Have you ever received emails from Google or YouTube related to legal matters related to the General Data Protection Law for citizens of European Union countries and its new privacy policy, and you did not know what these laws and policies mean and why you are receiving them on your site?
In today’s article, we review for you in a simple and easy way the concept of the GDPR law , which is an abbreviation for the phrase General Data Protection Regulation , and we explain its importance to websites and what geographical areas are affected by this regulation. Is it important for Arab websites or can you ignore it?
In conclusion, we explain how to make your WordPress site compliant with GDPR in simple and easy ways, and we show you a group of WordPress plugins specialized in this matter, which make your site safe from any penalties that may be imposed on it in the event of failure to comply with this law appropriately.
What is the GDPR data protection law?


GDPR is a law issued by the European Union on May 25, 2018. It is an abbreviation of four words: General Data Protection Regulation , which means the General Data Protection Regulation . It is composed of a long regulation that specifies the provisions of the law in detail.
The provisions of this 10-chapter regulation aim primarily to protect the data of European Union citizens, give them full control over their personal data, and not allow companies to obtain any data from these users without their prior and explicit consent.
The issuance of this law caused confusion and a change in the concept of data privacy for organizations. Its impact was not limited to European Union countries only, but also included business owners all over the world. Companies that violate the provisions of this law now face threats to pay large financial fines that may reach up to 20 million. Euros or 4% of the company’s annual revenue, whichever is greater.
This punishment may seem worrying to you, but it is not that bad. The General Data Protection Law (GDPR) does not impose this punishment directly on its hackers, but rather gradually imposes penalties. It begins by warning you if you violate the law, then reprimands you with a harshly worded speech, after which it suspends your data. Temporarily or permanently, and if you continue to ignore all these disciplinary penalties, huge financial fines will be imposed on you to strictly deter you.
The European Union did not impose this law for the purpose of controlling and blackmailing companies, of course, but its primary goal in enacting this law is to protect our rights as consumers or ordinary people and prevent companies from exploiting our personal identifying information (Personal Identifying Information), or what is known for short as PII.
The law protects all our personal data that we enter on the sites of these companies from exploitation, whether sensitive and important data such as (passport information, social security number, driver’s license, financial information, medical records, credit card information, income, race, etc.) or data Non-sensitive ones such as (full name, address, emails, physical address..)
The law also ensures that this data is not violated by giant companies and ensures that matters related to the collection, storage, and use of this data by these companies do not get out of control.
Does GDPR apply to websites outside the European Union?
You may think that your WordPress site is exempt from complying with the provisions of this regulation, especially if you conduct your business activity within the borders of Arab countries, but this is not the case. In fact, this law applies to all businesses around the world (not just in the European Union).
If your website receives visitors from European Union countries, this law applies to you, regardless of your geographical location or the location of your business.
Read more: Learn about the concept of data protection (GDPR) and whether it is necessary for Arabic websites
The most important provisions of the GDPR law
Below are the most important provisions included in the General Data Protection Regulation:
User consent: If you are collecting personal data from a resident of the European Union, you must obtain that person’s explicit consent before obtaining this data. You are not permitted to send e-mail messages to any people who have provided you with their e-mail address through your website if they have not subscribed to your newsletter and have explicitly asked you to send them these messages, and you must agree to their request to unsubscribe from e-mail lists if they ask you. that.
Allow users to obtain or delete their data: You must give users the right to download their personal data saved by you, and you must allow them to delete their data from it themselves or by providing a request to delete their profiles.
Reporting a data breach if it occurs: Organizations must report any breaches that may occur in their data within 72 hours if the breach is harmless and does not pose any risk to users’ data. However, if the breach poses a high risk, then users must be notified. affected immediately.
Appointing data protection officials: If you are a public company or process large amounts of personal information on your website, you are obligated under this law to appoint an employee who specializes in protecting this data and maintaining its security. However, if you are a small company and manage a limited commercial activity In this case, you are not obliged to appoint a specialized employee for this.
Is WordPress GDPR compliant?
Let us agree at the beginning that it is difficult for any software system to guarantee 100% compliance with the Data Protection Law (GDPR) because this process varies from one site to another, and it also depends on the nature of the data that you store on your site, the plugins that you use, and the method of processing the data that you collect. From users of your site.
There are many WordPress add-ons that collect and process users’ personal data, such as shopping and digital store add-ons , subscription and membership add-ons , contact form add-ons , visitor data analysis add-ons , email marketing add-ons , etc. The method of compliance with the GDPR law on a WordPress site depends on the type of each add-on and what You collect data.
Each of these plugins collects various data from visitors and users, so you need to take appropriate measures to ensure that your website is GDPR compliant as best as possible.
The good news is that the WordPress core system is compatible in its design and internal structure with the General Data Protection Law, and it saves you a lot of procedures that you have to do to make your site compatible with the General Data Protection Law. Since version WordPress 4.9.6, the WordPress core development team has added Three important features ensure WordPress compliance with GDPR:
Feature 1: The user agrees to save his data in the comments


The comments form in WordPress includes a check box to obtain the user’s consent to save the comment data that he writes so that WordPress stores the name of the commenter, his email, and his website within a cookie on his browser to facilitate the process of writing comments in the coming times, as these fields are filled out automatically. .
However, if the user leaves the option unchecked, his data will not be saved and he will have to enter his name, email, and location every time he wants to write a comment on an article on the site.
Feature 2: Providing a tool to create a privacy policy page


