In recent months, there has been a great deal of turmoil about the GDPR that will be maintained from May 25th 2018. Websites need to be redesigned to comply with this EU legislation. The world’s largest CMS has come up with a solution. This blog will analyse WordPress’s privacy functions in detail. Does one meet the requirements of the GDPR just by using WordPress’ own solution, or are there extra preparations to be made?
What does a website need to comply with the GDPR?
To start with the obvious: every website is different. We can not provide a general answer that guarantees you to be 100% GDPR ready. However, almost every website (especially websites that use cookies, tracking scripts and/or contactforms) would need the following:
- Blocking all tracking-, advertising- and statisticscookies and scripts, before consent
- A consentbanner to ask for consent, or let visitors reject cookies
- The posibility to revoke consent
- Insight in which cookies are used and why (Cookie Policy)
- A Privacy Policy
- A review of all contactforms
- Processor agreements with all third parties that have acces to or process personal data of websitevisitors
What does WordPress do with its new update?
The new update of WordPress is fully focused on Privacy, adding some new privacy functions:
WordPress addition #1 – Create Privacy Policy
One of the additions to the WordPress environment is a kind of dashboard in which all the privacy issues that WordPress offers are listed. One of these is the Privacy Policy page. Within the new WordPress environment, you can generate a Privacy Policy. However, this Privacy Policy seems to lack a legal basis and several GDPR requirements
Within the same page, you can also choose to select a Privacy Policy page that you have already created. When you do this WordPress assumes that this is your default Privacy Policy page. This can come in handy when your legal department (or a solution like Complianz 🙂 ) has already composed a validated Privacy Policy.
WordPress addition #2 – Opt-in collection of personal data
The second addition is an opt-in that is added to the response forms on your website. You can fill in this opt-in text yourself, as long as it meets the requirements of the GDPR.
WordPress addition #3 – Data Export
When comments are posted on your website, they will be stored in the WordPress database from now on. You can then specify all these responses by name, IP address, etc. When someone requests to see his/her profile, you can immediately export all data to an Excel document. A simple way to provide applicants with their data, so. It is also possible for a user to indicate that he or she wants all his or her data to be deleted. This can now be done with a single click on the button. WordPress therefore certainly helps to store and remove personal data.
Conclusion
WordPress has added some interesting features to the environment. For example, you can generate a Privacy Policy, store and immediately deliver or delete data, and opt-ins are automatically placed on response forms. However, for most websites these functions alone won’t be enough to fully comply to the GDPR.
In short, the options that WordPress provides are good to have, but they are certainly not a solution for the GDPR.
| Functionalities | WordPress new update | Complianz |
| Privacy Policy | V | V |
| Cookie Policy | – | V |
| Cookie Notification | – | V |
| Data processing agreement | – | V |
| Disclaimer | – | V |
| Always Up-To-Date | – | V |
| Five Languages | – | V |
| Blocking of cookies and scripts | – | V |
| Cookie Scanner | – | V |
| Personal data import | V | Integrated |
| Opt-In Contactform | V | Integrated |