Big Updates: WordPress, WPMU DEV, and the GDPR
The next version of WordPress drops today, version 4.9.6, and it is all about data privacy and getting ready for the EU’s General Data Protection Regulation (GDPR).
You’ve probably been inundated with notifications about updated privacy policies and information on the GDPR the last few weeks and months, which actually went into effect back in April of 2016. But come May 25, 2018, the law becomes enforceable – bringing with it a bevy of potential fines and sanctions for non-compliance.
The changes and additions to WordPress core are described by Jonathan Desrosiers (a core contributor) as “the first round of tools that help WordPress site owners and admins meet the new requirements of user privacy regulations.” We can infer from this that this is only the beginning, that there will be additional tools and changes in the releases to come for privacy features.
Here is an overview of the big features that you are most likely to notice:
Export Personal Data
There are two new menu items added under the Tools section in WordPress too. The first is Export Personal Data which provides a way for logged in users to request an export file of the personal data that WordPress stores on them. A user enters his/her email address, a site admin must approve, and then an email is automatically sent with a .zip file that includes an html file of the exported information.
Here’s an example of what that export file looked like for me on a test install.
Erase Personal Data
The second menu item added under the Tools section is Erase Personal Data. Similar to the exporting feature in how it works, this creates a request that once approved by a site administrator will delete or anonymize all user personal data.
Comment Consent Box
With this update, a new ‘consent’ statement will automatically be added above the submit comment button for logged out users which asks commenters if they want to, “Save my name, email, and website in this browser for the next time I comment.
On this blog, we require commenters to be logged in, so this doesn’t apply. This segways us nicely too…
The GDPR and WPMU DEV
We’ve been hearing from our members for nearly a year about concerns and anxiety some have when it comes to being ready for the law. Given the frequent questions we receive, there are a few points that I want to get out of the way:
- Nothing in the GDPR has really changed our processes or practices – we’ve been privacy conscious and pro-active when it comes to security and data protection from the beginning. For us, the GDPR has provided us with a useful reminder to be more transparent in these practices, and provide better documentation and opt-ins for our visitors and members.
- Nothing in the GDPR requires that visitors or customers in the EU not be hosted outside of or have data leave the EU. Full stop. Hosting EU customer’s data in other countries, including the US, is perfectly fine, as long as the GDPR is followed.
- There are specific legal reasons why businesses can continue to store certain types of personal data even if an individual has requested that all data be deleted. More on that here.
We worked hard to list out all of the different ways that individuals interact with our services and what we do with any data that is shared. The end goal here was to be transparent and easy to read with less legalese and more detailed examples.
Data Processing Addendum (DPA)
New Plugin Privacy And Security Documentation
Check out the new ‘Privacy’ section of our documentation area here.
If you have any questions about the GDPR and your site, drop us a line. We’re here to help.