Privacy WP
User Privacy and your WordPress site
You may be required to prominently display a privacy policy disclosing your collection and sharing of personal data based on national or international privacy requirements (such as the European Union’s General Data Protection Regulation, which may be applicable to you). Information that can be used to personally identify a user, such as their name, email address, date of birth, phone number, and IP address, is considered personal data.
It’s possible that you’ll also have to let users know how they can get a copy of or delete their personal data stored with you.
WordPress admins now have access to a number of straightforward tools that make this process much easier. Using these resources, you can more easily provide consumers with a clear privacy notice detailing what information is being gathered and why. Typically, it consists of the following:
- Information you gather on them,
- The reasoning behind your data collection methods,
- More importantly, how you use that information (including with whom who you might share that data).
Users can more easily request deletion or a copy of their data with the help of these modern tools. You can more easily protect your users’ privacy by making use of the new data privacy tools (whether or not you are compelled to do so by law).
Keep in mind that every online destination is unique. Similar to how no two site administrators will have the same compliance journey, no two privacy notifications will be the same. Your paths to regulatory compliance may also be affected by the introduction of new regulations or revisions to current ones. We urge you to remember that protecting personal information is an ongoing obligation. Making sure your users’ information is safe and secure is an ongoing process, both online and off. While these resources can be helpful, they should not be seen as a replacement for a thorough compliance review. Before using these, please make sure you are in compliance with any local laws or industry standards that may apply to you.
Privacy Settings
Using this app, picking out the right components for your Privacy Policy page is a breeze. To get started, it will make a new page (or modify an existing one) and provide some basic structure in the form of prompts and headers.
The Privacy Policy page is a configurable option for site administrators in Settings > Privacy.
Europe’s GDPR is a major privacy law, and the tool’s default prompts and headers are based on its requirements. While this provides a foundation upon which to build, it in no way limits the scope of your privacy policy. It is your duty to draught a thorough privacy policy, check that it complies with all applicable local, state, federal, and international laws, and update it as necessary.
Privacy Policy Editing Helper
One of the new options available in the Privacy Settings panel is an editing assistant. The Editing Helper compiles a collection of default texts that describe the site’s data gathering and sharing from both the WordPress core and the site’s themes and plugins, providing you with a framework upon which to build your privacy policy.
You don’t have to use this tool to create a Privacy Policy, but we think it’s useful because it shows you where in WordPress core, theme, and plugin code your site might be collecting and processing data. Keep in mind these potential data-driven outcomes: While some features may not be used by all sites (for instance, a site administrator may choose to disable post comments), practically all websites make use of things like analytics cookies, social sharing buttons, and contact form plugins. Your site’s usage of users’ personal information should be completely clear, so feel free to include as many disclaimers as you feel are warranted.
The only thing this programme does is compile texts from WordPress and plugins that offer policy advice. To further complicate matters, many websites will also incorporate third-party programmes (such as email subscription services) that gather data in ways the Editing Helper tool cannot detect, meaning the default template may not adequately indicate how your website may collect data about its users. Learn the specifics of how your website gathers information about its visitors, and tell them how their data will be used.
In addition, theme and plugin developers are encouraged to familiarise themselves with the Privacy Policy Editing Helper and provide details about the data collected by their products.
Export Personal Data tool
The WordPress admin panel now has an exportable user database backup option. In contrast to the Tools > Export option, which compiles all posts, pages, and media into a single archive file, this new option exports only the content that has been captured elsewhere. To access this feature, go to your WordPress dashboard and select Tools > Export Personal Data.
Users can submit requests to export their emails using this tool. Following human review, it exports all of a user’s saved WordPress profile information as a.zip file.
Erase Personal Data tool
When a user requests it, WordPress will destroy their personal information just like the Export Personal Data feature. This function may be accessed from your WordPress dashboard, under the menu item Tools > Erase Personal Data.
Use the export tool’s email validation option to ensure that your exported data is accurate. Abuse, such malicious users pretending to be someone else, can be prevented with the help of this validation step. A similar system of email validation is used for the Erase Personal Data function to forward a user’s request to an administrator. To delete this information, the administrator must first give permission.
When information is deleted, it is gone for good from the system. Once a request for deletion is confirmed, there is no way to undo it. Keep in mind that this does not delete the information from any previous backups or archived files: Caution should be taken while restoring user data from backups when using the tool in conjunction with automated backups or archives. Your requests for deletion should be honoured when restoring an archived version of your site.
Consent of data collected
Additionally, you may be obliged to obtain express, unambiguous consent from your users before collecting any personal information from them, according to some privacy laws. In addition, if the processing of personal data is not essential to the operation of your site, you may be obliged to obtain the express, informed, and unambiguous consent of your users prior to any such processing.
When it comes to gathering consent in order to meet the May 2018 GDPR compliance deadline, WordPress.org does not yet have any built-in consent mechanisms, but there are a number of plugins available to help with this. Further, WordPress Core plans to roll out new tools for WordPress theme and plugin developers to use with regard to consent management in WordPress Sites.
Reviews
There are no reviews yet.