WPBeginner

Beginner's Guide for WordPress

  • Blog
    • Beginners Guide
    • News
    • Opinion
    • Showcase
    • Themes
    • Tutorials
    • WordPress Plugins
  • Start Here
    • How to Start a Blog
    • Create a Website
    • Start an Online Store
    • Best Website Builder
    • Email Marketing
    • WordPress Hosting
    • Business Name Ideas
  • Deals
    • Bluehost Coupon
    • SiteGround Coupon
    • WP Engine Coupon
    • HostGator Coupon
    • Domain.com Coupon
    • Constant Contact
    • View All Deals »
  • Glossary
  • Videos
  • Products
X
☰
Beginner's Guide for WordPress / Start your WordPress Blog in minutes
Choosing the Best
WordPress Hosting
How to Easily
Install WordPress
Recommended
WordPress Plugins
View all Guides

WPBeginner» Blog» Beginners Guide» The Ultimate Guide to WordPress and GDPR Compliance – Everything You Need to Know

The Ultimate Guide to WordPress and GDPR Compliance – Everything You Need to Know

Last updated on May 28th, 2018 by Editorial Staff
2.7k Shares
Share
Tweet
Share
Pin
Free WordPress Video Tutorials on YouTube by WPBeginner
The Ultimate Guide to WordPress and GDPR Compliance – Everything You Need to Know

Are you confused by GDPR, and how it will impact your WordPress site? GDPR, short for General Data Protection Regulation, is an European Union law that you have likely heard about. We have received dozens of emails from users asking us to explain GDPR in plain English and share tips on how to make your WordPress site GDPR compliant. In this article, we will explain everything you need to know about GDPR and WordPress (without the complex legal stuff).

WordPress and GDPR Compliance

Disclaimer: We are not lawyers. Nothing on this website should be considered legal advice.

To help you easily navigate through our ultimate guide to WordPress and GDPR Compliance, we have created a table of content below:

Table of Content

  • What is GDPR?
  • What is required under GDPR?
  • Is WordPress GDPR Compliant?
  • Areas on Your Website that are Impacted by GDPR
  • Best WordPress Plugins for GDPR Compliance

What is GDPR?

The General Data Protection Regulation (GDPR) is a European Union (EU) law taking effect on May 25, 2018. The goal of GDPR is to give EU citizens control over their personal data and change the data privacy approach of organizations across the world.

What is GDPR?

You’ve likely gotten dozens of emails from companies like Google and others regarding GDPR, their new privacy policy, and bunch of other legal stuff. That’s because the EU has put in hefty penalties for those who are not in compliance.

Fines

Basically after May 25th, 2018, businesses that are not in compliance with GDPR’s requirement can face large fines up to 4% of a company’s annual global revenue OR €20 million (whichever is greater). This is enough reason to cause wide-spread panic among businesses around the world.

This brings us to the big question that you might be thinking about:

Does GDPR apply to my WordPress site?

The answer is YES. It applies to every business, large and small, around the world (not just in the European Union).

If your website has visitors from European Union countries, then this law applies to you.

But don’t panic, this isn’t the end of the world.

While GDPR has the potential to escalate to those high level of fines, it will start with a warning, then a reprimand, then a suspension of data processing, and if you continue to violate the law, then the large fines will hit.

GDPR Fines and Penalties

The EU isn’t some evil government that is out to get you. Their goal is to protect consumers, average people like you and me from reckless handling of data / breaches because it’s getting out of control.

The maximum fine part in our opinion is largely to get the attention of large companies like Facebook and Google, so this regulation is NOT ignored. Furthermore, this encourage companies to actually put more emphasis on protecting the rights of people.

Once you understand what is required by GDPR and the spirit of the law, then you will realize that none of this is too crazy. We will also share tools / tips to make your WordPress site GDPR compliant.

What is required under GDPR?

The goal of GDPR is to protect user’s personally identifying information (PII) and hold businesses to a higher standard when it comes to how they collect, store, and use this data.

The personal data includes: name, emails, physical address, IP address, health information, income, etc.

GDPR Personal Data

While the GDPR regulation is 200 pages long, here are the most important pillars that you need to know:

Explicit Consent – if you’re collecting personal data from an EU resident, then you must obtain explicit consent that’s specific and unambiguous. In other words, you can’t just send unsolicited emails to people who gave you their business card or filled out your website contact form because they DID NOT opt-in for your marketing newsletter (that’s called SPAM by the way, and you shouldn’t be doing that anyways).

For it to be considered explicit consent, you must require a positive opt-in (i.e no pre-ticked checkbox), contain clear wording (no legalese), and be separate from other terms & conditions.

Rights to Data – you must inform individuals where, why, and how their data is processed / stored. An individual has the right to download their personal data and an individual also has the right to be forgotten meaning they can ask for their data to be deleted.

