WordPress has just made GDPR easier for you. Here's how

Posted May 18, 2018 | ~4 minute read

Oh yes, another post out on the web about GDPR but if you have a website powered by WordPress, this post should put a smile on your face.

Last night WordPress 4.9.6 shipped quietly and I thought I would take the time to walk through the awesome new features made available to you all in this update, with a financial services spin on it, as ever.

First off, WordPress has made the common tasks around compliance with GDPR much easier for you.

After completing the upgrade, there's a whole host of settings and tools at your disposal. Let's take a quick look at them now.

Setting up a privacy policy

First off, with GDPR you need to make it super-simple to read your privacy and data policies. The standard way of displaying this on a site is to put a link in the footer. WordPress now has a wizard for setting this page up within the Settings section of your site. Go take a look at Settings > Privacy, you should be presented with the following:

If you already have a Privacy Policy in place (setup as a page on your site) you can hook-up WordPress to that page, but if you don't you can create a new page from this wizard. Want to know the really cool bit about this? Selecting the "Create New Page" option will give you a whole load of sample content you can use to build your own Privacy Policy. Awesome!

Go checkout this sample page on our site to see what you're given as a template to start from.

Once you've created your Privacy Policy, you'll need to make sure you put a link on your site to display it. We would recommend placing these in the footer of your site as this appears to be standard practice. If the theme your WordPress site includes has a menu in the footer, just go ahead and add the new page to that menu. Failing that, you'll need to get in touch with your web people to get it hooked up. We can help with this if you need a bit of help.

Easily exporting personal data held on your WordPress site

One of the big features of GDPR is the right for someone to request information you hold on them. Without boring you to death, WordPress has quite a funky way of holding this data in it's database so outputting this data would have been a royal pain in the ass.

Not any more. Under Tools you now have two new links : Export Personal Data and Erase Personal Data.

The export personal data screen looks like this:

If you receive a request to download the personal data of a registered WordPress user, enter the email address they use on the site on this form and it'll send that user an email to confirm the data-dump:

Once they've clicked the link to accept it, it'll then generate a zip and make that available to the user and the website owner.

Erasing personal data

Much like the above tool, the erasing personal data works in a similar way. You can enter the email address of the user who wants to be removed, and on their confirmation it'll remove everything on the site about that user. Nifty, eh?

These updates, combined with the 95 other tweaks and updates rolled out in this release should make compliance with GDPR a cinch.

What do you think? Is there anything else they could build to make it easier? Pop your thoughts in the comments below or tweet us at @team_codepotato


If you need a hand making these adjustments to your WordPress powered site, feel free to get in touch. We've been working with the majority of our clients recently to get ready for GDPR and can recommend a whole host of plugins for notifying users on cookie policies and much more. We're here for you.