The GDPR, short for General Data Protection Regulation, is a European Union law that protects users’ privacy when using websites.
We’ve received dozens of emails from users asking us to explain the GDPR in plain English and share tips on how to make your WordPress site GDPR-compliant.
In this article, we will explain everything you need to know about the GDPR and WordPress (without the complex legal stuff).
Disclaimer
We are not lawyers, and nothing on this website should be considered legal advice.
To help you easily navigate through our ultimate guide to WordPress and GDPR compliance, we have created a table of contents below:
- What Is the GDPR?
- Does the GDPR Apply to My WordPress Website?
- What Is Required of Website Owners Under the GDPR?
- Is WordPress GDPR Compliant?
- Additional Areas on Your Website to Check for GDPR Compliance
- Best WordPress Plugins for GDPR Compliance
- Final Thoughts
- Expert Guides on Making Your WordPress Site GDPR-Compliant
- Additional Resources
What Is the GDPR?
The General Data Protection Regulation (GDPR) is a European Union (EU) law that took effect on May 25, 2018. The goal of the GDPR is to give EU citizens control over their personal data and change the data privacy approach of organizations across the world.
Over the years, you’ve likely gotten dozens of emails from companies like Google about the GDPR, their new privacy policies, and a bunch of other legal stuff. That’s because the EU has made big penalties for people who don’t comply with the regulations.
Businesses that are not in compliance with the GDPR’s requirements can face large fines of up to 4% of a company’s annual global revenue or €20 million (whichever is greater). This is enough reason to cause widespread panic among businesses around the world.
What Is the CCPA?
The state of California introduced similar privacy legislation on January 1, 2020, though the potential fines are much lower.
The California Consumer Privacy Act (CCPA) is designed to protect the personal information of Californian residents. It gives them the right to know what personal information is being collected about them, request its deletion, and opt out of the sale of their data.
In this article, we will focus on the GDPR, but many of the steps we list in this article will also help you become CCPA compliant.
This brings us to the big question that you might be thinking about:
Does the GDPR Apply to My WordPress Website?
The answer is YES. It applies to every business, large and small, around the world (not just in the European Union).
If your WordPress website has visitors from European Union countries, then this law applies to you.
But don’t panic. It’s not the end of the world.
While the GDPR can escalate to those high levels of fines, it will start with a warning, then a reprimand, and then a suspension of data processing.
And only if you continue to violate the law will the large fines hit.
The EU isn’t some evil government out to get you. Its goal is to protect innocent consumers from reckless data handling that could result in a breach of their privacy.
In our opinion, the maximum fine is largely intended to get the attention of large companies like Facebook and Google so that this regulation is NOT ignored. Furthermore, this encourages companies to actually put more emphasis on protecting people’s rights.
Once you understand what is required by the GDPR and the spirit of the law, then you will realize that none of this is too crazy.
We will also share tools and tips to make your WordPress site GDPR-compliant.
What Is Required of Website Owners Under the GDPR?
The goal of GDPR is to protect users’ personally identifying information (PII) and hold businesses to a higher standard when it comes to how they collect, store, and use this data.
This personal data includes your users’ names, email addresses, physical addresses, IP addresses, health information, income, and more.
While the GDPR regulation is 200 pages long, here are the most important pillars that you need to know:
You Must Gain Explicit Consent to Collect Personal Information
If you are collecting personal data from an EU resident, you must obtain explicit, specific, and unambiguous consent or permission.
In other words, you can’t just send unsolicited emails to someone who gave you their business card or filled out your website contact form. This is spam. Instead, you must allow them to opt-in to your marketing newsletter.
For it to be considered explicit consent, you must require a positive opt-in. The checkbox must not be ticked by default, must contain clear wording (no legalese), and must be separate from other terms and conditions.
Your Users Have a Right to Their Personal Data
You must inform individuals where, why, and how their data is processed and stored.
