WordPress has come up with a solution for the new privacy law (GDPR/AVG).

Since May 25, 2018, the new privacy law has been in effect. This means that organizations must comply with a set of requirements from that date onward. The Dutch Data Protection Authority has published a helpful step-by-step guide online to help you prepare.

One important aspect to consider is the privacy-related elements on your website. For example, it is essential to include a clear privacy statement, ensure that you can provide users with their personal data, and obtain their consent to store their information.

WordPress and privacy

The upcoming WordPress update (version 4.9.6) is entirely focused on privacy. This version includes a set of features to help make your website GDPR-compliant. The first test version is currently available, and the final release is expected next week.

For this blog post, I installed the latest test version on my laptop. The final version may differ from this one. Notably, not all new features have been translated into Dutch yet.

Focus op privacy

After installing the new WordPress version, a pop-up appears in the admin panel highlighting the new privacy features.

New is a separate page under Settings, entirely focused on the privacy settings of your WordPress website. You will soon find this page in your website's admin area under Settings > Privacy.

Create a Privacy Policy

New in this update is a dedicated page under Settings, entirely focused on your WordPress website’s privacy settings. You will soon find this page in the admin panel under Settings > Privacy.

When you choose to create a new privacy policy, WordPress automatically generates a comprehensive draft. Currently, this draft is only available in English.

The generated privacy policy covers topics such as comments, media, contact forms, cookies, and analytics. You can read the full English draft below.

Whether and when the text will be available in Dutch is currently unknown. Additionally, it is always advisable to have your privacy policy reviewed by a legal expert. The privacy policy provided by WordPress serves as a starting point and is not a complete policy.

Exporting and Deleting Privacy Data

Everyone will soon have the right to request their personal data. The new version of WordPress simplifies this process. As an administrator, you can generate an export of all personal data associated with a user.

The process is quite straightforward. The administrator enters a username or email address, after which the user receives a confirmation email. Once the user accepts the request, they receive an email with an overview of their data.

In addition to exporting privacy data, the new version of WordPress also offers the option to completely delete personal data. This process works in the same way as the request for data export.

When a user indicates they want to delete their data, all related personal data is automatically erased.

For example, usernames in comments on articles are removed. The comments themselves remain, but only the associated personal data is deleted.

Opt-in for Collecting Personal Data

Finally, this update adds an explicit opt-in to the comment forms on your WordPress website. Visitors now must explicitly give consent for their data to be stored in a temporary cookie.

With this new update, WordPress is focusing on improving privacy. Version 4.9.6 is expected to be released next week, just in time for the upcoming deadline of the new privacy law on May 25, 2018.

Update: May 18, 2018

Version 4.9.6 of WordPress is now available for download and includes a Dutch privacy policy. The text of this policy can be found below.