This will make sure that when you hit Unsubscribe or ask companies to delete your profile, then they actually do that (hmm, go figure). I’m looking at you Zenefits, still waiting for my account to be deleted for 2 years and hoping that you stop sending me spam emails just because I made the mistake of trying out your service.

Breach Notification – organizations must report certain types of data breaches to relevant authorities within 72 hours, unless the breach is considered harmless and poses no risk to individual data. However if a breach is high-risk, then the company MUST also inform individuals who’re impacted right away.

This will hopefully prevent cover-ups like Yahoo that was not revealed until the acquisition.

Data Protection Officers – if you are a public company or process large amounts of personal information, then you must appoint a data protection officer. Again this is not required for small businesses. Consult an attorney if you’re in doubt.

GDPR Data Protection Officer

To put it in plain English, GDPR makes sure that businesses can’t go around spamming people by sending emails they didn’t ask for. Businesses can’t sell people’s data without their explicit consent (good luck getting this consent). Businesses have to delete user’s account and unsubscribe them from email lists if the user ask you to do that. Businesses have to report data breaches and overall be better about data protection.

Sounds pretty good, in theory at least.

Ok so now you are probably wondering what do you need to do to make sure that your WordPress site is GDPR compliant.

Well, that really depends on your specific website (more on this later).

Let us start by answering the biggest question that we’ve gotten from users:

Is WordPress GDPR Compliant?

Yes, as of WordPress 4.9.6, the WordPress core software is GDPR compliant. WordPress core team has added several GDPR enhancements to make sure that WordPress is GDPR compliant. It’s important to note that when we talk about WordPress, we’re talking about self-hosted WordPress.org (see the difference: WordPress.com vs WordPress.org).

Having said that, due to the dynamic nature of websites, no single platform, plugin or solution can offer 100% GDPR compliance. The GDPR compliance process will vary based on the type of website you have, what data you store, and how you process data on your site.

Ok so you might be thinking what does this mean in plain english?

Well, by default WordPress 4.9.6 now comes with the following GDPR enhancement tools:

Comments Consent

WordPress Comments Opt-in for GDPR

By default, WordPress used to store the commenters name, email and website as a cookie on the user’s browser. This made it easier for users to leave comments on their favorite blogs because those fields were pre-populated.

Due to GDPR’s consent requirement, WordPress has added the comment consent checkbox. The user can leave a comment without checking this box. All it would mean is that they would have to manually enter their name, email, and website every time they leave a comment.

Update: If your theme is not showing the comment privacy checkbox, then please make sure that you have updated to WordPress 4.9.6 and are using the latest version of your theme. Also please make sure that you are logged-out when testing to see if the checkbox is there.

If the checkbox is still not showing, then your theme is likely overriding the default WordPress comment form. Here’s a step by step guide on how to add a GDPR comment privacy checkbox in your WordPress theme.

Data Export and Erase Feature

WordPress Data Handling - GDPR

WordPress offers site owners the ability to comply with GDPR’s data handling requirements and honor user’s request for exporting personal data as well as removal of user’s personal data.

The data handling features can be found under the Tools menu inside WordPress admin.

Privacy Policy Generator

WordPress Privacy Policy Generator for GDPR

WordPress now comes with a built-in privacy policy generator. It offers a pre-made privacy policy template and offer you guidance in terms of what else to add, so you can be more transparent with users in terms of what data you store and how you handle their data.

These three things are enough to make a default WordPress blog GDPR compliant. However it is very likely that your website has additional features that will also need to be in compliance.

Areas on Your Website that are Impacted by GDPR

As a website owner, you might be using various WordPress plugins that store or process data like contact forms, analytics, email marketing, online store, membership sites, etc.

Depending on which WordPress plugins you are using on your website, you would need to act accordingly to make sure that your website is GDPR compliant.

A lot of the best WordPress plugins have already gone ahead and added GDPR enhancement features. Let’s take a look at some of the common areas that you would need to address:

Google Analytics

Like most website owners, you’re likely using Google Analytics to get website stats. This means that it is possible that you’re collecting or tracking personal data like IP addresses, user IDs, cookies and other data for behavior profiling. To be GDPR compliant, you need to do one of the following:

  1. Anonymize the data before storage and processing begins
  2. Add an overlay to the site that gives notice of cookies and ask users for consent prior to tracking

Both of these are fairly difficult to do if you’re just pasting Google Analytics code manually on your site. However, if you’re using MonsterInsights, the most popular Google Analytics plugin for WordPress, then you’re in luck.

They have released an EU compliance addon that helps automate the above process. MonsterInsights also has a very good blog post about all you need to know about GDPR and Google Analytics (this is a must read, if you’re using Google Analytics on your site).

MonsterInsights EU Compliance Addon

Contact Forms

If you are using a contact form in WordPress, then you may have to add extra transparency measures specially if you’re storing the form entries or using the data for marketing purposes.