An individual has the right to download their personal data and the right to be forgotten.
This means they have a right to demand that you delete their personal data. When a user clicks an unsubscribe link or asks you to delete their profile, you actually need to do that.
You Must Provide Prompt Data Breach Notifications
Organizations must report certain types of data breaches to relevant authorities within 72 hours unless the breach is considered harmless and poses no risk to individual data.
However, if a breach is high-risk, then the company must also inform individuals who are impacted right away.
This will hopefully prevent cover-ups like Yahoo that were not revealed until the acquisition.
You May Need to Appoint a Data Protection Officer
If you are a public company or process large amounts of personal information, then you must appoint a data protection officer.
This is not required for small businesses. Consult an attorney if you are in doubt.
Plain English Summary of What’s Required
To put it in plain English, the GDPR ensures that businesses can’t spam people by sending them emails they didn’t ask for. Businesses also can’t sell people’s data without their explicit consent.
Businesses have to delete users’ accounts and unsubscribe them from email lists when asked. Businesses also have to report data breaches and overall be better about data protection.
Sounds pretty good, at least in theory.
But you are probably wondering what you need to do to make sure that your WordPress site is GDPR-compliant.
Well, that really depends on your specific website (more on this later).
Let us start by answering the biggest question that we’ve gotten from users:
Is WordPress GDPR Compliant?
Yes, the WordPress core software has been GDPR-compliant since WordPress 4.9.6, which was released on May 17, 2018. Several GDPR enhancements were added to achieve this.
It’s important to note that when we talk about WordPress, we are talking about self-hosted WordPress.org. This is different from WordPress.com, and you can learn the difference in our guide on WordPress.com vs. WordPress.org.
Having said that, due to the dynamic nature of websites, no single platform, plugin, or solution can offer 100% GDPR compliance. The GDPR compliance process will vary based on the type of website you have, what data you store, and how you process data on your site.
Ok, so you might be thinking, what does this mean in plain English?
Well, by default, WordPress comes with the following GDPR enhancement tools:
Comments Consent Checkbox
Before May 2018, WordPress would store the commenter’s name, email, and website as a cookie on the user’s browser by default. This made it easier for users to leave comments on their favorite blogs because those fields were pre-filled.
Due to the GDPR’s consent requirement, WordPress has added a consent checkbox to the comment form.
The user can leave a comment without checking this box. However, they will have to manually enter their name, email, and website every time they do so.
Tip: Make sure that you are logged out when testing to see if the checkbox is there.
If the checkbox is still not showing, then your theme is likely overriding the default WordPress comment form. Here’s a step-by-step guide on how to add a GDPR comment privacy checkbox in your WordPress theme.
Personal Data Export and Erase Features
WordPress offers site owners the tools they need to comply with the GDPR’s data handling requirements and honor users’ requests for exporting personal data as well as removal of users’ personal data.
The data handling features can be found under the Tools menu inside WordPress admin. From here, you can go to Export Personal Data or Erase Personal Data.
Privacy Policy Generator
WordPress comes with a built-in privacy policy generator. It has a pre-made privacy policy template and offers you guidance on what else to add. This helps you be more transparent with users in terms of what data you store and how you handle their data.
You can learn more in our guide on how to create a privacy policy in WordPress.
These three features are enough to make a default WordPress blog GDPR-compliant. However, your website will likely have additional areas that will also need to be in compliance.
Additional Areas on Your Website to Check for GDPR Compliance
As a website owner, you might be using various WordPress plugins that store or process data, and these can affect your GDPR compliance. Common examples include:
Depending on which WordPress plugins you are using on your website, you will need to act accordingly to make sure that your website is GDPR compliant.
A lot of the best WordPress plugins have added GDPR enhancement features. Let’s take a look at some of the common areas that you will need to address.
Google Analytics
Like most website owners, you are likely using Google Analytics to get website stats. This means that you might be collecting or tracking personal data like IP addresses, user IDs, cookies, and other data for behavior profiling.
