How To Make Your Website GDPR Compliant

By gbolade on Thursday, July 19th, 2018 in General. No Comments

The European Union (EU) on May 25, 2018, enacted a new regulation (GDPR) whose aim is to protect the data and information of different website users. The European continent had been looking for the solution to threats on cybersecurity and felt that a radical approach as to how information is managed is the panacea for the increasing wave of such threats.

The General Data Protection Regulation (GDPR) is a regulation that allows users to have complete control over their data. WordPress is taking a whole new dimension in 2018, and as a site administrator, you have to make sure that your site doesn’t flout these rules.

This article highlights the changes you can effect on your site to make it GDPR compliant. Let’s go.


What is GDPR?

As a site administrator, you have to tell users why you need their information. The GDPR is designed to provide better protection of personal data – or Personally Identifiable Information (PII) – to people living in the European Union. The GDPR imposes specific obligations on “controllers” or “processors” of personal data. Failure to meet these obligations can lead to major fines of up to €20m.

The European Union passed this regulation to affect everyone on the continent. However, this regulation has ripple effects on the rest of the world. Regardless of your location, as long as you collect information from someone in the borders of the EU, you are subject to this law. This is because you have information owned by the EU resident.

Here’s what you’ll be responsible for to ensure you are GDPR compliant:

  • Tell the user: who you are, why you need their data, how long you are keeping the data and who has access to it.
  • Get clear consent, before collecting the data.
  • You must give users the ability to see their own data, download and delete permanently from your archives.
  • In the event of a security breach, you let your users know about it.


GDPR and the WordPress Community

As plugin developers and site administrators, we are responsible for managing our sites well so users can manage their data. 30% of the internet runs on WordPress, therefore we need to do a lot. WordPress is a Content Management System that enables a massive flow of information between our sites and users. For WordPress admins, there is a website called GDPRWP that has been set up to provide plugin developers with a simple solution to ‘GDPR-validate’ their plugins.

For administrators, they also provide tools and overview to handle administrative duties as regards GDPR. You also get the chance to get into a Slack community that provides help and support to plugin developers and website administrators. Check out their website here.


What You Need To Do


Contact forms must explain a lot

Almost all websites have contact forms. This is the simplest way for visitors to contact you directly. For your forms to be GDPR compliant, you must state why you are asking for any information. Let’s say for example when the user is adding an email address or phone number, a pop-up that says, “This is how you will be contacted.” should come up. It helps to clarify your use of their information.

Another thing you need to add to your form is having a checkbox for users to confirm that they accept the terms of service for using your website and how they agree to be contacted. This is called UNBUNDLED OPT-IN. If you wish to send further marketing communications to the customer you must have different checkbox options for each type of marketing, whether it be by email, text or post.

This boxes must be UNTICKED by default, so they have the option of choosing what they want. This is what is called a Granular Opt-In and is a key requirement of being GDPR compliant. For excellent user experience, the user of a website must know that they have the right to withdraw their consent as easily as they give it.


Ask for the bare minimum of information

A good rule of thumb is to ask for as little information as possible from your users. A lot of websites, forms, and plugins ask for a lot of information that is not really needed. Ask for the basics as GDPR states that you must be able to explain why you need a particular piece of information. If you are asking for their full names, tell them why.

GDPR has made asking information for “future use” or “just in case” not advisable, therefore the information you ask must be as explicit as possible.


Email marketing should be monitored

One of the major aims of GDPR is to ensure users or customers do not receive unsolicited emails, whether from companies they know or do not know. If customers decide to ignore these emails, they will be automatically unsubscribed. This has been welcomed by many who receive unsolicited emails from websites and their partners.

The regulation also ensures that website owners must only send out marketing material and information to users that have officially opted-in and make it easy to unsubscribe.


Be careful of the information you store on your website

For e-commerce websites that use payment gateways for financial transactions, being GDPR compliant is a must. This is because you may be collecting personal data before passing the details to the payment gateway. You need to modify your web processes to remove any personal information after a reasonable number of days, say 60 or 90 days. This is to ensure you can defend the storage of users’ PII if you are found culpable of violating GDPR regulations.



The WordPress community is hard at work helping website owners with GDPR opt-in and compliance. While the regulation is still relatively novel and still laced with some uncertainties, be rest assured that in the coming months, there will be many more options in your favourite plugins or extensions made by third parties.

To make your site compliant with GDPR regulations, make sure you’re transparent with people and follow the aforementioned guides.


Follow @MactavisDigital on Facebook, Twitter, and Instagram to connect with us. We are experts at Web Design and Development, Search Engine Optimization, Mobile App development, and other digital services. Contact us for your inquiries and check out our portfolio to see samples of our previous projects.

Leave a Reply