We may be a little late to the party, but we wanted to give you a quick update regarding our themes’ GDPR compliance.
For those of you who haven’t heard before about GDPR (The General Data Protection Regulation), this is a new regulation of the European Union regarding online privacy and data protection, which came in effect a few days ago, on May 25.
In this article we will strictly cover only a few aspects of the GDPR that are relevant to the WPZOOM themes and customers. If you’re looking for general information and recommendations about GDPR & WordPress’ compliance please check the links from the end of the article.
Disclaimer: EU data protection laws, including the GDPR, are complex and we recommend you to consult a legal professional for details on how the GDPR impacts your business. This guide should not be considered legal advice.
Here’s a summary of the information covered in this article:
- WPZOOM Themes and GDPR compliance
- Steps we’ve taken to make our themes compliant with GDPR
- Recommendations to make your website GDPR compliant
1. Are WPZOOM themes GDPR compliant?
Yes!
None of our WordPress themes or plugins collect any kind of personal data, like email, name or IP addresses.
What if I’m using a lot of plugins?
It’s very likely that you have several plugins or analytics services installed on your website, so just because our themes are compliant with the new regulation it doesn’t mean that your website is automatically also compliant.
Below you’ll find some recommendations in order to find out if any plugins might create some GDPR issues and how to fix them.
Steps we’ve taken to make our themes compliant with GDPR:
Together with the release of WordPress 4.9.6, several new tools were introduced in WordPress core in order to help site owners comply with the new regulations:
- Privacy Policy page generation
- Cookie Opt-in for Comments
- User Data Request Handling
- User Data Export and Removal tools
We’ve also updated all of our themes to support the new Cookie Opt-in for Comments feature, so make sure your theme is up-to-date if you want to have this feature enabled:
In the following days we’ll complete our Knowledge Base with more information regarding GDPR compliance of different plugins and services that we recommend to our customers.
2. Recommendations to make your website GDPR compliant
As we’ve mentioned at the beginning of the article, we’ll cover only GDPR aspects that are relevant to WPZOOM customers, so make sure to visit the links from the end of the article for more information.
1. Create a Privacy Policy page
From the new Settings > Privacy page in WordPress 4.9.6, you can easily create a new Privacy Policy page or select an existing page if you have created it before, so you can view suggestions for sections you can add.
When clicking on the “Guide” link from the Privacy Policy page settings, you will find a text template generated by WordPress which includes general information, but don’t forget that it’s your responsibility to make sure that the final information is accurate and current.
Plugins that collect personal information and were updated to support the new Privacy feature, may also add additional text templates on that page.
Here’s an example of recommended text template generated by Easy Digital Downloads plugin when enabled on a website:
2. Find which Plugins collect personal information
We recommend you to check carefully all the plugins installed on your website and if any of them track or collect personal information from your visitors, make sure to cover all these details in your Privacy Policy page and/or collect consent from users when needed.
If you are not sure about a specific plugin and the information it collects, we recommend you to consult with the plugin author or check the documentation if available. Many popular plugins have also added GDPR-related options recently, so make also sure that you have updated everything before asking for support.
3. Contact Form Plugins
Depending on the plugin you’re using to create a Contact Form on your website, different actions may be needed to make it GDPR compliant.
For example, if the information submitted by users is stored on your website, then you must get explicit consent from them regarding this thing.
Jetpack’s Contact Form is a popular solution that we recommend to our customers when they want to create a Contact Form.
The good part about it is that you can make it GDPR compliant just by adding a required consent checkbox with clear explanation that their submitted data is being collected and stored.
The same technique can be applied to different plugins that you’re using to create forms where you collect personal information from your users.
4. Google Fonts
Google Fonts are a vital part of our themes. Without them it would be hard to give a modern look to our themes as it gives us access to a dozen of fonts for free.
Google Fonts API collects only a very limited set of information from the websites where they are used and this information is used only for serving the font to your site. You can read more about the data Google collects, stores, and uses in connection with Google Fonts here.
Final Thoughts
Even though there are many plugins available to help you to make your WordPress website GDPR compliant, such as WP GDPR Compliance or GDPR, it’s important to understand that no plugin can guarantee 100% GDPR compliance, because every WordPress site is different and has its own reasons for collecting and processing personal data.
Our advice is to locate the personal information that is being collected by each plugin and service active on your website and determine whether this data is so important for you to be stored or not for future usage, in order to prevent any GDPR issues.
You should also take this opportunity to ensure you comply with a previous regulation: the EU’s cookie consent. Jetpack has a feature for this built in. You’ll find details here.
Below is a list with things that you check right now to improve your website’s GDPR compliance, however, if you’re running a business, consider talking to a legal professional as well:
- Create a Privacy Policy page and make sure it’s current and accurate.
- Include a visible link to your Privacy Policy page on your website (our support team can help you with this).
- Add a cookie notice & statement to your site (our website uses this plugin).
- Update WordPress, plugins and your current theme to the latest versions.
- If you’re running a WooCommerce store make sure to update to WooCommerce 3.4, which enables new GDPR tools.
Recommended resources
For more general information and recommendations about GDPR & WordPress’ compliance we recommend you the following links:
- EU GDPR Portal
- WordPress 4.9.6 Privacy and Maintenance Release
- WPBeginner’s article about GDPR & WordPress
- Kinsta’s article – “The Lowdown on GDPR Compliance for WordPress Users“
- Checklist: Is Your WordPress Website GDPR Compliant?
- Non-WordPress GDPR checklist
- How To Make A WooCommerce Website GDPR Compliant? (12 Steps)
- Web Privacy And WordPress GDPR Compliance – The Definitive Guide
Got any questions or tips about GDPR and WordPress? Just drop them below in the comments.
June 4, 2018 3:25 pm
We’ve used WP GDPR Compliance plugin on a number of client site to become GDPR compliant. Very helpful and easy to use.
Great post Pavel