To be GDPR compliant, you need to do one of the following:
- Anonymize the data before storage and processing begins.
- Add an overlay that gives notice of cookies and asks users for consent prior to tracking.
Both of these are fairly difficult to do if you are just pasting Google Analytics code manually on your site. However, if you are using MonsterInsights, the most popular Google Analytics plugin for WordPress, then you are in luck.
They have released an EU compliance addon that helps automate the above process.
MonsterInsights also has a very good blog post talking about about the GDPR and Google Analytics. This is a must-read if you are using Google Analytics on your site.
Contact Forms
If you are using a contact form in WordPress, then you may need to add extra transparency measures. This is especially true if you are storing the form entries or using the data for marketing purposes.
Here are some things to consider when making your WordPress forms GDPR-compliant:
- Get explicit consent from users to store their information.
- Get explicit consent from users if you are planning to use their data for marketing purposes, such as adding them to your email list.
- Disable cookies, user-agent, and IP tracking for forms.
- Comply with data deletion requests.
- If you are using a SaaS form solution, make sure you have a data processing agreement with your form providers.
The good news is that you don’t need to organize a data processing agreement if you are using a WordPress plugin like WPForms, Gravity Forms, or Ninja Forms.
These plugins store your form entries in your WordPress database, so to stay GDPR compliant, you just need to add a consent checkbox with a clear explanation.
WPForms, the contact form plugin we use on WPBeginner, has several GDPR enhancements to make it easy for you to add a GDPR consent field, disable user cookies, disable user IP collection, and disable entries with a single click.
You can see our step-by-step guide on how to create GDPR-compliant forms in WordPress.
Email Marketing Opt-in Forms
Similar to contact forms, if you have any email marketing opt-in forms like popups, floating bars, inline forms, and others, then you need to make sure that you get explicit consent from users before adding them to your list.
This can be done by either:
- Add a checkbox that the user has to click before opt-in.
- Simply require double-optin to your email list.
Top lead-generation solutions like OptinMonster have added GDPR consent checkboxes and other necessary features to help you make your email opt-in forms compliant.
You can read more about GDPR strategies for marketers on the OptinMonster blog.
eCommerce and WooCommerce Stores
If you are using WooCommerce, the most popular eCommerce plugin for WordPress, then you need to make sure your website is in compliance with the GDPR.
Luckily, the MonsterInsights team has prepared an in-depth guide on how to make a WooCommerce store GDPR compliant.
Retargeting Ads
If your website is running retargeting pixels or retargeting ads, then you will need to get the user’s consent.
You can do this by using a plugin like Cookie Notice. You can find detailed instructions in our guide on how to add a cookies popup in WordPress for GDPR/CCPA.
Google Fonts
Google Fonts are a great way to customize the typography on your WordPress website.
However, Google Fonts has been found to violate GDPR regulations. That’s because Google logs your visitor’s IP address each time a font is loaded.
Luckily, there are a few ways to handle this so your website is GDPR-compliant. For example, you can load your fonts locally, replace Google Fonts with another option, or disable them.
You can learn how in our guide on how to make Google Fonts privacy-friendly.
Best WordPress Plugins for GDPR Compliance
There are several WordPress plugins that can help you automate some parts of GDPR compliance.
However, no plugin can offer 100% compliance due to the dynamic nature of websites.
Beware of any WordPress plugin that claims to offer 100% GDPR compliance. They likely don’t know what they are talking about, and it’s best for you to avoid them completely.
Below is our list of recommended plugins for GDPR compliance:
- If you use Google Analytics, then we recommend you use MonsterInsights and enable their EU compliance addon.
- WPForms is the most user-friendly WordPress contact form plugin and offers GDPR fields and other features.
- Cookie Notice is a popular free plugin for adding an EU cookie notice, and it integrates well with top plugins like MonsterInsights and others.