Below are the things you might want to consider for making your WordPress forms GDPR compliant:

  • Get explicit consent from users to store their information.
  • Get explicit consent from users if you are planning to use their data for marketing purposes (i.e adding them to your email list).
  • Disable cookies, user-agent, and IP tracking for forms.
  • Make sure you have a data-processing agreement with your form providers if you are using a SaaS form solution.
  • Comply with data-deletion requests.
  • Disable storing all form entries (a bit extreme and not required by GDPR). You probably shouldn’t do this unless you know exactly what you’re doing.

The good part is that if you’re using WordPress plugins like WPForms, Gravity Forms, Ninja Forms, Contact Form 7, etc, then you don’t need a Data Processing Agreement because these plugins DO NOT store your form entries on their site. Your form entries are stored in your WordPress database.

Simply adding a required consent checkbox with clear explanation should be good enough for you to make your WordPress forms GDPR compliant.

WPForms, the contact form plugin we use on WPBeginner, has added several GDPR enhancements to make it easy for you to add a GDPR consent field, disable user cookies, disable user IP collection, and disable entries with a single click.

GDPR Form Fields in WPForms

Note: We have created a step by step guide on how to create GDPR compliant forms in WordPress.

Email Marketing Opt-in Forms

Similar to contact forms, if you have any email marketing opt-in forms like popups, floating bars, inline-forms, and others, then you need to make sure that you’re collecting explicit consent from users before adding them to your list.

This can be done with either:

  1. Adding a checkbox that user has to click before opt-in
  2. Simply requiring double-optin to your email list

Top lead-generation solutions like OptinMonster has added GDPR consent checkboxes and other necessary features to help you make your email opt-in forms compliant. You can read more about the GDPR strategies for marketers on the OptinMonster blog.

WooCommerce / Ecommerce

If you’re using WooCommerce, the most popular eCommerce plugin for WordPress, then you need to make sure your website is in compliance with GDPR.

The WooCommerce team has prepared a comprehensive guide for store owners to help them be GDPR compliant.

Retargeting Ads

If your website is running retargeting pixels or retargeting ads, then you will need to get user’s consent. You can do this by using a plugin like Cookie Notice.

Best WordPress Plugins for GDPR Compliance

There are several WordPress plugins that can help automate some aspects of GDPR compliance for you. However, no plugin can offer 100% compliance due to the dynamic nature of websites.

Beware of any WordPress plugin that claims to offer 100% GDPR compliance. They likely don’t know what they’re talking about, and it’s best for you to avoid them completely.

Below is our list of recommended plugins for facilitating GDPR compliance:

  • MonsterInsights – if you’re using Google Analytics, then you should use their EU compliance addon.
  • WPForms – by far the most user-friendly WordPress contact form plugin. They offer GDPR fields and other features.
  • Cookies Notice – popular free plugin to add an EU cookie notice. Integrates well with top plugins like MonsterInsights and others.
  • Delete Me – free plugin that allow users to automatically delete their profile on your site.
  • OptinMonster – advanced lead generation software that offers clever targeting features to boost conversions while being GDPR compliant.
  • Shared Counts – instead of loading the default share buttons which add tracking cookies, this plugin load static share buttons while displaying share counts.

We will continue to monitor the plugin ecosystem to see if any other WordPress plugin stands out and offer substantial GDPR compliance features.

Final Thoughts

Whether you’re ready or not, GDPR will go in effect on May 25, 2018. If your website is not compliant before then, don’t panic. Just continue to work towards compliance and get it done asap.

The likelihood of you getting a fine the day after this rule goes in effect are pretty close to zero because the European Union’s website states that first you’ll get a warning, then a reprimand, and fines are the last step if you fail to comply and knowingly ignore the law.

The EU is not out to get you. They’re doing this to protect user’s data and restore people’s trust in online businesses. As the world goes digital, we need these standards. With the recent data breaches of large companies, it’s important that these standards are adapted globally.

It will be good for all involved. These new rules will help boost consumer confidence and in turn help grow your business.

We hope this article helped you learn about WordPress and GDPR compliance. We will do our best to keep it updated as more information or tools get released.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

Additional Resources

  • GDPR Hysteria Part I and Part II by Jacques Mattheij
  • Data protection infographic by European Commission
  • Principles of the GDPR by European Commission
  • GDPR and MonsterInsights – everything you need to know
  • GDPR Enhancement Features for Your WordPress Forms
  • GDPR Compliance for WooCommerce Stores
  • GDPR and OptinMonster – Good read if you have email marketing opt-in forms

Legal Disclaimer / Disclosure

We are not lawyers. Nothing on this website should be considered legal advice. Due to the dynamic nature of websites, no single plugin or platform can offer 100% legal compliance. When in doubt, it’s best to consult a specialist internet law attorney to determine if you are in compliance with all applicable laws for your jurisdictions and your use cases.

