Ad - Web Hosting from SiteGround - Crafted for easy site management. Click to learn more.

Make Your Website GDPR Compliant in 4 Steps

What is GDPR?

GDPR is a new law that was passed by the European government in an effort to protect individuals rights to their personal data and privacy. Simply put, they want everyone in the world to comply with this new law and make client data accessible and editable on demand.

Wall Street Journal Explanation

Does My website need to be GDPR Compliant?

Yes, if you have a website on the internet, no matter where in the world you are, or what kind of website you have, you should implement these tactics to comply. Anyone who does not, can be subject to fines/fees/lawsuits.

Step 1

Install and activate the WP GDPR Compliance plugin from the plugins menu. Here is a video that shows you how to install plugins, if you don’t know how.
Make your website gdpr compliant in 4 steps - screen shot 2018 06 28 at 2. 20. 20 pm

Step 2

If you don’t already have one, create a page on your website where your privacy policy can live. When you install the plugin, it will automatically create a “data access request page” for you that you can access and customize later (/data-access-request). This is what my privacy policy page looks like and as you can see, I added the verbiage for the “GDPR COMPLIANCE” and a separate link that we will get later for the data access page (or simply use /data-access-request).
Make your website gdpr compliant in 4 steps - screen shot 2018 06 28 at 2. 25. 20 pm

Step 3

If the plugin is activated, you’ll hover over the “tools” tab and select WP GDPR Compliance. Under the integrations tab, it’s probably a good idea to activate all the forms on your website that collect data. Even if it’s just an email. This will automatically add a checkmark to each form that will make your users understand that they give you consent to collect data and they have the option to access that data if need be.

Gdpr compliance for wordpress

Gdpr compliance for wordpress

Step 4

Under the settings tab, select the drop down and look for your “Privacy Policy” page you created earlier activating and connecting it. Just underneath that where it says “request user data”, check mark the activate page box. Choose the save changes button. Now you can edit and access the (/data-access-request) page. Notice the green link for editing the page? Make sure this is a clean and full width page.

What the data access request page will do is display a form where a user can enter their email and once they do, it will send that user a special link they can use to access their data on your website. This link is only good for 24 hours and can only be reached by the same device, IP address and browser session from when the person requested permissions.

Try it out yourself when you’re all done.

Wp gdpr compliance

Wp gdpr compliance

Don’t forget SSL

If your website does not have a green lock and is accessed by https rather than http, you are inviting users to access your website under unsafe circumstances. That means, that while a user is on your site, they are subject to hackers viewing their sessions and viewing the information they input into your website. SSL, encrypts a users session so that all data is private.This is such an important factor for websites that Google is now using SSL as a ranking factor.  As of July 2018 Google will mark all non-https sites as “not secure”. So installing SSL not only protects your users and you, it will also help you boost your SEO by telling Google and other search engines you are safe website to access. To inquire about SSL installation, ask your hosting company or contact your web developer. Read more about Googles new strict security SSL requirement.

Privacy Policy

It’s required by law that you have a privacy policy on your website. Because I’m not a lawyer, I cannot advise you on how to write a privacy policy or where to purchase one from. I can however suggest a really good one and it’s the same one I use with prices starting at “free”. https://privacypolicies.com/pricing

Other Resources for GDPR education

Author: Heather Valencia

Author: Heather Valencia

Web Designer & Developer

I’ve been developing WordPress websites as a freelance web designer in Spokane since 2010. My passion for building websites is as strong as the dedication I put forth in strengthening my client relationships.

If you’ve valued the content I work hard to provide for free, show your appreciation with a cup of coffee or a tip.

Either way, I’m very appreciative that you came here. Share a post and if you think something is lame, email me and let me know.

Consider a donation to my daugther’s business! 🙂

3 Comments

  1. Patrick

    I wouldn’t point people to WP GDPR Compliance plugin since it was hacked and the original owner gave zero information on the hack. They have fixed the hack but it still caused a large number of designer and clients to suffer.

    Reply
    • Heather Valencia

      No kidding. I felt that backlash. I’m still trying to decide on what alternative thing I can do. I liked the plugin because of the data access request page and it’s ability to let clients get their own content off the site themselves. Although, you should know, that any site can get hacked at anytime and it can be because of a plugin, old theme, old wp version, etc. I’m not sure what the programmers knew about the hack, but they fixed it fairly quickly too once they found out. The real problem is not a programmer who failed to see a vulnerability. It’s the hackers themselves. They hackers cause us all to suffer. Not the programmers.

  2. seo san jose

    Thank you for this post Heather, i learnt something new about my privacy concerns on the internet.

    Reply

Submit a Comment

Your email address will not be published. Required fields are marked *

Ravenous Raven Design