- GDPR Cookie Consent lets you create an alert bar on your site so the user can decide whether to accept or reject cookies and covers CCPA as well as GDPR.
- WP Frontend Delete Account is a free plugin that allows users to automatically delete their profile on your site.
- OptinMonster is advanced lead generation software that offers clever targeting features to boost conversions while being GDPR compliant.
- PushEngage lets you send targeted push messages to visitors after they leave your site and is fully GDPR compliant.
- Smash Balloon gives you a GDPR-compliant way to embed live feeds and show posts from Facebook, Twitter, Instagram, YouTube, TripAdvisor, and more.
- Novashare provides a way to let users share your content on social media without collecting their personal data or placing cookies.
You will find more options in our expert pick of the best WordPress GDPR plugins to improve compliance.
We will continue to monitor the plugin ecosystem to see if any other WordPress plugin stands out and offers substantial GDPR compliance features.
Final Thoughts
The GDPR has been in effect since May 2018.
Perhaps you have had your WordPress website for a while and have been working towards GDPR compliance. Or you may be just starting out with a new website.
Either way, there is no need for panic. Just continue to work towards compliance and get it done ASAP.
You may be concerned about the large fines. Remember that the risk of being fined is minimal. The European Union’s website states that first, you’ll get a warning, then a reprimand, and fines are the last step if you fail to comply and knowingly ignore the law.
Remember that the EU is not out to get you. They are doing this to protect user data and restore people’s trust in online businesses.
As the world goes digital, we need these standards. With the recent data breaches of large companies, it’s important that these standards are adapted globally.
It will be good for all involved. These new rules will help boost consumer confidence and, in turn, help grow your business.
We hope this tutorial helped you learn how to become GDPR-compliant on your WordPress blog. You might also like to see our expert guides on how to make your website GDPR-compliant.
Expert Guides on Making Your WordPress Site GDPR-Compliant
- How to Add a GDPR Comment Privacy Opt-in Checkbox in WordPress
- How to Add a Cookies Popup in WordPress for GDPR/CCPA
- How to Know if Your WordPress Website Uses Cookies
- How to Create GDPR-Compliant Forms in WordPress
- How to Make Google Fonts Privacy-Friendly
- How to Disable Google Fonts on Your WordPress Website
- How to Add a Privacy Policy in WordPress
If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.
Legal Disclaimer
We are not lawyers, and nothing on this website should be considered legal advice. Due to the dynamic nature of websites, no single plugin or platform can offer 100% legal compliance.
When in doubt, it’s best to consult a specialist internet law attorney to determine if you are in compliance with all applicable laws for your jurisdictions and your use cases.
Additional Resources
- GDPR Hysteria Part I and Part II by Jacques Mattheij
- Data Protection Infographic by the European Commission
- Principles of the GDPR by the European Commission
- GDPR and MonsterInsights – everything you need to know about Google Analytics GDPR compliance
- GDPR Enhancement Features for WPForms – everything you need to know about GDPR compliance for your WordPress forms
- WooCommerce and the GDPR – everything you need to know about GDPR compliance for your online store
- OptinMonster and the GDPR – everything you need to know about GDPR compliance and email marketing opt-in forms
If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.
Olaf
GDPR is truly a complex topic, sometimes so intricate that for corporate websites, it’s really better to hire a professional or a lawyer for it. It’s great that you address such a complicated and extensive topic. Although I’ve taken several courses to gain the knowledge to build a GDPR-friendly website, there’s always some new information I’m happy to learn.
Chris
I never paid attention to those tabs under the tools tab in Admin until now. The privacy policy page that WordPress provides seems enough for any website I might run in the future. Is the GDPR only applicable to websites domicile in the EU, or does it apply to websites that have visitors from the EU?
