WPZOOM Themes GDPR Compliance: What You Need to Know

We may be a little late to the party, but we wanted to give you a quick update regarding our themes’ GDPR compliance.

For those of you who haven’t heard before about GDPR (The General Data Protection Regulation), this is a new regulation of the European Union regarding online privacy and data protection, which came in effect a few days ago, on May 25.

In this article we will strictly cover only a few aspects of the GDPR that are relevant to the WPZOOM themes and customers. If you’re looking for general information and recommendations about GDPR & WordPress’ compliance please check the links from the end of the article.

Disclaimer: EU data protection laws, including the GDPR, are complex and we recommend you to consult a legal professional for details on how the GDPR impacts your business. This guide should not be considered legal advice.

Here’s a summary of the information covered in this article:

WPZOOM Themes and GDPR compliance
Steps we’ve taken to make our themes compliant with GDPR
Recommendations to make your website GDPR compliant

Yes!

None of our WordPress themes or plugins collect any kind of personal data, like email, name or IP addresses.

What if I’m using a lot of plugins?

It’s very likely that you have several plugins or analytics services installed on your website, so just because our themes are compliant with the new regulation it doesn’t mean that your website is automatically also compliant.

Below you’ll find some recommendations in order to find out if any plugins might create some GDPR issues and how to fix them.

Together with the release of WordPress 4.9.6, several new tools were introduced in WordPress core in order to help site owners comply with the new regulations:

Privacy Policy page generation
Cookie Opt-in for Comments
User Data Request Handling
User Data Export and Removal tools

We’ve also updated all of our themes to support the new Cookie Opt-in for Comments feature, so make sure your theme is up-to-date if you want to have this feature enabled:

In the following days we’ll complete our Knowledge Base with more information regarding GDPR compliance of different plugins and services that we recommend to our customers.

As we’ve mentioned at the beginning of the article, we’ll cover only GDPR aspects that are relevant to WPZOOM customers, so make sure to visit the links from the end of the article for more information.

1. Create a Privacy Policy page

From the new Settings > Privacy page in WordPress 4.9.6, you can easily create a new Privacy Policy page or select an existing page if you have created it before, so you can view suggestions for sections you can add.

When clicking on the “Guide” link from the Privacy Policy page settings, you will find a text template generated by WordPress which includes general information, but don’t forget that it’s your responsibility to make sure that the final information is accurate and current.

Plugins that collect personal information and were updated to support the new Privacy feature, may also add additional text templates on that page.

Here’s an example of recommended text template generated by Easy Digital Downloads plugin when enabled on a website:

2. Find which Plugins collect personal information

We recommend you to check carefully all the plugins installed on your website and if any of them track or collect personal information from your visitors, make sure to cover all these details in your Privacy Policy page and/or collect consent from users when needed.

If you are not sure about a specific plugin and the information it collects, we recommend you to consult with the plugin author or check the documentation if available. Many popular plugins have also added GDPR-related options recently, so make also sure that you have updated everything before asking for support.

3. Contact Form Plugins

Depending on the plugin you’re using to create a Contact Form on your website, different actions may be needed to make it GDPR compliant.

For example, if the information submitted by users is stored on your website, then you must get explicit consent from them regarding this thing.

Jetpack’s Contact Form is a popular solution that we recommend to our customers when they want to create a Contact Form.

The good part about it is that you can make it GDPR compliant just by adding a required consent checkbox with clear explanation that their submitted data is being collected and stored.

The same technique can be applied to different plugins that you’re using to create forms where you collect personal information from your users.

4. Google Fonts

Google Fonts are a vital part of our themes. Without them it would be hard to give a modern look to our themes as it gives us access to a dozen of fonts for free.

Google Fonts API collects only a very limited set of information from the websites where they are used and this information is used only for serving the font to your site. You can read more about the data Google collects, stores, and uses in connection with Google Fonts here.

Final Thoughts

Even though there are many plugins available to help you to make your WordPress website GDPR compliant, such as WP GDPR Compliance or GDPR, it’s important to understand that no plugin can guarantee 100% GDPR compliance, because every WordPress site is different and has its own reasons for collecting and processing personal data.

Our advice is to locate the personal information that is being collected by each plugin and service active on your website and determine whether this data is so important for you to be stored or not for future usage, in order to prevent any GDPR issues.

You should also take this opportunity to ensure you comply with a previous regulation: the EU’s cookie consent. Jetpack has a feature for this built in. You’ll find details here.

Below is a list with things that you check right now to improve your website’s GDPR compliance, however, if you’re running a business, consider talking to a legal professional as well:

Create a Privacy Policy page and make sure it’s current and accurate.
Include a visible link to your Privacy Policy page on your website (our support team can help you with this).
Add a cookie notice & statement to your site (our website uses this plugin).
Update WordPress, plugins and your current theme to the latest versions.
If you’re running a WooCommerce store make sure to update to WooCommerce 3.4, which enables new GDPR tools.