t required but you’re covering yourself by making it clear and easy for EU users to exercise all the rights that they now possess.

    I’ll give you a little trick for this page. Just paste the following HTML into that page, BUT be sure to replace the YOUR EMAIL HERE parts with your email address, preferably one you’ve set up for GDPR queries.

    Just pop that into any blank page (again, remember to change the YOUR EMAIL HERE parts with your email address, no spaces). And ti should look something like this:

    Yes, it’s bland but it’s there, you can maybe put a link to this in the footer of your website.

    This will give you links that when clicked, auto-populate the subject line in the users’ native email software and they can then type a message to you to request whatever.

    The point here is to show your making it easy for EU users to make these requests.

Basics in Place. Now What?

This guide merely covers the Basics when it comes to compliance, the most obivous things you need to have in place. I don’t go much further than this myself, but once this is in place, you can see what else you can do by following this in depth explanation of the law itself here. Get ready for some legalese, though.

Extra Resources from Upcounsel:
The Importance of Data Privacy Compliance Under GDPR.
Find Attorneys in your state.

Still need help?

Get in Touch with us, and we can go through your site to do GDPR compliance checks for you and make the necessary changes, we’ll apply everything in the above GDPR WordPress Checklist for you.

Disclaimer: The contents of this article should not be considered as legal advice and you should always consult with an attorney when making any legal decisions in your business and on your website.