WordPress GDPR: Privacy & Maintenance Update

WordPress GDPR: Privacy & Maintenance Update

With the European Union’s General Data Protection Regulation (GDPR) just around the corner, many software vendors have been busily making updates to help businesses comply with the new laws. WordPress has also been working away on making improvements to help the WP community deal with their data.

It is important to remember that although GDPR is a European regulation, any business that collects European residents data will have to comply. You can learn more about the GDPR from the European Commission’s Data Protection page.

Let’s take a look at the WordPress updates for GDPR


A user will now be given the choice as to whether their name, email address and website are saved in a cookie on their browser when adding a comment.

Privacy Policy Page

You can now set a privacy policy page that will be shown on your login and registration pages. It is, of course, recommended that you provide a link to this page from the footer of your website.

Many site owners use plugins to add functionality such as login and registration forms, WordPress have created a guide that includes insights from them and participating plugins on how they handle personal data. These insights can be copied and pasted into your site’s privacy policy to help you get started.

If you maintain a plugin that collects data, we recommend including that information in WordPress’ privacy policy guide. Privacy section of the Plugin Handbook.

Data Handling

Under the tools menu you have new options for personal data management:

Data Export

You can now export a zip file containing specific users personal data on your site. This will allow you to comply with the data subjects Right of portability – If requested, we will export your data so it can be transferred to a third party. and Right of access – We’re transparent about the data we have and how we use it. You can contact us at any time if you’d like to access your data.

Data Erasure

This will delete all personal data of your data subjects including personal data stored by participating plugins. This will allow you to comply with the data subjects Right to be forgotten – After receiving a request to be forgotten, we will permanently delete your record and all data associated with it within 30 days of receiving the request.

There is also a new data request email that works with the Data Export and Data Erase features above and can be submitted by both registered users and commenters.

We have helped over 50 businesses update their websites ready for GDPR, provided 5 workshops and talks, as well as work closely with GDPR specialists to ensure the right steps have been taken. Every business is different; collecting different data in different ways, so one-size fits all approach will not work. However, updating WordPress to use these new features and updating your privacy policy is a great place to start. Your website is the most visible place to show as to whether your business has taken steps to implement GDPR, it is also the place most likely to be compromised, risking a data breach.

If you would like to speak to our team regarding GDPR updates to your website, contact us or use the live chat.

Chris Nutbeen

Founder of Nuttifox and digital geek. Chris likes data proof, beautiful UX and clients with miracle allowing budgets.

Leave a Reply

Your email address will not be published. Required fields are marked *