WPBeginner founder, Syed Balkhi, is also the co-founder of OptinMonster, WPForms, and MonsterInsights.

2.7k Shares
Share
Tweet
Share
Pin
Popular on WPBeginner Right Now!
  • How to Fix the Error Establishing a Database Connection in WordPress

    How to Fix the Error Establishing a Database Connection in WordPress

  • Google Analytics in WordPress

    How to Install Google Analytics in WordPress for Beginners

  • Revealed: Why Building an Email List is so Important Today (6 Reasons)

    Revealed: Why Building an Email List is so Important Today (6 Reasons)

  • How to Properly Move Your Blog from WordPress.com to WordPress.org

About the Editorial Staff

Editorial Staff at WPBeginner is a team of WordPress experts led by Syed Balkhi. Trusted by over 1.3 million readers worldwide.

The Ultimate WordPress Toolkit

175 Comments

Leave a Reply
  1. Charles Anderson says:
    Apr 22, 2019 at 4:35 am

    Great post, helpful WordPress and GDPR guide ness. keep posting more articles.

    Reply
    • WPBeginner Support says:
      Apr 22, 2019 at 2:30 pm

      Thank you, glad you liked our article :)

      Reply
  2. Chris H says:
    Feb 5, 2019 at 11:05 am

    A kind of good post. All SMEs and large business should be GDPR compliant. GDPR Awareness must be given to the staffs.

    Reply
    • WPBeginner Support says:
      Feb 5, 2019 at 11:30 am

      Glad you liked our content :)

      Reply
  3. Shashank says:
    Nov 20, 2018 at 6:13 am

    Nice Blog. Thank you for the article about GDPR. Much needed for me

    Reply
  4. Gavin says:
    Oct 8, 2018 at 10:35 am

    I am still a little confused with all this. Some say as long as you get consent and use something like a cookie/privacy popup to alert users and get consent etc its fine. But surely once someone has visited your site the cookies have already been placed in their browser so in this case should all cookies etc not be used until the users agrees? If this is the case how do we achieve this?

    Reply
  5. Trond says:
    Aug 13, 2018 at 10:40 am

    Hi,

    I would just like to add that the Cookie Notice for GDPR plugin states it’s “100% GDPR compliant”. See “features include” at their plugin page.

    You say that “Beware of any WordPress plugin that claims to offer 100% GDPR compliance. They likely don’t know what they’re talking about, and it’s best for you to avoid them completely.”

    So, how can Cookie Notice be recommended by you?

    Reply
    • WPBeginner Support says:
      Aug 14, 2018 at 9:18 pm

      Hi Trond,

      Cookie Notice is a useful plugin, however the plugin alone cannot make your website 100% GDPR compliant.

      Reply
  6. Rick OD says:
    Jun 8, 2018 at 7:33 pm

    how could a law in the European Union hold any water in the USA and how on earth could they fine you or force you to make changes to your website here in the US if no US law forces GDPA compliance?

    Reply
  7. Mathukutty P. V. says:
    Jun 7, 2018 at 11:49 am

    I have Monsterinsights free version. Can not afford to buy pro now so cant install addon.

    I was using Jetpack comment, after reading this post changed to wp default. Thanks.

    Reply
  8. Mathukutty P. V. says:
    Jun 7, 2018 at 7:39 am

    Thanks for the clarification. Mine is a personal blog. Will try to modify privacy policy.

    Reply
  9. Debbie says:
    Jun 5, 2018 at 3:04 pm

    Excellent article. Could you clarify something I’d not seen mentioned anywhere else?

    According to GDPR Article 83, (this is not a quote, but my own summary) fines, penalties, or other consequences for non-compliance, would be based on your footprint as an organization, the degree to which you collect and process data from Europe, and the severity of the infraction.

    You said: “While GDPR has the potential to escalate to those high level of fines, it will start with a warning, then a reprimand, then a suspension of data processing, and if you continue to violate the law, then the large fines will hit.” And then you have an infographic with this info.

    That’s a very specific progression. Can you point to an official notification or article somewhere where this is stated? Specifically, that an infraction would start with a warning, etc. And let’s just assume we’re talking about the average or smaller site and not Facebook. :) Thanks!

    Reply
  10. Abin says:
    May 30, 2018 at 10:18 am

    Seems it is the lengthy process to correct all the checks against each clause, do we have any plugin available to do correction across the WordPress blog?

    Reply
  11. Prithvi Raj says:
    May 29, 2018 at 11:22 pm

    This is impossible to enforce.

    Who is going to go around and check if every single site is following this?

    What are newbie website owners going to do?

    It is hard enough to create a website and get a few people to come and read, and now you also have to deal with rubbish like this?

    To put it in plain English, the EU intended that big giants like Google and FB don’t screw with data.

    This law is not for the average Joe. There are hundreds of laws ordinary people break everyday by visiting simple websites, and doing simple thing online. Nobody can enforce laws like GDPR on small business owners.

