WordPress helps SMEs comply with EU’s GDPR

GDPR is here, and so is Wordpress 4.9.6. Let's take a look at its newest features and how it helps businesses comply with the new EU-based law.
28 May 2018

Wordpress 4.9.6 makes you GDPR compliant. Source: Shutterstock

Are you a small or medium enterprise (SME)? If you are, there’s a high chance that your company’s website has been built on WordPress.

That’s good news because the platform has recently issued a new privacy and maintenance update (version 4.9.6) which is aimed at helping users automate much of their compliance workflow.

The EU’s General Data Protection Regulation (GDPR) comes into effect today, and this update helps make sure websites that deal with traffic from the EU are prepared to comply.

Privacy updates

The GDPR requires that company websites are more transparent about how they collect, use, and share personal data.

It also hopes to provide individuals with more access and choice when it comes to how their own personal data is collected, used, and shared.

In view of this, WordPress has fine-tuned their comments, privacy policy page, and data handling functions.

For comments, the update is simple: logged-out commenters will be given a choice on whether their name, email address, and website are saved in a cookie on their browser.

However, the new privacy policy page offered via this update has been a boon. It allows site owners to designate a privacy policy page which is featured on the login and registration pages.

In addition, WordPress has created a guide that includes insights from WordPress and participating plugins on how they handle personal data. These insights can simply be copied and pasted into the site’s privacy policy page.

Finally, when it comes to data handling, the update provides great support:

Data Export: Site owners can export a ZIP file containing a user’s personal data, using data gathered by WordPress and participating plugins.

Data Erasure: Site owners can erase a user’s personal data, including data collected by participating plugins.

Site owners have a new email-based method that they can use to confirm personal data requests. This request confirmation tool works for both export and erasure requests, and for both registered users and commenters.

Maintenance updates

In addition to the above, here are some features that have recently been added to help with compliance with GDPR:

  • “Mine” has been added as a filter in the media library
  • When viewing a plugin in the admin, it will now tell you the minimum PHP version required
  • We’ve added new PHP polyfills for forwards-compatibility and proper variable validation

The reason maintenance is so important is that it helps businesses understand how they can avoid loopholes in their systems and bugs creeping in from various plugins that are used on WordPress.