WPBeginner Support
It would affect your site if you have visitors from the EU
Admin
Jiří Vaněk
GDPR applies to all users who are citizens and permanent residents of countries within the European Union. This means that if there’s a possibility such users might visit your site, it should be GDPR-compliant and provide the same safeguards. For example, your website should have a cookie consent banner allowing users to refuse cookies, and email address collection should use double opt-in verification, among other measures.
Whether legal enforcement would occur if you are a citizen of a non-EU country is questionable and likely complicated. Personally, I would focus on ensuring compliance for sites primarily targeting EU citizens. For a personal blog of someone living in the USA, GDPR might not be as critical since it is the user’s choice to visit such sites. However, it’s an interesting but complex issue. Nonetheless, it never hurts to comply with GDPR rules.
Mrteesurez
Also, I can see maybe that’s why WordPress itself comes with a basic privacy policy generator with some suggested text.
I just discovered it not so long.
But is that basic content sufficient ?? because sometimes I used the basic WP generated policy contents for new blogs.
WPBeginner Support
You would want to edit the content in the privacy policy to suit your needs and if you are concerned then you would want to check with a legal professional.
Admin
Mrteesurez
OK, maybe when the blog grows and gaining more traction, then, I can seek out to legal professional for a standard and official policy.
Thanks.
Mrteesurez
Honestly, most of the bloggers and online marketer who just want to make money online don’t usually take this serious.
I could remember how much fine I heard in the press that Google have paid and some other businesses that use tracking software.
My question is, Is this only applicable for if I have visitors from EU ??
Also, you talk of ‘checkbox’.
In WPbeginner, checkbox is not showing, I manually need to re-enter names and email every time I want to comment. Can you fix this ?? or is there any reason no to do this ??
WPBeginner Support
It is applicable to more than the EU, we give an example with California in the article above.
We do not have the consent checkbox at the moment, our theme style overrides the checkbox. We do not save your information in the browser for the time being.
Admin
Mrteesurez
Ok, I understand but you can try to implement it for easy participation in the community.
It can be autofilled or save it in browser but give disclaimer or include it in your privacy policy.
Jiří Vaněk
I hadn’t paid much attention to this topic before, but practice eventually showed me that it’s indeed much better to have everything in order on the website, especially when it comes to laws. Living in an EU country, GDPR is now a top priority for me. Guides like these are great because there’s always something one might overlook.
WPBeginner Support
Glad you found our guide helpful
Admin
Moinuddin Waheed
Thankfully I am not from any of the European country which means GDPR rule will not apply to my website. But data protection has been a prime topic for every country not that for European countries only. we have similar data protection bill in our country as well. it is infact good to see that there is enhanced awareness in terms of data and content online.
thanks for detailing every bit of GDPR for us
WPBeginner Support
You’re welcome
Admin
Ralph
Good to find such a detailed guide that not only explains what to do, but also how and why it is important.
I see GDPR as a plus for user as he can have some impact on his data, but we have to have more and more annoying popups on websites. Cookies, ads, newsletters, GDPR… In 5 or 10 years we will spend more time closing this than reading websites. I wish governments can come up with new 1 idea, that will replace all of that.
Geethu
Thank you for the detailed explanation. It cleared some of the queries I had especially if GDPR applied to websites outside the EU and what to keep in mind while making them GDPR complaint.
WPBeginner Support
You’re welcome, glad we could clear up some confusion!
Admin
Ram E.
Thanks for listing the two cookie notice plugins (Cookie Notice and GDPR Cookie Consent)! I’ve been meaning to find and install one on my blog. This compliance stuff is one of the reasons why I haven’t opened my blog for user registrations yet, and it’s going to be more complicated if more and more countries require it. Personally, I think this is not a big deal though if an EU country or California is not one of your top 10 locations by sessions.
WPBeginner Support
You’re welcome, glad our recommendations were helpful
Admin
John Fernandez
Thanks for the article! This guide will help me manage my wordpress site better.
