With the EU’s GDPR deadline looming large in everyone’s mind, WordPress has released Version 4.9.6, which includes several new privacy-related features to help WordPress site owners comply with GDPR regulations. Here’s a rundown of the new features:
WordPress has always had the ability for users to leave comments (assuming that the site allows for it), and the ability for them to leave their information (name and email address) behind so that the site owners can contact them.
Previously, WordPress stored this value in a cookie in the commenter’s browser automatically, but now they’ve added a checkbox where a user must opt in to this functionality so that cookies are not stored unless the user consents to it.
Data Handling Tools
In addition to the tools WordPress has added to inform users about privacy concerns, they’ve added tools for site owners to manage user data to comply with GDPR regulations. This includes two separate tools: Data Export and Data Erasure.
The Data Export tool allows site owners to export all of the data about a specific user by entering their email address into the admin interface in WordPress. When the site owner or manager does this, it will send the user an email confirming their request. Once they’ve confirmed the request, administrators can go back to this interface to send the user their data. You can also see past requests, and remove them if you’d like to do so. In the WordPress interface, you can find this tool in the left navigation menu as Tools » Export Personal Data.
The Data Erasure tool works in a similar fashion to the Data Export tool, where an administrator inputs an email address and an email is sent to the user. Once it’s confirmed, the administrator can then use the interface to erase all data about the user. You can find this tool in the left navigation as Tools » Erase Personal Data.
It’s very important to note that these tools will only affect core WordPress data unless plugins are updated to use the WordPress tools that export or erase personal data. Typically plugins update quickly, but as the owner of the website and data controller, it is your responsibility to make sure the plugins aren’t retaining data that isn’t being handled by this tool.
Overall, WordPress has included some very useful tools for both site owners and developers to help with the management of their GDPR burden. However, like anything GDPR-related, it’s going to take some extra effort to make sure you’re utilizing them to fully comply with new regulations.