GDPR compliance

The acronym GDPR means General Data Protection Regulation, it is a european law and all website that are visible anywhere in Europe must be compliant.

This law is active since May 2018 and still a lot of website owners don’t are aware of the risks and fines.

One of the most ignored facts is that the GDPR also applies to non-EU sites if they receive European visitors, this is because the law aims to protect EU citizens from all abuses regarding privacy issues.

The formalities and obligations for the owner of a website are many, and this has also had significant effects on the community of WordPress themes and plugins developers.

How WordPress deals with GDPR

WordPress from version 4.9.6 has introduced the tools necessary for managing user privacy, in three steps.

Step 1 – Privacy Policy Page

A privacy policy page must be present on every site visible in one of the countries of the European Union, this page must contain all the information that the user must know about the way in which their personal data are treated.

WordPress offers a very useful template for this purpose and each plugin should add information about how it works.

DaReactions can work very well even without storing any personal user data, however in the settings it is possible to activate the storage of the IP address for registered users.

For this reason DaReactions from version 3.20 adds a wording to the WordPress privacy policy, different based on the options chosen by the site owner, which informs users about this feature.

DaReactions Privacy Policy is GDPR compliant.


Step 2 – Export personal data

Another of the obligations of a website owner towards its visitors is the export of personal data.

Thanks to the GDPR, every European visitor has the right to request a copy of all personal data concerning him, and this request must be met quickly.

WordPress has made available to site owners a tool for exporting all known data of a single person, identified by an email address.

Each plugin, to be GDPR compliant, must add its own data list to this WordPress feature. DaReactions since version 3.20 has implemented its built-in exporter to WordPress export functionality.

DaReactions Data Exporter is GDPR compliant.


Step 3 – Deleting personal data

The last of the three formalities required by the WordPress platform concerns the cancellation or transformation into anonymous form of personal data.

GDPR guarantees all citizens the right to request and obtain that their data be deleted or transformed in such a way as not to allow the recognition of the single individual.

WordPress also for this need has provided a centralized tool and all plugins should adapt to be compliant with European laws.

Since version 3.20 DaReactions has added this functionality to the WordPress delete personal data panel.

The Reactions will not be deleted, but will be modified to be completely anonymous.

DaReactions Data Anonymization is GDPR compliant.


Conclusions

If you are already using Reactions you are almost certainly in compliance with the GDPR, unless you have set up the storage of registered users’ IP addresses, which would allow you to pair two pieces of information in a way your visitors do not know.

In any case, by updating DaReactions to version 3.20 you will get a complete adaptation to European standards, thanks to a more correct privacy policy, the possibility of exporting data and the possibility of deleting them in bulk if a user asks you to.

Loading spinner