WPBeginner Support
Glad our guide was helpful
Admin
Ahmed Omar
Thank you for the detailed post.
I have concern about GDPR , what if the visitor did not accept the terms, would he still be able to browse my site or register
Thank you
WPBeginner Support
Unless you set it up to prevent access, the users should still be able to browse your site. For registration you can have a required checkbox to prevent registrations.
Admin
Mikolaj
Thanks for the article! It’s good to know that WP tracks the development of the situation on an ongoing basis
Charles Anderson
Great post, helpful WordPress and GDPR guide ness. keep posting more articles.
WPBeginner Support
Thank you, glad you liked our article
Admin
Chris H
A kind of good post. All SMEs and large business should be GDPR compliant. GDPR Awareness must be given to the staffs.
WPBeginner Support
Glad you liked our content
Admin
Shashank
Nice Blog. Thank you for the article about GDPR. Much needed for me
Gavin
I am still a little confused with all this. Some say as long as you get consent and use something like a cookie/privacy popup to alert users and get consent etc its fine. But surely once someone has visited your site the cookies have already been placed in their browser so in this case should all cookies etc not be used until the users agrees? If this is the case how do we achieve this?
Konrad
Some cookies are just required to load the page.
Users consent to the use of 3rd party and non-essential cookies.
Trond
Hi,
I would just like to add that the Cookie Notice for GDPR plugin states it’s “100% GDPR compliant”. See “features include” at their plugin page.
You say that “Beware of any WordPress plugin that claims to offer 100% GDPR compliance. They likely don’t know what they’re talking about, and it’s best for you to avoid them completely.”
So, how can Cookie Notice be recommended by you?
WPBeginner Support
Hi Trond,
Cookie Notice is a useful plugin, however the plugin alone cannot make your website 100% GDPR compliant.
Admin
Rick OD
how could a law in the European Union hold any water in the USA and how on earth could they fine you or force you to make changes to your website here in the US if no US law forces GDPA compliance?
Mathukutty P. V.
I have Monsterinsights free version. Can not afford to buy pro now so cant install addon.
I was using Jetpack comment, after reading this post changed to wp default. Thanks.
Mathukutty P. V.
Thanks for the clarification. Mine is a personal blog. Will try to modify privacy policy.
Debbie
Excellent article. Could you clarify something I’d not seen mentioned anywhere else?
According to GDPR Article 83, (this is not a quote, but my own summary) fines, penalties, or other consequences for non-compliance, would be based on your footprint as an organization, the degree to which you collect and process data from Europe, and the severity of the infraction.
You said: “While GDPR has the potential to escalate to those high level of fines, it will start with a warning, then a reprimand, then a suspension of data processing, and if you continue to violate the law, then the large fines will hit.” And then you have an infographic with this info.
That’s a very specific progression. Can you point to an official notification or article somewhere where this is stated? Specifically, that an infraction would start with a warning, etc. And let’s just assume we’re talking about the average or smaller site and not Facebook. Thanks!
Abin
Seems it is the lengthy process to correct all the checks against each clause, do we have any plugin available to do correction across the WordPress blog?
Prithvi Raj
This is impossible to enforce.
Who is going to go around and check if every single site is following this?
What are newbie website owners going to do?
It is hard enough to create a website and get a few people to come and read, and now you also have to deal with rubbish like this?
To put it in plain English, the EU intended that big giants like Google and FB don’t screw with data.
This law is not for the average Joe. There are hundreds of laws ordinary people break everyday by visiting simple websites, and doing simple thing online. Nobody can enforce laws like GDPR on small business owners.
If you’re getting big, you definitely need to comply, it also makes sense, if you’re bigger, you have more resources.
Prithvi
I doubt if this GDPR can be enforced for small businesses, does the EU plan on going after every single small website?
I’m not based in the EU, this regulation does not apply to me, at least not at this level (I’m a small business).
