After several years of preparation and debate, the EU Parliament approved the General Data Protection Regulation and it officially became enforceable on May 25th, 2018.

So what is GDPR compliance and how does it affect you as a website owner?

GDPR regulates personal data collected from all users that reside in the EU by asking for their informing them about the fact their data is being collected and by asking them for an explicit consent to do so.

What that means is that if you are running a site that collects data from EU citizens, even if you yourself aren’t an EU citizen, you are still obligated to abide by the rules of this regulation.

In case your site isn’t GDPR compliant, you could face different types of penalties; for example, if you fail to disclose a data breach, it might cost you 2% of your worldwide annual revenue, while failing to obtain an explicit consent for data collection from your users can be fined up to 4% of your revenue.

However, if you are running a WordPress website, we have some good news for you – the WordPress team is doing their best to ensure GDPR compliance by GDPR-proofing the Core code.

WordPress 4.9.6 has been released and the WordPress team encourages everybody using their CMS to update their sites to take advantage of all the new privacy features that have been introduced to this new GDPR compliant version of WordPress.

How Does It Work?

So now that we know what GDPR is, let’s talk more about WordPress GDPR and why it is important to stick to this regulation.

First of all, let’s talk about how data collection even works to understand the whole process.

When you use services like social media, Google Analytics, or even your own website, your personal data is being collected.

But what is personal data in the first place?

First of all, it is your IP address, as well as your name, address, localization, health information, income, online identifier, cultural profile, and more.

The reason why so many services collect your data is to send it to the provider where the data is used to create targeted advertisements.

For example, if you are a 25-year-old male, you probably won’t see many ads for arthritis medicine online. Why? Because you are not the target buyer group for that product. However, you will often see ads for products that are appealing to you and that is the result of targeted advertisements.

However, as of May 25th, 2018, online services you use aren’t allowed to collect your data and send them to the provider without your approval. Basically, no data is processed before the user provides consent for data collection.

So how is WordPress 4.9.6 handling it?

We know that WordPress is one of the most popular CMSes and the updated and fixes are introduced to this system on a regular basis.

WordPress 4.9 became available in November 2017 and, since then, it has received 6 updates that address security and stability issues.

The first versions, unfortunately, were quite problematic and full of bugs, but thanks to the constant improvement of the WordPress system, over 50 noted bugs have been removed that the newest 4.9.6 update offers a great variety of useful new privacy features.

The readers of GDPR compliant WordPress-powered sites will now be able to choose how their data is stored and they will also get a choice or allow or disallow cookies in their browser when they, for example, leave a comment on the site.

Also, while some major WordPress updates require the administrators to update their system version manually, WordPress 4.9.6 has an automatic update system that requires no admin intervention.

So let’s take a look at some of the most important GDPR Compliance-related new features added to the latest WordPress update.

Privacy Settings – Privacy Policy Page

The website owners are now encouraged to create and display a privacy policy page as well as to review it from time to time to ensure the displayed information is current and accurate.

If you aren’t sure how to create such page, WordPress offers a guide for a recommendation on what content to include, as well as policies suggested by your theme and plugins.

Once you create your privacy policy page, it will be displayed on your login and registration page, but it is also recommended to manually add a link to it to every page on your site to make sure your visitors can find it at any given moment.

You should also check out the Plugin Handbook you can find in your Privacy Section because there is a chance you still maintain a plugin that collects data which should also be included in your privacy policy.

Exporting Data

If you as a site owner want to export data collected by WordPress and data-collecting plugins, you can do so by exporting a ZIP file with the data collected up to that point.

Erasing Data

Not only can you as a site owner export data, but you can also erase it if you want.

The requests for both exporting and erasing data are confirmed through a new email-based method. It includes data from both registered users and commenters collected by WordPress as well as by the participating plugins.


Not only data from registered users is being collected but also the data from commenters on the site. However, the new WordPress 4.9.6 offers them a choice of enabling or disabling cookies on their browser.

Issues Fixed in 4.9.6

Nearly 100 updates have been made so far in the new WordPress 4.9.6 and here are some of the new functions you should know about:

  • Changes that Affect Theme Authors – several new tools have been introduced
  • A new tool for export of the stored data
  • New PHP Polyfills
  • TinyMCE Update

Uncode Privacy Plugin

Uncode is a WordPress theme that you can purchase and can use external services, for example on social media like Facebook and Twitter, as well as on other services such as SoundCloud, Vimeo, YouTube etc.

We have talked before about how these services collect data and then send them to the provider in exchange for free services. The data is then used for targeted advertisement and similar.

However, GDPR compliance creates a catch in that process – in order for a service to collect personal data, the explicit consent from the user has to be obtained because skipping this important step could result in fining the site owner.

Long story short, no data can be processed before the user specifically agrees to it.

That is why the Uncode Privacy Plugin was developed to block usage of third-party services up to the point where the user gives the consent for the data to be collected.

This plugin is not mandatory, but it can be very useful to the website owners implementing GDPR to their websites to ensure GDPR compliance. According to GDPR, you must get user consent to process any data. For this purpose, Uncode uses the Contact Form 7 free plugin

Uncode Privacy Plugin Demo

If you are still not sure what exactly Uncode Privacy Plugin does and whether you should use it or not, there is a demo available that will help you understand its functionality and purpose.

Basically, it is a page featuring content such as embedded videos and some audio elements which you won’t be able to access without an expressly given consent. Once you set the necessary consents, you will be able to see all items displayed on the page.

Ending thoughts on GDPR Compliance

Every website owner that collects data from EU citizens has to make sure their website is GDPR compliant.

WordPress 4.9.6 has introduced new privacy features that will make it easier for website owners to meet all the required responsibilities and obligations to this new regulation.

Uncode Privacy Plugin can also help you with GDPR Compliance and even though it is not mandatory, it is very useful for everybody whose sites as well as plugins collect personal data.