A new version of WordPress has just been released (4.9.6) and it has some new features to help you get your website or blog ready for GDPR.
I’m sure you are all completely sick and tired of hearing about GDPR (General Data Protection Regulation), but it’s really important and we should all be working to ensure that our websites and blogs are ready for May 25th 2018.
WordPress have finally release some new features (better late than never I guess!) to assist you with managing the personal data of your users, and to help you write the perfect privacy policy, if you haven’t done so already.
In this post I’m going to walk you through the new GDPR features in WordPress.
Contents
Click on the links below to jump to the relevant sections.
Export Personal Data
Firstly, WordPress have added a new tool called Export Personal Data. This tool can be used to send out personal data to users who have requested it. Users who request their data will only receive their own personal data and nobody else’s data.
To access this tool, hover over Tools in the left hand menu and click Export Personal Data.
This will take you a page that looks like this:
To begin the process of exporting personal data, enter the username or email address of the user and click Send Request. This will add their email to the list below with the status set as Pending.
The user will receive an email that looks a little something like this:
(I have blurred out the link for security reasons.)
If the user click on the confirmation link they will be taken to a page that looks like this:
As the website owner, you will receive an email letting you know that someone has requested their personal data. Click on the link in this email to be taken to the Export Personal Data page.
Now all you need to do is click on Email Data to send an email to the user who requested it.
The user will receive an email containing a link. If they click on this they will be able to download a file containing all of their personal data.
Erase Personal Data
WordPress have also added another new tool called Erase Personal Data. It works in a very similar way to the Export Personal Data tool, but instead of requesting to view data, users can request to have their personal data completely removed from your website and systems.
For example, if a user has left any comments on posts and they ask to have their data removed, the system will remove their name, their email and their website URL, leaving just the comment behind.
To access this tool, hover over Tools in the left hand menu and click Erase Personal Data.
This will take you a page that looks like this:
To begin the process of erasing personal data, enter the username or email address of the user and click Send Request. This will add their email to the list below with the status set as Pending.
The user will receive an email that looks a little something like this:
If they click on the confirmation link they will be taken to a page that looks like this:
As the website owner, you will receive an email letting you know that someone has requested that you remove their personal data. Click on the link in this email to be taken to the Erase Personal Data page.
Now all you need to do is click on Erase Personal Data to completely remove the personal data of the user. The user will receive an email once you click on this to confirm that action has been taken.
You can also forcibly remove a users personal data without their confirmation by hovering over their email or username and clicking Force Erase Personal Data.
Privacy settings
Another new feature that WordPress have added is a Privacy settings page.
To access this new page, hover over Settings in the left hand menu and click Privacy.
At the time of writing this post, the only option on this page is the Privacy Policy page option (I expect WordPress will add more settings). You can use this to select, or create, a page to use as your privacy policy.
If you already have a Privacy Policy page set up, all you have to do is select the page from the dropdown list and click Use This Page.
However, if you need to create one, click Create New Page, and you will be taken to a new page that has been set up called Privacy Policy.
As you will see, this page has been populated by WordPress. It contains information that you might want to use in your privacy policy. I recommend reading through this and making amends to it where necessary. Further on down the page there are headings that act as prompts to help you complete your privacy policy.
You might choose to add or remove certain details, but you need to make sure you comply with GDPR!
At the top of the page is a banner, and this banner contains a link that says Check out our guide. If you click on this link you will be taken to a guide which will help you to write your privacy policy. It explains what information you need to include, and even suggests text that you can use within your policy.
If you aren’t sure what to include in your privacy policy, I recommend seeking legal advice. It’s serious business!
Once you have finished writing your policy, click Publish.
If you need to create a cookie banner I recommend using a free plugin called Cookie Notice by dFactory which is what I use on this website. If you use this plugin you will be able to easily add a link to the cookie banner which links out to the privacy page.
Hot off the WordPress!
Join my FREE email community today to receive helpful tips and advice on building and maintaining your website directly in your inbox every other Friday. Just pop in your name and email address.
Pin for later?
