GDPR (General Data Protection Regulation) and WordPress

Last Revised: October 2, 2021

From the end of May 2018, European companies, working in Europe or those users who do, will be subject to the new data protection regulation approved in mid-2016. This new regulation, which replaces the one of 1995 and which is mainly given by terrorism and all the digital changes of these last two decades, will be applied “as is”, without countries having to adapt it to their own legislation.

This new legislation affects, for example, all those companies outside the EU that operate with European users, in addition to standardizing data legislation to all member countries. Failure to comply with this legislation can reach 4%-5% of the worldwide turnover of companies that fail to comply with it.

Among other details, this legislation would tell you that you have to collect information about some of the elements that WordPress provides on your site, such as user registration, comments, contact data from forms, data on analytics, etc.

Some plugins to monitor user activity: WP Activity Log, Stream, Activity Log, User Activity Log, WP System Log.

Another detail to keep in mind is that if your site has a security breach (someone accesses where they should not) there is a limit of 72 to notify the Supervisory Authority. In this case it is highly recommended to use a firewall add-on that warns you in real time of access attempts or themselves.

You also have to inform about how users’ data will be stored (and how they will have access to it), their right to be forgotten (how you are going to delete their data) and the portability of their data (in case they want to take their material to another site).

Another important detail is that of plugins, since those that move user data off-site (a well-known example could be jetpack) must have a clear GDPR compliance policy.

Some recommended plugins for the management of third-party cookies: GDPR Cookie Compliance, Cookie Notice & Compliance, Complianz, CookieYes.

If you are interested in this matter, I recommend you read a simple article (I am not a lawyer, so they are simple personal conclusions) that I wrote about this legislation in European Data Protection Law.

Seguir con Seguridad para WordPress

About this document

This document is regulated by the EUPL v1.2 license, published in WP SysAdmin and created by Javier Casares. Please, if you use this content in your website, your presentation or any material you distribute, remember to mention this site or its author, and having to put the material you create under EUPL license.