In order to comply with the GDPR regulation on your WordPress site, you must create a privacy policy page if this site collects any type of personal data from visitors or users of the site, such as their names, mail addresses, phones, credit card numbers, etc.
To make the task easier for you, WordPress has included a built-in privacy policy generator and provided a ready-made template for the privacy policy page, including a set of instructions about the things you should add to this page in order to be more credible with users and explain to them what data you store about them and how you deal with this data. Of course, you must modify this form according to the nature of your site and the data you collect from your visitors.
Read more:
In order for your site to be legal…here is how to create a privacy policy page on your site.
Feature 3: The ability to request data export and erasure of personal data


WordPress also provides website owners with the advantage of responding to the user’s request to export his personal data or erase personal data from the site easily by going to the site’s control panel and choosing Tools < Export Personal Data , which helps site owners by exporting a specific user’s data in a .zip file, or Tools < Clear Personal Data. Which allows site owners to delete or anonymize data known to a specific user.
How to make a WordPress website GDPR compliant
In this paragraph, we review the most important cases that you must do on your WordPress site to make it compatible with the GDPR regulations, if you are using one of the plugins that track user data on your site.
If you use the add a contact form on the site
If you use a contact form plugin on your WordPress site and store data that users enter into that form, or use that data for promotional or marketing purposes, you’ll need to do additional things to make those forms GDPR-compliant.
You must ensure that you obtain explicit consent from users to store their data on your WordPress site. You must also disable cookies and not track IP addresses. You must also ensure that there is a data processing agreement with the form providers if you are using a SaaS form (Software as a service). .
The good thing is that the popular WordPress contact form plugins, such as Contact Form 7 , WPForms , or Ninja Forms, save you the need for a data processing agreement because these plugins do not store the data that the user enters into the form on their site, but rather the form entries are stored in your WordPress database. .
All you have to do if you use these additions is to add a checkbox to consent to saving data at the bottom of the form with a clear explanation of what you are doing with this data to make the form compatible with the General Data Protection Law.


If email marketing subscription forms are displayed
If you have forms or pop-ups on your site that are used to sign up for email marketing, it is necessary to include a checkbox or consent button in that form or window to obtain explicit consent from users before adding them to your list. Mailing and sending letters to them.
Once the user agrees to subscribe to your email list, you can start sending promotional messages to your subscribers securely, and do not forget to provide them with the feature to unsubscribe from the mailing list whenever they wish not to receive any more messages from you.


When using Google Analytics on your site.
Most website and e-store owners use the Google Analytics add-on to obtain important statistics about the website audience, such as which country do website visitors come from? What are their interests? What are their demographics and other important personal data
Despite the importance of this data for tracking visitors, understanding their behavior, evaluating website performance, drawing heat maps , improving website design, adjusting ads, and other great benefits…but allowing access to user data by Google Analytics raises doubts about the fate of this data!
Therefore, in order to be compatible with the General Data Protection Regulation when using this add-on on your site, be sure to anonymize the data before storing and processing it, and add to the site the feature of displaying a pop-up window or display a notice in a clear place on the site indicating that you are saving cookies, and ask the Users allow you to do this before you start tracking their data.


There are several WordPress plugins that enable you to provide this feature on your site, such as the Cookie Notice & Compliance for GDPR / CCPA plugin, the Real Cookie Banner plugin , or others.
Also be sure to use an add-on like Analytics Germanized for Google Analytics that enhances Google Analytics features and provides opt-out and other features that ensure Google Analytics does not violate data protection law.
In the event of building an online store using the WooCommerce add-on
If you have an online store built using a WooCommerce plugin then you need to make sure that your website is GDPR compliant.
One of the most important things that you should pay attention to is obtaining the consent of your store customers if you are retargeting them through technologies such as Facebook Pixel and displaying a notification to them to obtain their consent to save their cookies.
WordPress plugins help with GDPR compliance
There are many WordPress plugins that can make it easier for you to comply with some aspects of the GDPR law on your site, and the most important of these plugins are:
- Delete Me is a free plugin that allows users to delete their profile themselves from your site.
- WPForms is an easy-to-use contact form that is highly GDPR compliant.
- Cookie Notice & Compliance for GDPR / CCPA is a free add-on that enables you to add a notice for accepting cookies by users on your site.
- MonsterInsights – If you use Google Analytics on your site you must use this plugin to comply with data protection law.
- Shared Counts – Social Media Share Buttons: This free add-on enables you to upload share buttons on social media without using cookies to track users and thus complies with data protection.
OptinMonster is a professional generation plugin to target customers and increase conversions while complying with the General Data Protection Regulation (GDPR).
Conclusion
In this article, we learned about the concept of the General User Data Protection Regulation law, which enacted new rules and regulated the ways in which customer data is collected and used by websites and companies.
At the conclusion of this article, we stress the importance of adhering to the guidelines for this law on your WordPress site or WooCommerce store, especially if you are the owner of a business or website and collect data from visitors residing in one of the European Union countries. In this case, you must adhere to the provisions of this regulation in order to be able to Gain the trust of your users and strengthen your brand on the one hand, and most importantly, avoid any violation of their data, which exposes you to penalties that you do not need.
Leave a Reply