User Privacy and your WordPress site
It’s possible that you’ll also have to let users know how they can get a copy of or delete their personal data stored with you.
WordPress admins now have access to a number of straightforward tools that make this process much easier. Using these resources, you can more easily provide consumers with a clear privacy notice detailing what information is being gathered and why. Typically, it consists of the following:
- Information you gather on them,
- The reasoning behind your data collection methods,
- More importantly, how you use that information (including with whom who you might share that data).
Users can more easily request deletion or a copy of their data with the help of these modern tools. You can more easily protect your users’ privacy by making use of the new data privacy tools (whether or not you are compelled to do so by law).
Keep in mind that every online destination is unique. Similar to how no two site administrators will have the same compliance journey, no two privacy notifications will be the same. Your paths to regulatory compliance may also be affected by the introduction of new regulations or revisions to current ones. We urge you to remember that protecting personal information is an ongoing obligation. Making sure your users’ information is safe and secure is an ongoing process, both online and off. While these resources can be helpful, they should not be seen as a replacement for a thorough compliance review. Before using these, please make sure you are in compliance with any local laws or industry standards that may apply to you.
The only thing this programme does is compile texts from WordPress and plugins that offer policy advice. To further complicate matters, many websites will also incorporate third-party programmes (such as email subscription services) that gather data in ways the Editing Helper tool cannot detect, meaning the default template may not adequately indicate how your website may collect data about its users. Learn the specifics of how your website gathers information about its visitors, and tell them how their data will be used.
Export Personal Data tool
The WordPress admin panel now has an exportable user database backup option. In contrast to the Tools > Export option, which compiles all posts, pages, and media into a single archive file, this new option exports only the content that has been captured elsewhere. To access this feature, go to your WordPress dashboard and select Tools > Export Personal Data.
Users can submit requests to export their emails using this tool. Following human review, it exports all of a user’s saved WordPress profile information as a.zip file.
Erase Personal Data tool
When a user requests it, WordPress will destroy their personal information just like the Export Personal Data feature. This function may be accessed from your WordPress dashboard, under the menu item Tools > Erase Personal Data.
Use the export tool’s email validation option to ensure that your exported data is accurate. Abuse, such malicious users pretending to be someone else, can be prevented with the help of this validation step. A similar system of email validation is used for the Erase Personal Data function to forward a user’s request to an administrator. To delete this information, the administrator must first give permission.
When information is deleted, it is gone for good from the system. Once a request for deletion is confirmed, there is no way to undo it. Keep in mind that this does not delete the information from any previous backups or archived files: Caution should be taken while restoring user data from backups when using the tool in conjunction with automated backups or archives. Your requests for deletion should be honoured when restoring an archived version of your site.
Consent of data collected
Additionally, you may be obliged to obtain express, unambiguous consent from your users before collecting any personal information from them, according to some privacy laws. In addition, if the processing of personal data is not essential to the operation of your site, you may be obliged to obtain the express, informed, and unambiguous consent of your users prior to any such processing.
When it comes to gathering consent in order to meet the May 2018 GDPR compliance deadline, WordPress.org does not yet have any built-in consent mechanisms, but there are a number of plugins available to help with this. Further, WordPress Core plans to roll out new tools for WordPress theme and plugin developers to use with regard to consent management in WordPress Sites.