If you’re not familiar with what GDPR is, then in short it’s a strengthening of the EU rules around data privacy for consumers. We’ve written a longer piece on it as well though no blog post can cover the details extensively enough. You need to consult your legal council to see if you have any extra steps to become compliant with GDPR.
For most store owners, on top of any internal process changes that need to happen, you need to make sure that the software you use will be GDPR compliant. I was wondering that exactly for my store and my clients so I reached out to a number of the top eCommerce platforms on WordPress to understand what their plan was when it came to GDPR compliance.
WooCommerce and GDPR
WooCommerce has written an overview of what they’re planning for GDPR already. While they have tightened up some of their language and settings to be compliant with GDPR the main push is to contribute back to WordPress core.
By focusing on WordPress Core work, they are helping to make sure that every plugin available for WordPress has the opportunity to be GDPR compliant.
While the new WordPress Core features still need to be approved, currently the WooCommerce team has developed an admin tool to manage requests for personal data export. This includes a method to verify a user request does come from the user you expect. Currently it uses a system similar to the password reset process that WordPress already uses.
Without this verification step, it would be trivial to spoof an email and request data which would then be sent to a bad actor. That nefarious person would then have all the personal data that your site had on one of your customers.
WordPress and GDPR
On top of the management system for requests, there are a number of things being worked on in WordPress Core to bring it into proper compliance with GDPR. Core is working on privacy policy generators, dealing with opt-ins for comment cookies, and helper functions so you can anonymize data.
WP eCommerce and GDPR
I reached out to Justin Sainton, one of the co-owners of WP eCommerce, and they’re watching core currently. Once the core features are ready, they’ll integrate them into WP eCommerce.
Given that you have 90 days to accommodate a request for information, that should leave them plenty of time to integrate with the core of WP eCommerce so that it is fully complaint with GDPR.
Sandhills Development and GDPR
Sandhills Development runs a very popular set of plugins for WordPress stores which include Easy Digital Downloads, Restrict Content Pro, and AffiliateWP. Talking with them, they’re planning on taking the same tack as WP eCommerce. They’re waiting to see what WordPress Core does and then they’ll integrate with the prebuilt features in WordPress Core to become compliant with GDPR.
In fact, talking to a number of other plugin developers, most of them were focusing on working with the WordPress Core features and using them when they become stable enough to use. Many of them are working on the features to ensure that they are something that can be used easily with their eCommerce platform.
So, if you’re using a WordPress based eCommerce solution and looking at GDPR wondering what will be done, you should be in good hands on the software side. All of the vendors I reached out had developer time set aside to ensure that they were fully compliant in time for GDPR.
You will still have to talk to your legal council to see what other parts of GDPR apply to your business. You will most certainly need to be familiar with the data breach protocol and disclose any data theft to the proper authorities in the EU.
Photo by: clement127