Collecting data from users by websites is not uncommon. Almost everyone does that, it may be through cookies or newsletter sign-ups and so on. If you are doing a business in USA or EU GDPR or General Data Protection Regulation will definitely affect you.
If you want to avoid consequences here are few points that will help you:
- Tell the user who you are, why you collect the data, for how long, and who receives it.
- Get a clear consent [when required] before collecting any data.
- Let users access their data, and take it with them.
- Let users delete their data.
- Let users know if data breaches occur.
WordPress released a new version (4.9.6) on which contains privacy law compliance for GDPR. Below are some of the new features available:
The New Privacy Page Settings
Comments on WordPress
The new feature added to the comment section is that upon commenting the commenters data will not be stored on the website upon shifting the responsibility towards the commenters.
It all boils down to your website data handling. According to GDPR the people visiting to your website should be given completely to freedom to whether sign-up or unsubscribe from the website and such, i.e importing and exporting data. It can be found in the tool menu ‘export settings’
What Sites Are Affected?
Every site which can from accessible from EU is affected. Doesn’t matter, even if you do a business in EU or not. You will be fined with large amounts of money if there is any data breach.
What about eCommerce sites?
Unless your store is PCI compliant or unless you are using WooCommerce. Well, tough luck. E-commerce is not excluded from the GDPR either. You can save yourself by getting a WooCommerce store and assigning your GDPR terms and conditions in the checkout menu in WooCommerce section.
If you want to make your WordPress Website GDPR Compatible, you can approach WordPress website design agency that helps you to improve the security of the personal data, to give you greater control over, how your data is used.