Even if it does apply, I can’t make any changes for every single regulation that comes about in different countries.
I’d like to see how this plays out over the years, it is primarily meant for giants, not for ordinary people.
Jeanne
Thanks for the article! I am glad to know the WP is all over this topic.
Geoff
The Ginger plugin works, it is simple to use and will block 3rd party cookies if the user wishes to not accept cookies but still see the website in question.
Christophe Huget
Hello, I use Iubenda to manage my Privacy Policy, the page is not physically on our website, it’s hosted on Iubenda.com. There’s no option to add a link to an external link.
owolabi Thankgod
I was sent a message by google that I should log into my adsense account and accept their new privacy policy and I have done that
Is this same as GDPR because I am getting increasingly confused after reading this article
Please what am I to do to make my wordpress site GDPR complaint because as for me, i have not done anything whatsoever.
Guust
The article says there are fines for companies, so what if my business is not carried on by a company?
And what about hobby websites and blogs, as in non-business websites?
Either the article is not complete or misleading?
Can you clarify?
Thanks
Nanette Irvine
Thank you for your informative article. I have a question in regard to a blog I write. I have a self hosted Wordpress site with a Divi theme. It is not a business, no marketing, no advertising – purely sharing a personal journey. I do offer people the opportunity to receive a notice when the next post is up. Their name and email address is stored in Aweber. Do I have to have Privacy notice etc for GDPR compliance?
Mamun
Very informative article. Really I was confused about the term GDPR. Now it’s clear to me…Thanks buddy
Bill
I disagree with assuming the EU can dictate to a business without a physical location in an EU country. This is a sovereignty issue most US citizens would have issue with like the tea tax which basically started the American colonies fight for independence. The EU cannot globally criminalize an action they do not like and penalize a US citizen, or other citizen outside their umbrella of power, based on such action. To say they can is the height of socialist arrogance.
Nor does the EU have dominion over the internet. If they do not like the way the rest of the world does business they are free to lock their coddled citizens in a make believe world much like the Chinese do.
JC
True indeed but then there is DMCA which is an American law designed to protect copyright that people also follow regardless of soveriegnty. And Americans seem not to fight paying tax abroad even when their physical location and employment does not fall under American jurisdiction.
Geoff
Of course the EU can criminalise certain actions globally.
Currently – The sale of illicit goods to the EU can be made illegal and any EU police force make arrests for certain actions carried out by people entering the EU.
The point is, this is a step towards protecting the data of anyone residing within the EU (even non-EU nationals). If a US based organisation releases data that is personal to me for their own gain or because they did not protect it properly – they should be penalised.
Nathan
Yes! I thought I was the only one who’s thinking this way. Is there a legal precedent for something like this? A citizen from the EU visits my site and all of the sudden they have the right to legislate what I can and can’t do? I think everyone is jumping on the GDPR train because it means more work (i.e. more money) for developers. Is anyone else willing to just say that the emperor doesn’t have any clothes?
Tony Tremblay
I don’t think they will go after anyone outside the Euro zone. What they could do howerver is force Google to integrate them in the search engine ranking factors. This way, every website could be affected…
John
Can we choose to block business in Europe? There’d be ZERO reason for me to even come up over there… I don’t even want their money!
Magrt
Sadly that’s more problems for you.
Apparently EU has a rule, that will take effect this year that prohibits geoblocking. Am not a lawyer but basically that rule will prevent you from blocking out EU members from your site and attract fines .
Bill
Yes John, you most certainly can block all EU based traffic and forget the whole mess.
Latunde
Thank you for sharing this awesome information
GeeLew Grinds Carpentier
GDPR understanding is real right now
Amanda
Hi, thank you all, Editorial Staff, SO much for this wonderful and helpful article, with all the helpful links and resources!! And I am so grateful to see a mostly positive and thankful response from our fantastic community of bloggers. I am so proud to be a part of this. And I really love your respectful treatment of the “spirit of this law.”
