The EU has a new law (OK, it is not “new” but it comes into effect May 2018). And that has stirred up some mud because it has an impact on almost any website, blog, forum, etc. I am talking about the EU General Data Protection Regulation (GDPR) in general and the German Datenschutz-Grundverordnung (DS-GVO) in particular.
Without going into the details of the regulation, I still wanted to share some changes I applied to my website operated under WordPress. I am not claiming these are “complete” or all “necessary” or “correct” but this is what I have done.
- First of all, I have disabled the ability to register as a user (Settings > General > Membership > Disable “Anyone can register”).
- Then I have turned off all ability to comment on my posts (Setting > Discussion > Disable “Allow link notifications”, “Allow people to post comments on new articles”, “Comment author must fill out name and eMail”)
The ability to comment is vital on some blogs and this is a case-by-case decision that might hurt. For me, most of my comments where nonsense or of no general interest. It just makes my life easier. And people can still contact me via my eMail which is posted anyway.
- I then went in and deleted all registered users (6.000 of them where spam accounts anyway…)
- I also deleted all existing comments.
- I set the comment settings for all existing posts to “Not able to comment”) – you can do that from Posts > All Posts, then select all articles and chose “Edit” as Bulk Action, then click “Apply”. Set the “Comments” to “Do not allow”).
Last but not least, I am running WP Statistics so I went to the Statistics Settings and enabled “Hash IP Addresses”. With the result that from that point forward, all IP Addresses are hashed (but still counted properly).
If you are running some external, even free plugin to track visitors (like a visitor map) you might have to check what your plug-ins do…and maybe disable them if they are sending data elsewhere…
Last but not least, you have to update your Data Privacy Statement to reflect what you are doing, what you are not doing and for the things you are doing, why you are doing it. Plus grant the rights to your users to send you an inquiry about their stored data (if you store any data) and report/remove/correct at their requests.