GDPR, your plugins and themes

With there being many questions about the General Data Protection Regulation (GDPR), and its compliance, we’ve seen a need for a general post about it.

Not sure what all this GDPR talk is about? Check out the European Commission’s Data Protection page.

The most important thing to remember is that no theme or plugin can make you compliant with the new regulations. They may provide assistance in solving parts of it, but nothing more. In the end it is up to you as the site administrator, to ensure compliance with both national and international law.

WordPress 4.9.6 introduced tools to help with this. Sites should have a privacy policy, and it should be easily discoverable for site visitors. The tools WordPress provide will help you create such a privacy page, and allows themes and plugins to add their own information to help you write this. You may visit Settings > Privacy to set up your own page, and to find the information provided by plugins and themes.

As for forum topics about plugins or themes being compliant: Developers are unable to reliably claim that they are compliant, because they can’t speak for the way you are using their plugin or theme, or what other code may be interacting with theirs. Some may have general information available in their description or FAQ sections, but on a general basis please check with your own Data Protection Officer (DPO) or equivalent, or if you have none contact your local or regional information commissioner office.

Please note that seeking legal advice on the forums will result in your topic being closed, as per our Forum Guidelines. Our volunteers are not lawyers, and if they were they should not provide free legal counsel on the forums as it may make them liable.

Requesting information regarding a plugin’s compliance to a related topic is permitted, but you cannot ask for legal help or advice. For example, you can ask if an eCommerce plugin meets all the various requirements for use, or for information on what data is saved or processed in relation to privacy concerns. You cannot ask the developer to verify if your specific use-case is protected by law. By in large, developers aren’t legal experts. They can tell you what the plugin does, what it records and saves, and direct you to the terms of use of any services included or used.