    If you’re getting big, you definitely need to comply, it also makes sense, if you’re bigger, you have more resources.

    Reply
  12. Prithvi says:
    May 28, 2018 at 10:58 pm

    I doubt if this GDPR can be enforced for small businesses, does the EU plan on going after every single small website?

    I’m not based in the EU, this regulation does not apply to me, at least not at this level (I’m a small business).

    Even if it does apply, I can’t make any changes for every single regulation that comes about in different countries.

    I’d like to see how this plays out over the years, it is primarily meant for giants, not for ordinary people.

    Reply
  13. Jeanne says:
    May 28, 2018 at 10:09 am

    Thanks for the article! I am glad to know the WP is all over this topic.

    Reply
  14. Geoff says:
    May 28, 2018 at 6:46 am

    The Ginger plugin works, it is simple to use and will block 3rd party cookies if the user wishes to not accept cookies but still see the website in question.

    Reply
  15. Christophe Huget says:
    May 28, 2018 at 5:48 am

    Hello, I use Iubenda to manage my Privacy Policy, the page is not physically on our website, it’s hosted on Iubenda.com. There’s no option to add a link to an external link.

    Reply
  16. owolabi Thankgod says:
    May 27, 2018 at 2:21 pm

    I was sent a message by google that I should log into my adsense account and accept their new privacy policy and I have done that

    Is this same as GDPR because I am getting increasingly confused after reading this article

    Please what am I to do to make my wordpress site GDPR complaint because as for me, i have not done anything whatsoever.

    Reply
  17. Guust says:
    May 27, 2018 at 8:32 am

    The article says there are fines for companies, so what if my business is not carried on by a company?
    And what about hobby websites and blogs, as in non-business websites?

    Either the article is not complete or misleading?
    Can you clarify?
    Thanks

    Reply
  18. Nanette Irvine says:
    May 26, 2018 at 10:38 pm

    Thank you for your informative article. I have a question in regard to a blog I write. I have a self hosted WordPress site with a Divi theme. It is not a business, no marketing, no advertising – purely sharing a personal journey. I do offer people the opportunity to receive a notice when the next post is up. Their name and email address is stored in Aweber. Do I have to have Privacy notice etc for GDPR compliance?

    Reply
  19. Mamun says:
    May 26, 2018 at 9:40 am

    Very informative article. Really I was confused about the term GDPR. Now it’s clear to me…Thanks buddy

    Reply
  20. Bill says:
    May 26, 2018 at 1:28 am

    I disagree with assuming the EU can dictate to a business without a physical location in an EU country. This is a sovereignty issue most US citizens would have issue with like the tea tax which basically started the American colonies fight for independence. The EU cannot globally criminalize an action they do not like and penalize a US citizen, or other citizen outside their umbrella of power, based on such action. To say they can is the height of socialist arrogance.

    Nor does the EU have dominion over the internet. If they do not like the way the rest of the world does business they are free to lock their coddled citizens in a make believe world much like the Chinese do.

    Reply
    • JC says:
      May 28, 2018 at 1:43 am

      True indeed but then there is DMCA which is an American law designed to protect copyright that people also follow regardless of soveriegnty. And Americans seem not to fight paying tax abroad even when their physical location and employment does not fall under American jurisdiction.

      Reply
    • Geoff says:
      May 28, 2018 at 6:32 am

      Of course the EU can criminalise certain actions globally.

      Currently – The sale of illicit goods to the EU can be made illegal and any EU police force make arrests for certain actions carried out by people entering the EU.

      The point is, this is a step towards protecting the data of anyone residing within the EU (even non-EU nationals). If a US based organisation releases data that is personal to me for their own gain or because they did not protect it properly – they should be penalised.

      Reply
    • Nathan says:
      May 29, 2018 at 4:41 pm

      Yes! I thought I was the only one who’s thinking this way. Is there a legal precedent for something like this? A citizen from the EU visits my site and all of the sudden they have the right to legislate what I can and can’t do? I think everyone is jumping on the GDPR train because it means more work (i.e. more money) for developers. Is anyone else willing to just say that the emperor doesn’t have any clothes?

      Reply
    • Tony Tremblay says:
      Oct 9, 2018 at 6:38 pm

      I don’t think they will go after anyone outside the Euro zone. What they could do howerver is force Google to integrate them in the search engine ranking factors. This way, every website could be affected…

      Reply
  21. John says:
    May 25, 2018 at 11:12 pm

    Can we choose to block business in Europe? There’d be ZERO reason for me to even come up over there… I don’t even want their money!

    Reply
    • Magrt says:
      May 28, 2018 at 9:08 am

      Sadly that’s more problems for you.
      Apparently EU has a rule, that will take effect this year that prohibits geoblocking. Am not a lawyer but basically that rule will prevent you from blocking out EU members from your site and attract fines .

