WordPress is hoping to have a GDPR compliance solution built into WordPress core in time for launch prior to May 25th when the General Data Protection Regulation goes into effect.
The GDPR tools they are going to provide require a widespread adoption, and therefore having these tools as plugins would not ensure full adoption.
Using hooks and filters in WordPress core, it will be possible for a plugin developers to provide information on where their plugins store personal data. This will allow WordPress core to fetch this data and output it in the WP backend to help WordPress administrators find, send and anonymise data on request from a user of their services in order to comply with GDPR requirements on making user data available to users on request.
They are hoping to have this first integration ready in time for 25th of May 2018 with the next WP release. As I write this, a second release candidate package for 4.9.6 has been released and is now available for testing.
In the meantime here’s what you need to be doing as a website owner to comply
Detect and list cookies in use on website
There are a number of cookie detection services out there but they can be expensive. Some of them you sign up for on a monthly subscription and they will monitor the site for changes in cookies etc, but we have found these can be problematic. For example when using a caching plugin on your site, which it is usually advisable to have one, the crawling of the site returns zero cookies in use until you turn off the cache plugin and test again. So you need to know what you are doing and if you want to keep your cache plugin enabled the cookie crawler may not pick up any changes to cookies, in the same way it didn’t pick them up in the first place.
One option we found that requires some work on your part but does give a list of cookies in used based on a recording of a visitor session(with you acting as the visitor) is a free software offering from Attacat. It’s a google chrome extension and they give instructions on their website as to how to use it https://www.attacat.co.uk/resources/cookies/
Up to date Cookie Policy
Once you have detected what cookies are in use on your site you need to list them in your cookie policy
Install Cookie Consent Plugin
We find WeePie Cookie Allow to be best at the moment as it allows us to present a choice to accept or decline from the time a visitor arrives on the site and it gives the option to reset their choice at any time with a Reset Button. It’s the one we use on wpconsult.ie https://codecanyon.net/item/weepie-cookie-allow-easy-complete-cookie-consent-plugin/10342528
Up to date Privacy policy
This is something that is definitely required under GDPR as you need to explain to users how you store their data, how you will use it and for how long you will hold on to it. Here is article with some privacy policy generators https://digital.com/blog/best-privacy-policy-generators/
We find https://getterms.io/ very good, they have a Basic, Custom and Comprehensive package.
WordPress are saying that they will bring in a tool to the core that can help generate a privacy policy for you based on the functionality of your website. But in the meantime try some of the above.
Install SSL Security Certificate to protect user privacy
In some cases this is something that will be available for free from your webs hosting provider. We use Siteground and it’s available to us. By the way, Siteground are fantastic!
Online Contact Form tick to consent option
This will be required, even for contact/query forms. While I know it should be obvious to anyone filling in a contact form to request a callback that they are giving permission for you to have their information in order to call you back, you will still have to ask for consent. So, create a checkbox in your form that they must tick and it can’t be one that is already ticked in advance.
Install Security Plugin to monitor for potential data breach
You will be required to inform users of a data breach within 72 hours of you being aware of it and you will also have to show that you took reasonable precautions to protect their information, and from a WordPress perspective it means using a security plugin to monitor for possible hacks or breaches.
