Updates for the GDPR compliance of the most popular CMS platforms

Today, we’d like to shed some light on the GDPR-related changes in the leading CMS.

GDPR stands for the General Data Protection Regulation, which was introduced by European Union. It became the main subject of interest. The most frequent questions site owners ask nowadays are “What is the GDPR?”, “What can I do for the GDPR compliance of my website?”, “What are the GDPR requirements and what should I have in my GDPR compliance checklist?”, etc.

GDPR Definition

We’re happy to help you deal with those questions, so let’s start with a short GDPR overview.

GDPR abbreviation means “General Data Protection Regulation” and that means that European Union governments make everything possible to improve data protection and take care of data privacy by using laws as the main leverage.

GDPR deadline was on May 25, 2018, and the GDPR violation sanctions already have real mechanisms. From now on, every website owner should make one’s site meet GDPR requirements. In particular, a website has to inform site visitors about gathering of their personal information, and users of your site have to agree with the website Terms of Use (GDPR Privacy Policy) in case any personal data is to be submitted from their side.

Obviously, the leading CMS platforms that are used by millions of websites over the web couldn’t ignore this and have already worked on some features to help site owners gain this aim.

GDPR Compliance Updates in WordPress

Since the version 4.9.6 following things were changed in WordPress in order to improve data privacy:

• There was added the note about privacy policy management in multisite installations (available only for the administrator).

• There were added details about themes passing the fields argument to comment_form().

Whenever someone posts a comment, the system will pre-populate their name, email, and website into the respective fields of the comments form. Also, now they can change their mind and remove the comments pending for approval.

There was also added an option to choose the Privacy policy page via Settings > Privacy section of the Dashboard. In the new installations, the Privacy policy page will be available by default as a draft. The site visitors are also given the choice either to agree to or reject using cookies, that will collect certain data about their activity. However, using cookies is optional, the respective checkbox exists due to the GDPR consent requirements.

Another important thing is the GDPR rule for “the right to be forgotten”. That’s why, now in WordPress you can export your personal data, as WordPress 4.9.6 includes an option to archive user data for export. This feature allows the users to generate the ZIP archive with all their data available on a certain WordPress website. The entire process of using this tool is already described in the WordPress Codex, feel free to follow it step-by-step if needed.

In brief, you should use the Tools > Export Personal Data menu, enter your email and agree to the data export request. Then, email the data to yourself or download it directly using the special Download Personal Data popup menu. You can also submit the removing data request using the same tool.

You can also get the GDPR Suite provided by Zemez.io for your WordPress website. The following important changes will be integrated into your theme to comply with the core GDPR rules:

• Privacy Policy page (with sample content) will be added to your WordPress template.

• A notification of consent to store data with a link to the privacy policy page and the checkbox in all built-in theme contact forms.

• A notification of consent to store data with a link to the privacy policy page and the checkbox in WordPress registration form.

• A notification of consent to store data with a link to the privacy policy page and the checkbox in all built-in newsletter subscription forms or implementing double opt-in (depends on the nature of subscription form).

• GDPR comment form privacy checkbox.

• Cookies usage banner that notifies website visitors about the usage of cookies on your website.

This service is completed within 3-4 business days and costs $59. Feel free to get it here. Here’s a small comparison, in GDPR organizations the breach of GDPR rules, can result in a fine up to 4% of the annual sales turnover or €20 Million (whichever is greater).

The first proceeding on the GDPR law happened in Germany, 5 days after the GDPR become applicable, and the fine was set to €50 000. The results are publicly available (in German). That seems to be the first case of this type, but definitely not the last one. For sure, we’re not lawyers, so don’t take any of this as a legal advice, just keep that in mind.

GDPR Compliance Updates in Joomla!

Joomla! is another leading CMS platform powering up websites all over the world, including EU countries. European data privacy laws affect its users’ interests, thereby, its developers have also started integrating the Privacy Tool Suite into their CMS.

Joomla team declares the intention to implement following changes into Joomla 3.9 as their GDPR solutions:

• Provide an API for extension developers so they can report the data they collect and this info can be displayed in the new com_privacy extension (Core API Project Board)

• Gain the consent of the registered users (form plugin), track their consent, log their activities, and take care of the consent retention time (Consent Project Board)

• Facilitate the workflow related to user requests (Information Requests Project Board):

  • Make it easier for the users to submit information requests

  • Track the status of users’ requests

  • Let the user access and download their data.

Coders, testers, and copywriters are all welcome to join the dedicated repository (the collaboration space to work on a privacy framework for Joomla) to help complete this release. The purpose of the 3.9 release is to meet the data protection standards, therefore, only the features related to the data protection policy are going to be merged to it. Joomla developers also have some plans to release Joomla 3.10 with minor updates and features improvements available.

If you prefer not to wait for the Joomla team, but want to get the GDPR-compliant updates right now, you might be interested in the GDPR Suite service provided by Zemez.io for the Joomla-based websites. The following important changes will be integrated into your template to comply with the core GDPR rules:

• A Cookie banner.

• Privacy policy page (with sample content) will be added to your template.

• A checkbox in the template contact form for a consent to the storage of data.

• A checkbox in the newsletter (if it is available in the template) for a consent to the storage of data.

This service is completed within 24-48 business hours and costs $59, it’s recommended to get the service once and let the Zemez team get you covered. Feel free to order the service here.

Please note! Compliance to the GDPR is a risk-based ongoing process that involves your whole business. We are not eligible for any claim or action based on any information or functionality implemented with the offer.

Thanks for reading this article! Now you know more about what was already done, and what is planned for future implementation in the world’s most popular CMS platforms – WordPress and Joomla!

PLEASE NOTE! WE ARE NOT LAWYERS, SO DON’T TAKE ANY OF THIS AS A LEGAL ADVICE!