Back in the GDPR

Yes, even my small outpost on the Interweb needs to be GDPR-compliant!

Despite being as on top of GDPR, privacy and data protection as the next non-legal person (ahem), it wasn’t until version 6.1 of Jetpack from Automattic came out that I realised I might have a problem, when they announced new privacy tools for those of us with contact form and commenting open. It turns out that this has been on the horizon for WordPress for some time.

Fortunately, the latest version of WordPress (4.9.6 – don’t ask about the odd version number, you’ll cry) includes some tools to get your WordPress site ready… three days under the wire.

The problem is that it only gets you part of the way there. For example: visitors can now see what data I’ve ever captured about them, but there’s no simple mechanism for them to ask the question – that’s left up to plugins. This being WordPress, there’s a lot of plugins, all of which almost do what you want, but not exactly.

So now, the comments box has two tick boxes. One is the built-in one, an option to store your details in the browser (using a cookie, of course). The other comes from a plugin, telling you to agree to the way I handle your data… but with no link to my new Privacy Policy page, which seems a little slack of them.

And I’ve had to create a Privacy Policy page, linked to from the foot of every page (plus the Acquis menu – because I can). WordPress gives you some sample text to get you going, but given that my servers aren’t stored locally (same for most people) and I’m assuming that my plugins don’t do anything they shouldn’t although there’s no easy way to check (same for most people) there’s only so far you can go without taking a few wild stabs in the dark. But it does have the data request form, thanks to a second plugin.

I’d appreciate a once-over of it from anyone reading this though… is it utter nonsense, or am I just about there?