WordPress GDPR Compliance

Get your WordPress website ready for GDPR.

GDPR is Coming into Force on 25th May 2018

GDPR is coming, so you need to ensure your organisation is ready for the change, but despite its reputation, GDPR doesn’t need to be scary. In fact, GDPR will have benefits for people and organisations, and will ensure that everyone plays by the rules when it comes looking after personal data.

One of keys to GDPR compliance is preparation. By being adequately prepared you can significantly reduce the risk of any data breaches and, in the unlikely event of a data breach, you can demonstrate that you took reasonable steps to minimise the likelihood and impact of such an occurrence. GDPR won’t make data breaches disappear, but by maintaining GDPR compliance you will give yourself and your users peace of mind.

GPDR isn’t there to hurt your business or organisation, it’s there to protect you.

What is GDPR?

Does My Website Need to Be GDPR Compliant?

The short answer is probably yes, though it’s a little more complicated than that. Any website that uses cookies or collects any personal information from users, including their IP address, will need to be GDPR compliant. If you are using WordPress, then by default you will be using cookies – even without any plugins and just using the default theme, WordPress uses cookies to determine the login status of anyone who visits the website. On top of this, third-party advertising or tracking features such as Facebook pixels and Google Analytics integrations all use cookies.

In addition to cookies, if you have a contact form, registration page or anything else where a user inputs personal information, you’ll need to take extra steps to keep this information secure. Before GDPR, it was permissible (though not best practice) to use an non-secure connection on your website, even if you have a contact form or registration page. With GDPR, if  any pages on your website allow users to input personal information, you are required by law to secure the connection between your website and your users with an SSL certificate.

This isn’t limited to WordPress – virtually all content management systems (CMSs), such as Joomla or Drupal, will require a similar level of compliance, as will plain HTML websites that use any of the above features.

Find Out More

Steps to GDPR Compliance

If you own or are responsible for a website, there are a few simple measures you can put in place to get yourself prepared

Privacy Policy
Terms & Conditions
SSL Certificate
Overlay Banner
Newsletter Checks
Data Retention Check

Take a Free Online Assessment

GDPR Compliance Will Help

Keep User Data Safe
Protect Your Organisation
Secure Against Potential Threats
Limit the Impact of Data Breaches

What Else Do I Need for GDPR Compliance?

Having a GDPR compliant website is a great start, but you will also need to ensure the rest of your business operates within the GDPR rules. You can find out more information from the Information Commissioner’s Office (ICO) website, which contains a more in-depth look at the requirements for businesses and organisations in general. You will need to identify whether you are a Data Controller or a Data Processor.

You may also be both of these things. As a rough guide, a Data Controller is responsible for deciding what data to collect, and from whom. A Data Processor on the other hand is responsible for the use of this data and systems that are used to process it. If you’re not sure which applies to you, you can find more information on the ICO website. If in doubt, you can seek legal advice to confirm which areas of GDPR apply to you.

If you would like any further guidance on general GDPR compliance, please get in touch for more information.

Contact Us

Website Privacy Policy and Terms & Conditions

Under GDPR, your website will require privacy policy and terms & conditions documents to be made available to your users. In addition to publishing these documents on your website, you will need to gain your users’ consent and agreement to abide by these policies. The most appropriate way to do this is via an overlay banner, in the same way that a ‘cookie banner’ has been required by since the 2012 ‘cookie law’ came into force.

Rather than feature two banners on your website, you can combine your cookie and privacy policies in one document, and feature this alongside a link to your Terms & Conditions document in a single banner. You can find more information about these documents here, and there is advice on installing an overlay banner here.

You can get in touch with us if you require any further information or have any questions on the above.

Find Out More

Who Operates and Owns This Website?

This website is owned and operated by Worcester Web Studio Ltd, an internet and web-specialist business based in Worcester. The information provided on this website is done so free of charge, and with no obligation. It should not be considered legal advice, and is simply a framework of guidance to help businesses and organisations get their website ready for GDPR.

GDPR advice for this website was provided by ISO Quality Services Ltd, a Worcester-based ISO certification and training business. As well as ISO 9001 and other popular standards, the company also provides ISO 27001 Information Security certification and GDPR Training.

If you would like further information from either of these companies please get in touch.

Contact Us

By using this website you agree to accept our Privacy Policy and Terms & Conditions