Joe
This was fantastic! I only wish it included AdSense, as a lot of site owners use that, too.
nancie
Thank you! Was looking for something simple like this for weeks…
Amar Ilindra
Thanks for the detailed guide.
But I feel you missed Google Adsense part.
For EU users, we need to get consent for personalized/non-personalized ads.
It would be really helpful for people if you update the article with the changes we need to make with Adsense.
WPBeginner Support
Hi Amar,
AdSense has issues GDPR related guidelines for publishers. Basically, you will need to disclose your ads in the privacy policy and cookie usage. You will need to show a cookie popup to get user consent.
Admin
Mike
What if a person’s business is only local to Western Canada
Geoff
If that business interacts with a person residing within the EU – then yes they do.
Lawrence Elliott
What about using the Facebook Comments plugin? Is that in compliance? If not, how can we make it so?
WPBeginner Support
Hi Lawrence,
All Facebook embeds set cookies and track users across the web, you will need to disclose this information and get explicit user consent for those cookies.
Admin
Una
Thank you so much for this very useful article.
Editorial Staff
Glad you found it helpful
Admin
Dawn Daniel
Very good Article Thank you sharing this informative article. easy to understand
balu
I don’t use Google Analytics plugin in wordpress. But I placed Google Analytics code in header file of Wordpress Theme. What can I do for this problem.
WPBeginner Support
Hey Balu,
You will still need to comply with the GDPR by manually adjusting settings.
Admin
Clare
This WAS plain English. Thank you.
Editorial Staff
You’re welcome
Admin
David Lightfoot
Well that’s just brilliant. In order to eliminate spam, they have now set it up so every website, that I have ever sent my email to, anywhere in the world is going to email me some kind of spam about their “new privacy rules”. Idiots.
C.J. Haynie
Thank you so much for putting this together! It’s been a big help. I just run a personal blog but have managed to change a few of my plugins to be more compliant. I need to look at monster insights about their free version of their addon, but I think for the most part I should be fine.
Cheers to you all! Take care of yourselves.
Suzanne
“If your website has visitors from European Union countries, then this law applies to you.”
Correction, “If your website has visitors from European Union countries, then this law applies to THEM.”
This article makes no reference to which countries have treaties with the EU that would allow the EU to usurp their sovereignty to enforce, prosecute, and fine people within them, for having the “wrong check boxes” in their contact forms.
The EU doesn’t get to swallow the earth like some amoeba. I am neither a citizen, serf, nor resident of the EU. My websites are all hosted in non-EU countries. If you can show me the list of countries that have signed on to a treaty to allow the EU to prosecute people for non-GDPR-approved check boxes within their borders, I’ll consider choosing or updating my own plugins/contact forms, thank you very much, or updating my .htaccess to block all EU IP addresses from visiting.
And that’s how it’s played.
Jean Jeudi
Good to know that your site can do without visitor from Europe. I reckon your are not providing important services or goods. Maybe you should read a bit more what the EU requires from companies tar getting European customers. Most of the topics are common sense e.g not to share information you receive with third parties without a previous approval. Similar laws exist ever since for sharing photos showing third parties in social media.
I know that I am already a transparent person thanks to google and friends but at least I want to have the right to check what they have collected on me and to stop distribution of this information
Geoff
I’m afraid the EU does… if you want to play fast and loose with personal data, feel you have a right to send me crap emails me if I didn’t sign up, store information about me with permission, release information about me to 3rd parties (intentionally or not)… then you shouldn’t have a website.
Chris Bukoski
This post seems relevant for wordpress.org (as mentioned). What about wordpress.com sites?
Thanks!
Jonathan Soto Gregg
This is important information. Thanks for sharing. Can i share this in my blog?
Editorial Staff
Hi Jonathan, we don’t allow folks to copy our entire articles. However if you want to link to our article from your own original content blog post, then absolutely
Admin