GDPR compliance is an important consideration for all WordPress websites. TheWordPress GDPR Compliance team is looking for help to test the privacy tools that are currently being developed in core.

What is GDPR?

GDPR stands for General Data Protection Regulation and is intended to strengthen and unify data protection for all individuals within the European Union. Its primary aim is to give control back to the EU residents over their personal data.

Why the urgency? Although the GDPR was introduced two years ago, it becomes  enforceable starting May 25, 2018.

Make WordPress GDPR Compliance Team

Currently, the GDPR Compliance Team understands that helping WordPress-based sites become compliant is a large and ongoing task. The team is focusing on creating a comprehensive core policy, plugin guidelines, privacy tools and documentation. All of this requires your help.

The GDPR Compliance Team is focusing on four main areas:

  • Add functionality to assist site owners in creating comprehensive privacy policies for their websites.
  • Create guidelines for plugins to become GDPR ready.
  • Add administration tools to facilitate compliance and encourage user privacy in general.
  • Add documentation to educate site owners on privacy, the main GDPR compliance requirements, and on how to use the new privacy tools.

Don’t we already have a privacy policy?

Yes and no. That said, The GDPR puts tighter guidelines and restrictions. Though we have many plugins that create privacy pages, we need means to generate a unified, comprehensive privacy policy. We will need tools for users to easily come into compliance.

Site owners will be able to create GDPR compliant privacy policy in three steps:

  1. Adding a dedicated page for the policy.
  2. Adding privacy information from plugins.
  3. Reviewing and publishing the policy.

A new “postbox” will be added to the Edit Page screen when editing the policy. All plugins that collect or store user data will be able to add privacy information there. In addition it will alert the site owners when any privacy information changes after a plugin is activated, deactivated, or updated.

There is a new functionality to confirm user requests by email address. It is intended for site owners to be able to verify requests from users for displaying, downloading, or anonymizing of personal data.

A new “Privacy” page is added under the “Tools” menu. It will display new, confirmed requests from users, as well as already fulfilled requests. It will also contain the tools for exporting and anonymizing of personal data and for requesting email confirmation to avoid abuse attempts.

New section on privacy will be added to the Plugin Handbook. It will contain some general information on user privacy, what a plugin should do to be compliant, and also tips and examples on how to use the new privacy related functionality in WordPress.

The new privacy tools are scheduled for release at the end of April or beginning of May 2018.