We’ve described how the GDPR works at length elsewhere, so we won’t repeat ourselves here. Suffice it to say that this regulation introduces new rules regarding privacy and transparency online. All your website’s visitors now have the right to know what data you’re collecting about them and how it’s used, and even to have their information deleted.
This is how you’ll inform visitors about all the key information they need to know. While it may take a little effort on your part to get your policy just right, the basic steps involved aren’t difficult.
With that out of the way, let’s get to work!
As long as your site is updated to the most recent version (which it should be!), you’ll find this option under Settings > Privacy:
This will take you straight to the WordPress editor you’re familiar with, where you can start adding content to the page. It will have some headings and information already included:
Step 2: Add in your website-specific information
If you look through the template WordPress has provided you with, you’ll see a number of sections. This is a useful outline letting you know what type of information you need to explain to your visitors.
A few of the sections already have some text filled in. This describes data that all WordPress sites gather by default, as well as how long it’s stored, and similar details.
You’ll likely want to leave all of this as-is. However, it’s worth reading through to see if any of the functionality described is altered on your specific site (for example, due to a change you’ve made to the settings, an installed plugin, or some custom code):
After familiarizing yourself with what’s already there, you’ll want to go through each section of the template.
- What kind of data your site collects from visitors (names, email addresses, payment details, etc).
- What features or elements of your site gather data (such as contact and opt-in forms, social media buttons, and comments sections).
- Why you collect this data and what the data is used for in a general sense.
- How the data is stored (and for how long it’s stored).
- Who the data is shared with, such as external parties like cloud storage services and payment processors.
- How you protect the data, including what procedures are in place to keep it safe and to respond quickly in the event of a breach.
- What rights visitors have over their data. This should include the right to know all of the above, to ask for a copy of their data, and to request that it’s deleted at any time.
This may seem like a lot, but it’s best to be comprehensive. While it’s true that most people aren’t likely to read through the whole thing, you’ll want to be able to prove (if needed) that you’ve made all this information available and easily accessible.
The best way to do this is usually to display a link to your policy on every page of your site. Most people will add this to their sites’ footers. However, you can use a sidebar or even your main navigation menu if you want to ensure that it’s as visible as possible.
For example, you could open up Appearance > Widgets in your dashboard, drag a new Text widget into your theme’s footer, and include a simple text prompt and link:
Orbit Fox Privacy Module
Here’s an example of what that bar looks like:
Orbit Fox Policy Bar
- Add in your website-specific information.