GDPR is all over the news, and flooding email inboxes all over the world.
That’s because of GDPR.
GDPR (it stands for General Data Protection Regulation) goes into effect on May 25, 2018, and it’s enforceable worldwide. Basically, it says that anyone who does business with individuals in the European Union must step up their privacy protections.
I’ve written an article over on my Anywhereist.com site, about how GDPR affects bloggers, freelancers, and solopreneurs even if located outside of Europe. You should familiarize yourself with what’s involved, then come back here for a walkthrough of how to use The GDPR Framework plugin to help you bring your site into compliance.
Keep in mind, as you’re reading this article, that I’ve tried to make it as helpful as possible for my readers, who are mostly bloggers, freelancers, and solopreneurs. However, I’m not a lawyer and this is not legal advice. If you have questions about your own situation you may want to consult an attorney.
Recommended GDPR Plugin — The GDPR Framework
WordPress is in the process of creating a set of core components to help with GDPR. There are already several plugins available to take care of various aspects of it.
One that I tried and liked is The GDPR Framework, available as a free download from WordPress.
While it doesn’t have as many active installs as most plugins I recommend, that’s because the GDPR law is new, and so are the tools to deal with it. The GDPR Framework plugin is well reviewed, with a high rating, and the developer has a good reputation.
I also like it because, of those I tried, it’s got the best on-screen help and it explains things in an easier, more fun way than the others. I mean, not too many of us got into what we’re doing because we want to spend time with legalese. . .
Install it as you would any other plugin. Once activated, it offers to run a setup wizard.
I ran the wizard, and was greeted with this helpful screen.
Click Get Started to configure the plugin. But wait — they have their own legal disclaimer you must accept. The following screen lets you know that the plugin will help you comply with GDPR but is not a guarantee of legal compliance. You must accept it before you can move on.
I clicked Accept, and was taken to the next choice.
Since I wanted to see what it would create, I went with the default settings, “automatically create a new page for Privacy Tools.”
I clicked Save, and was able to preview the Privacy Tools page.
This is the page your readers will see if they opt to download or delete their user data. (Because I was already logged in as an admin, some of the options weren’t available to me.) If a reader who’s not logged in wants to view the page, they’ll need to provide their registered email address to access the privacy tools for their account.
Now, back to the wizard. . .
On this screen you can also choose what happens when a customer chooses to view or export his data.
Under the law, customers also have the right to be forgotten – to completely remove their data. Select how you want this handled.
Here you have several choices:
- Use an existing page that is already GDPR compliant
This opened up a series of text boxes to fill in. Some were easy (company name, email, etc.). Some, not so much.
This one, for example. . . although I had done several hours of research into GDPR prior to installing this plugin, this was new to me.
Seriously? I have to appoint a representative in the EU? This is one of the more flagrant examples of how this law is totally ridiculous for freelancers and solopreneurs. I also found it a bit disturbing that this was the first mention I’d found of it.
According to this article, if you are a small business, and you meet these criteria, you may not need to appoint a representative. If your processing:
- is occasional; and
- does not include processing of sensitive data or data relating criminal convictions on a large scale; and
- is unlikely to cause risks to rights and freedoms of data subject.
However, if you actively target EU customers, you likely won’t be able to avoid it.
The article also stated that there are companies already offering this service, and they’re findable on Google.
You also need to designate an EU Data Protection Authority, and you may need to appoint a Data Protection Officer.
Last but not least, specify your Terms and Conditions page if you have one. (If you allow commenting on your site, or any user-generated content, it’s a good idea to have one anyway.)
Click Save to continue.
Forms and Consent
This screen helps you customize certain forms. For example, it noted that I have Contact Form 7 installed on the site, and the plugin is compatible with it. [Note: I don’t use Contact Form 7 – this is just a sandbox site, and I had installed it to check something on behalf of a client.]
Click Continue to move on.
I didn’t have any thing to do here except click Continue. However, you may see different choices depending on your theme and other factors.
Once you click Continue, you’ll see a screen full of links to helpful resources.
If you’ve done your inventory, it should be fairly straightforward. Just make sure it answers these questions for each type of information you collect and store — have you made it clear:
- What information you’re collecting
- Why you’re collecting that information
- What information you’ll be sending them
- How often you’ll send information
- How they can edit or remove their information
If you send a weekly informational email, they can unsubscribe or remove themselves from the mailing list by clicking a link at the bottom of the email (at least if you’re using one of the popular third-party email services).
If they have subscribed to your WordPress site, they’ll have a username and password in WordPress. They’ll modify that through the Privacy Tools page if you’re using The GDPR Framework plugin.
This was one aspect of this plugin I didn’t much like – it doesn’t add its own menu to your Dashboard, instead hiding settings within two existing menus.
You’ll find a Privacy Tools option within the Users menu.
And, in the Tools menu, you’ll find the rest of the plugin’s settings in the Privacy section.
Click on Privacy to run the setup wizard again, and edit any of your previous choices.
This plugin already integrates with:
- Gravity Forms (requires an add-on, which is also free)
- Contact Form 7
- Formidable Forms (requires an add-on)
They plan to add integrations with:
- Ninja Forms
- Contact Form 7 Flamingo
- WP Migrate DB
- Easy Digital Downloads
- Gravity Forms
- Contact Form DB 7
Other plugins will become available as well. I will do my best to update this article from time to time, as tools for dealing with the GDPR evolve.
Other Articles You’ll Like