      Reply
    • Bill says:
      May 29, 2018 at 6:59 am

      Yes John, you most certainly can block all EU based traffic and forget the whole mess.

      Reply
  22. Latunde says:
    May 25, 2018 at 9:34 pm

    Thank you for sharing this awesome information

    Reply
  23. GeeLew Grinds Carpentier says:
    May 25, 2018 at 5:55 pm

    GDPR understanding is real right now

    Reply
  24. Amanda says:
    May 25, 2018 at 4:33 pm

    Hi, thank you all, Editorial Staff, SO much for this wonderful and helpful article, with all the helpful links and resources!! And I am so grateful to see a mostly positive and thankful response from our fantastic community of bloggers. I am so proud to be a part of this. And I really love your respectful treatment of the “spirit of this law.”

    Reply
  25. Joe says:
    May 25, 2018 at 12:33 pm

    This was fantastic! I only wish it included AdSense, as a lot of site owners use that, too.

    Reply
  26. nancie says:
    May 25, 2018 at 11:02 am

    Thank you! Was looking for something simple like this for weeks…

    Reply
  27. Amar Ilindra says:
    May 25, 2018 at 9:36 am

    Thanks for the detailed guide.
    But I feel you missed Google Adsense part.

    For EU users, we need to get consent for personalized/non-personalized ads.

    It would be really helpful for people if you update the article with the changes we need to make with Adsense.

    Reply
    • WPBeginner Support says:
      May 26, 2018 at 7:21 pm

      Hi Amar,

      AdSense has issues GDPR related guidelines for publishers. Basically, you will need to disclose your ads in the privacy policy and cookie usage. You will need to show a cookie popup to get user consent.

      Reply
  28. Mike says:
    May 25, 2018 at 8:42 am

    What if a person’s business is only local to Western Canada

    Reply
    • Geoff says:
      May 28, 2018 at 6:34 am

      If that business interacts with a person residing within the EU – then yes they do.

      Reply
  29. Lawrence Elliott says:
    May 25, 2018 at 6:23 am

    What about using the Facebook Comments plugin? Is that in compliance? If not, how can we make it so?

    Reply
    • WPBeginner Support says:
      May 26, 2018 at 7:18 pm

      Hi Lawrence,

      All Facebook embeds set cookies and track users across the web, you will need to disclose this information and get explicit user consent for those cookies.

      Reply
  30. Una says:
    May 25, 2018 at 4:16 am

    Thank you so much for this very useful article.

    Reply
    • Editorial Staff says:
      May 25, 2018 at 9:24 am

      Glad you found it helpful :)

      Reply
  31. Dawn Daniel says:
    May 25, 2018 at 3:14 am

    Very good Article Thank you sharing this informative article. easy to understand

    Reply
  32. balu says:
    May 25, 2018 at 1:51 am

    I don’t use Google Analytics plugin in wordpress. But I placed Google Analytics code in header file of WordPress Theme. What can I do for this problem.

    Reply
    • WPBeginner Support says:
      May 26, 2018 at 7:09 pm

      Hey Balu,

      You will still need to comply with the GDPR by manually adjusting settings.

      Reply
  33. Clare says:
    May 24, 2018 at 10:40 pm

    This WAS plain English. Thank you.

    Reply
    • Editorial Staff says:
      May 25, 2018 at 9:24 am

      You’re welcome :)

      Reply
  34. David Lightfoot says:
    May 24, 2018 at 9:29 pm

    Well that’s just brilliant. In order to eliminate spam, they have now set it up so every website, that I have ever sent my email to, anywhere in the world is going to email me some kind of spam about their “new privacy rules”. Idiots.

    Reply
  35. C.J. Haynie says:
    May 24, 2018 at 8:19 pm

    Thank you so much for putting this together! It’s been a big help. I just run a personal blog but have managed to change a few of my plugins to be more compliant. I need to look at monster insights about their free version of their addon, but I think for the most part I should be fine.

    Cheers to you all! :) Take care of yourselves.

    Reply
  36. Suzanne says:
    May 24, 2018 at 7:11 pm

    “If your website has visitors from European Union countries, then this law applies to you.”

    Correction, “If your website has visitors from European Union countries, then this law applies to THEM.”

    This article makes no reference to which countries have treaties with the EU that would allow the EU to usurp their sovereignty to enforce, prosecute, and fine people within them, for having the “wrong check boxes” in their contact forms.

    The EU doesn’t get to swallow the earth like some amoeba. I am neither a citizen, serf, nor resident of the EU. My websites are all hosted in non-EU countries. If you can show me the list of countries that have signed on to a treaty to allow the EU to prosecute people for non-GDPR-approved check boxes within their borders, I’ll consider choosing or updating my own plugins/contact forms, thank you very much, or updating my .htaccess to block all EU IP addresses from visiting.

    And that’s how it’s played.

