Handy GDPR tools in WordPress 4.9.6

WordPress 4.9.6 has just been released and features a couple of useful tools for administrators to improve their GDPR compliance, so we wanted to raise awareness by mentioning them in our blog.

It’s worth noting that none of these tools will do anything to change your site, or add anything instantly making your site adhere to the new GDPR regulations, but are helpful tools and templates to point you in the right direction when it comes to handling the new law.

Privacy policy template

One of the new features the update carries is a new addition to your ‘Settings’ > ‘Privacy’ section of the WordPress admin area. There is now a privacy policy page which allows you to write up your own privacy policy for your site with a helpful template. When you go to this section in your WordPress dashboard you will have the option to create a new page, or select an existing page as your privacy policy page.

When you assign a page for the privacy policy to go in, you will be redirected to a normal page editor environment, but you will notice that the section has been pre-filled with headings and some basic information about your site. WordPress can’t create a privacy policy for you, but these headers act as prompts on what you need to disclose in your privacy policy. As an example there is a section for contact forms, how data is shared and used, and how cookies are used on your site.

So if you’re unsure where to start on getting your privacy policy written, the new template has been added as a way to help you get started.

Personal data storage

Another useful update in WordPress 4.9.6 are two additions to the ‘Tools’ section of the dashboard. Once you have updated, you will notice there are now the following options:

• Export personal data – This allows you to conveniently export data about a specific user or customer into a file they can download and read. You will be asked to specify an email address, and the tool will then generate all the data relating to that email on your WordPress site, and send it over to them. You will also have access to download the data as the webmaster in case you wanted to see what information was provided.
• Erase personal data –  This allows your site to comply with GDPR’s ‘right to be forgotten’ – the page is similar to the export option because it also sends a verification email, but this will allow the customer or user to confirm a deletion of all stored data. When they verify the request, you then have access to a button to delete the data under the ‘Erase personal data’ section.

These small additions to WordPress are aiming to make GDPR compliance that little bit easier to manage. The new GDPR regulations will be enforced from the 25th of May, so it’s worth giving these new features some attention before then.