The General Data Protection Regulation (GDPR) is Europe’s new framework for data protection laws, replacing the 1995 data protection directive. EU legislation says that it is designed to harmonize data privacy laws across Europe and that its main purpose is to give greater protection and rights to individuals. After the publication of the GDPR in May 2016, it became effective on May 25, 2018.
In a nutshell, GDPR protects user data in just about every conceivable way. Both personal data and sensitive personal data are covered. Sensitive personal data is easier to describe, as the usual suspects like genetic data, information about political views, sexual orientation, religion, etc., belong to that category. More or less, personal data means any information you can use to identify a person, starting with name and address, and can also include email and IP addresses.
To be GDPR-compliant, companies must handle customer data with the utmost care and attention. However, that alone is not enough; you must provide customers with tools to control, edit, and delete any information about them. Furthermore, any handled data has to be protected, meaning that anonymization and encryption are two important aspects that come into play. Another significant factor is that customers must explicitly ask for their consent before their data is collected and processed.
Examples of GDPR
What Does This Mean For Your Website?
If your website has the following, you should ensure you are compliant (even if your customer base is US-based, websites are accessible worldwide):

LSI Media’s contact form is an example of implementing compliance.
Responsibility Of Compliance For Websites
It’s important to note that it is the responsibility of every company or website owner to prepare their sites for GDPR compliance. It is not the duty of any framework to create and manage a website’s compliance. In almost all cases, it will need a lot of manual fine-tuning. Generally speaking, that means there is no use in asking, “Is WordPress GDPR compliant?”. It is a powerful tool for creating websites, and the end-users website will collect data, and the data collected will be different for every use case.
Does that mean that WordPress users are left alone in their fight for compliancy? No, not at all!
WordPress And Its GDPR tools
An article about GDPR Compliance Tools in WordPress was posted on WordPress.org, shedding light on the new privacy features that WordPress has added to its latest release, 4.9.6, which shipped on May 17, 2018.
The main features are new areas for handling data export and erasure requests, a new privacy policy page, and a consent checkbox for the comments form.
LSI Media can also assist in helping to implement your GDPR compliance. Just reach out to us.