What to Do About Your WordPress GDPR Compliance
1 - Using Plugins
Although you are not the creator of the plugins used on your site, it's still your responsibility to ensure that the plugins are GDPR compliant.
You have to ensure that every plugin you install on your site has the capability to export, provide, and erase the user data it collects.
If you are a plugin developer, then you may have to include an addendum that users can add to their sites. This will let visitors and customers know how their personal information is collected and used in line with the GDPR rules.
And as the business owner, you will have to deploy data protection policies for the whole company (both offline and online activities).
2 - Notifying Users of Any Breach
If you notice any data breach of your website, you are mandated by GDPR to notify your users within 72 hours. A data breach may have far-reaching implications that can result in a risk for their rights or freedom.
Data processors and controllers are also required under GDPR to notify their users of any data breach within 72 hours of becoming aware.
As a WordPress site owner, you are required to notify all users of your site within the said 72 hours once you notice a data breach. These users comprise regular visitors to your website, your contact form entries, and even those who may have posted comments on your site.
The Wordfence plugin is one of the best tools to monitor web traffic and web server logs as well as help prevent data breaches and secure your site.
3 - Data Processing
Users have the right to know what their data would be used for and the right to request that their data be deleted from your site's storage. Once the user withdraws their consent for their data to be stored, that means every trace of it has to be erased from storage and from the server.
There's also the need to provide users with a copy of their data should any request be made by them.
GDPR is a pretty crazy thing, and I did not know about the fine they can impose. Thanks for covering this and using this as a simple reminder.