    Reply
    • Jean Jeudi says:
      May 26, 2018 at 6:00 am

      Good to know that your site can do without visitor from Europe. I reckon your are not providing important services or goods. Maybe you should read a bit more what the EU requires from companies tar getting European customers. Most of the topics are common sense e.g not to share information you receive with third parties without a previous approval. Similar laws exist ever since for sharing photos showing third parties in social media.
      I know that I am already a transparent person thanks to google and friends but at least I want to have the right to check what they have collected on me and to stop distribution of this information

      Reply
    • Geoff says:
      May 28, 2018 at 6:44 am

      I’m afraid the EU does… if you want to play fast and loose with personal data, feel you have a right to send me crap emails me if I didn’t sign up, store information about me with permission, release information about me to 3rd parties (intentionally or not)… then you shouldn’t have a website.

      Reply
  37. Chris Bukoski says:
    May 24, 2018 at 7:02 pm

    This post seems relevant for wordpress.org (as mentioned). What about wordpress.com sites?

    Thanks!

    Reply
  38. Jonathan Soto Gregg says:
    May 24, 2018 at 5:28 pm

    This is important information. Thanks for sharing. Can i share this in my blog?

    Reply
    • Editorial Staff says:
      May 25, 2018 at 9:26 am

      Hi Jonathan, we don’t allow folks to copy our entire articles. However if you want to link to our article from your own original content blog post, then absolutely :)

      Reply
  39. Gidon Ariel says:
    May 24, 2018 at 5:25 pm

    Great article, I will certainly try to find it and refer to it if I ever need to worry about this.
    But since you say that worst case, i will first be given a warning, I will focus on other things and be motivated by real 3rd degree urgency then instead of spending hours now – a few hours before the “deadline” – for something that will probably never affect me.
    Sorry chums, this sounds like Bug2000’s little brother.
    Cheers!

    Reply
  40. Jasmin Patterson says:
    May 24, 2018 at 4:09 pm

    First off, thank you for explaining this so simply!

    Second, a question. I have a small self-hosted WP blog and I send new posts and updates to my readers but don’t sell them anything at this point. I’m using the Mailmunch plug in for opt-in forms, integrated with my Mailchimp email list.

    If I enable double-opt in for my email newsletter opt-in forms, do I need to also have legal language on each of those opt-in forms specifically stating that users information will be stored in my email marketing client and that they can unsubscribe at any time? Or is the double opt-in sufficient to be compliant? Should I perhaps include storage information in a privacy policy also/instead?

    Thanks!

    Reply
  41. Jose E. Marques says:
    May 24, 2018 at 4:08 pm

    Excelent article. Exactly what everybody needs to hear. Keep up the excelent work. Blessings.

    Reply
  42. Chirag artani says:
    May 24, 2018 at 3:18 pm

    GDPR is now started, I’ll update new policy in my website because it’s important and we are legal workers !

    Reply
  43. Emily says:
    May 24, 2018 at 1:23 pm

    Thank you so much! I updated WordPress and am not seeing the comment consent, is it a setting that needs to be turned on I cant seem to find it if so. Maybe because I am using Genesis? Any help would be appreciated. Thanks again

    Reply
    • WPBeginner Support says:
      May 26, 2018 at 7:04 pm

      Hi Emily,

      Please see our article on how to add comment privacy checkbox in WordPress.

      Reply
  44. Koshy George says:
    May 24, 2018 at 12:54 pm

    Is there a way I can block EU users from accessing my wordpress site or put a splash screen saying EU users are not welcome?

    Reply
  45. vas says:
    May 24, 2018 at 11:10 am

    Thank you!

    Reply
  46. Ben says:
    May 24, 2018 at 10:56 am

    Best guide! Thanks so much.

    Reply
  47. Aimee says:
    May 24, 2018 at 9:40 am

    I have a blog that doesn’t do ANY monetizing. Actually it doesn’t get many views because I only do blogging as a hobby so far. What exactly do I need to do to be compliant with the new law? Does the law affect me if I”m not a business and not making money from my blog?

    Reply
    • WPBeginner Support says:
      May 26, 2018 at 7:02 pm

      Hi Aimee,

      It depends on plugins and tools you use on your website and how they collect and store personal information.

      Reply
  48. Hannah says:
    May 24, 2018 at 9:36 am

    Fantastic article! Luckily we’ve already implemented most of what you suggest for both ourselves and our clients, but we had a very longwinded way of getting there. It would have been so much quicker and easier if we’d read your clear and straightforward article first! WordPress seems to have been a bit late to the party in terms of GDPR compliance but at least we’re there now – just in the nick of time!

    Reply
  49. Kresten Bergsøe says:
    May 24, 2018 at 9:10 am

    The Cookie Notice plugin is NOT GDPR compliant – not even compliant with current cookie legislation in the EU.

    Before you set a cookie you have to have consent – Cookie Notice does not support the blocking of cookies at all.

