WordPress Makes Privacy a Priority (and Makes it Easy for You, Too)

With all the GDPR hubbub over the past several months, I’ve kind of got privacy on the brain. (Not the kind of privacy you crave when it comes to going to the bathroom without having a kid or a cat barge in on you, but you get my drift.)

WordPress Makes Privacy a Priority

If you’re not particularly web-tech savvy (and really, even if you are) so much of what happens on a website, when it comes to data collection, is kind of a mystery, shrouded in code and behind-the-scenes scripts. It’s hard to know what exactly is happening – or even if anything is happening – in terms of information gathering.

This makes it tough to be upfront about the personal data your site may be saving about your visitors if you don’t even really know yourself.

This is especially true if you’ve been working with a web developer who does all the heavy technical lifting for you, and you’re even further removed from that aspect of your website.

(And I’m writing this from the honest perspective of a web developer who probably has dozens of clients whom I’ve built sites for that are in this exact boat. When I build a site, it’s my job to work out the technical hows and whats and provide a solution that solves my clients’ problems. For example, my client isn’t supposed to have to know that I chose to use the Quickshare plugin on their site for sharing their blog posts as opposed to one of the bigger name plugins precisely because it doesn’t do as much tracking and data gathering on their visitors and is quite a lot more streamlined and efficient and won’t slow their site down. They’re only supposed to know that they have a nifty little feature that lets people easily share their blog posts on social media.)

WordPress, in all it’s weird, wonderful, extensibility, can have so many plugins and add-ons that do their own little thing either right on your website or by integrating a whole other website service, that it might feel overwhelming to try and corral all of that information gathering into a privacy policy that makes sense.

Don’t throw in the towel just yet.

WordPress, a few weeks ago, put out what they’re calling a Privacy and Maintenance Release which is a minor update that adds some nifty little tools and resources directly into your WordPress dashboard to help you be in compliance with GDPR and in general be more privacy conscious.

I wanted to talk about this update – version 4.9.6 – briefly, since it’s always good to know your website and what it’s doing to help you and your business. (WordPress is always looking out for you that way which is kind of awesome.)

Let’s start with your Privacy Policy.

If you don’t have one, get one.

If you’ve got one, go read it again (or quite possibly for the first time). It likely needs to be updated.

A privacy policy that you link to wherever you’re collecting data (e.g., optin forms or contact forms) is going to be one of the easier, more straightforward aspects of GDPR to comply with.

But how to go about creating or updating your Privacy Policy, you might wonder?

This is where WordPress has got your back.

With this latest release, they’ve added a Privacy Policy Guide right there in your admin site.

In your WordPress dashboard under SETTINGS on the left hand sidebar, you’ve now got a new Privacy option that lets you either designate an existing privacy policy page or create a new one.

WordPress Privacy Settings

If you choose the CREATE A NEW PAGE option, WordPress very helpfully generates some boilerplate content for a privacy policy and gives you guidelines about what to include in each section.

But wait…there’s more!

The really nifty thing about how they’ve implemented this Privacy Policy Guide, however, is that the plugins you use can now add their own language, right in that guide, that talks about how they’re specifically gathering data.

And you can easily copy and paste that language into your own privacy policy page.

So cool!

Note: I imagine this will take a while for plugin authors to fully roll out – right now, I’m only seeing a few plugins on my own site and on my clients’ sites that use it, but I think this is a brilliant feature and is going to make your life a lot easier as you wade into murky privacy policy waters.

Personal Data Export and Erasure

Another major point of GDPR was that it intended to give people more control over their personal information – being able to more easily update it and request that it be deleted it all together from a given site.

(I honestly haven’t quite wrapped my head around the practical purposes of this yet. As I mentioned before, I think the intent of this is aimed more at sites like Facebook or other websites where you might be creating accounts to use their web services and have a need to completely obliterate those accounts for some reason, but regardless…)

Your WordPress website has now made that so much easier. They’ve added two tools that if someone does happen to make a request of you, you can easily export their data and send it to them, and if they want, you can completely scrub it from your site.

You’ll find both of these new options – to Export and Erase Personal Data – in your dashboard under the TOOLS menu.

WordPress Export or Erase Personal Data

I tested it out just to see what it looks like and how it functions.

If someone emails you a request to find out what data you store about them…

You go into TOOLS / EXPORT PERSONAL DATA and then enter their email address. Your website will then…

  1. Verify that their request is legitimate by generating an automated email to that individual indicating they then have to confirm that they made the request.
  2. Once they’ve confirmed, you then generate another automated email to them containing a file they can download with any personal data your website may have collected about them.

The process seems to work exactly the same way if the request is to delete their data.

You go to TOOLS / ERASE PERSONAL DATA, enter their email address, get verification, and then proceed with deleting them.

This is probably most applicable if you’re running a membership, eCommerce, or Learning Management site using WordPress. I don’t see a ton of practical purpose for this if you’re simply blogging.

If you get a request like this, keep in mind that along with your website, you need to check your email marketing service, too (and any other 3rd party service you might have integrated into your website that collects data).

So, long story short here…

WordPress is cool and is looking out for you when it comes to this whole GDPR and privacy movement. They’re on board, and they’re doing things to make it easy for you to be on board, too.

Embrace it instead of railing against it (and the extra work it’s likely causing you right now).