    Reply
  50. Klemen says:
    May 24, 2018 at 9:02 am

    Pheew. Feel really good to read this article. Honestly, I’m dealing with this late and learning about this honestly scared the shit out of me and got me overwhelmed. Happy to hear that it’s not the end of the world and that if I take a step at a time towards compliance it’s gonna be all right.

    Reply
« 1 2 3

Leave a Reply Cancel reply

Thanks for choosing to leave a comment. Please keep in mind that all comments are moderated according to our comment policy, and your email address will NOT be published. Please Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.

Over 1,320,000+ Readers

Get fresh content from WPBeginner

Featured WordPress Plugin
PushEngage
PushEngage
Increase your website traffic & revenue with push notifications. Learn More »
How to Start a Blog How to Start a Blog
I need help with ...
Starting a
Blog
WordPress
Performance
WordPress
Security
WordPress
SEO
WordPress
Errors
Building an
Online Store
Useful WordPress Guides
    • 7 Best WordPress Backup Plugins Compared (Pros and Cons)
    • How to Fix the Error Establishing a Database Connection in WordPress
    • Why You Need a CDN for your WordPress Blog? [Infographic]
    • 30 Legit Ways to Make Money Online Blogging with WordPress
    • Self Hosted WordPress.org vs. Free WordPress.com [Infograph]
    • Free Recording: WordPress Workshop for Beginners
    • 24 Must Have WordPress Plugins for Business Websites
    • How to Properly Move Your Blog from WordPress.com to WordPress.org
    • 5 Best Contact Form Plugins for WordPress Compared
    • Which is the Best WordPress Popup Plugin? (Comparison)
    • Best WooCommerce Hosting in 2020 (Comparison)
    • How to Fix the Internal Server Error in WordPress
    • How to Install WordPress - Complete WordPress Installation Tutorial
    • Why You Should Start Building an Email List Right Away
    • How to Properly Move WordPress to a New Domain Without Losing SEO
    • How to Choose the Best WordPress Hosting for Your Website
    • How to Choose the Best Blogging Platform (Comparison)
    • WordPress Tutorials - 200+ Step by Step WordPress Tutorials
    • 5 Best WordPress Ecommerce Plugins Compared
    • 5 Best WordPress Membership Plugins (Compared)
    • 7 Best Email Marketing Services for Small Business (2020)
    • How to Choose the Best Domain Registrar (Compared)
    • The Truth About Shared WordPress Web Hosting
    • When Do You Really Need Managed WordPress Hosting?
    • 5 Best Drag and Drop WordPress Page Builders Compared
    • How to Switch from Blogger to WordPress without Losing Google Rankings
    • How to Properly Switch From Wix to WordPress (Step by Step)
    • How to Properly Move from Weebly to WordPress (Step by Step)
    • Do You Really Need a VPS? Best WordPress VPS Hosting Compared
    • How to Properly Move from Squarespace to WordPress
    • How to Register a Domain Name (+ tip to get it for FREE)
    • HostGator Review - An Honest Look at Speed & Uptime (2020)
    • SiteGround Reviews from 4196 Users & Our Experts (2020)
    • Bluehost Review from Real Users + Performance Stats (2020)
    • How Much Does It Really Cost to Build a WordPress Website?
    • How to Create an Email Newsletter the RIGHT WAY (Step by Step)
    • Free Business Name Generator (A.I Powered)
    • How to Create a Free Business Email Address in 5 Minutes (Step by Step)
    • How to Install Google Analytics in WordPress for Beginners
    • How to Move WordPress to a New Host or Server With No Downtime
    • Why is WordPress Free? What are the Costs? What is the Catch?
    • How to Make a Website in 2020 – Step by Step Guide
Deals & Coupons (view all)
IPVanish Coupon
Get 20% OFF on IPVanish, one of the best VPN service providers for bloggers and WordPress users.
Theme Trust
ThemeTrust Coupon
Get 20% off on all ThemeTrust themes brought to you by Henry Jones.
Featured In
About WPBeginner®

WPBeginner is a free WordPress resource site for Beginners. WPBeginner was founded in July 2009 by Syed Balkhi. The main goal of this site is to provide quality tips, tricks, hacks, and other WordPress resources that allows WordPress beginners to improve their site(s).
Join our team: We are Hiring!

Site Links
  • About Us
  • Contact Us
  • FTC Disclosure
  • Privacy Policy
  • Terms of Service
  • Free Blog Setup
  • Free Business Tools
Our Sites
  • OptinMonster
  • MonsterInsights
  • WPForms
  • SeedProd
  • Nameboy
  • RafflePress
  • Smash Balloon

Copyright © 2009 - 2021 WPBeginner LLC. All Rights Reserved. WPBeginner® is a registered trademark.

Managed by Awesome Motive | WordPress hosting by SiteGround | WordPress CDN by MaxCDN | WordPress Security by Sucuri.