How We Handle GDPR Compliance

This article explains how Web60 handles GDPR compliance and what you need to do to keep your WordPress site compliant.

What Web60 Does for GDPR Compliance

Web60 handles the technical side of GDPR compliance for your hosting infrastructure. We process and store your website data in Ireland, which means it stays within the EU. Our servers use encryption to protect data in transit and at rest.

We have a Data Processing Agreement (DPA) that covers how we handle your website's data. This includes visitor information, form submissions, and any other data your WordPress site collects. You can request a copy of our DPA through your account dashboard or by contacting support.

Web60 automatically applies security updates to WordPress core files and maintains backups of your site. These backups are stored securely and deleted according to our retention policy.

Your Responsibilities as a Site Owner

While Web60 handles the hosting infrastructure, you're responsible for making your WordPress site GDPR compliant. This means:

Create a Privacy Policy: You must add a privacy policy page to your website. WordPress includes a privacy policy generator under Tools > Privacy in your admin area. Edit this template to match what data your site actually collects.

Review Your Plugins: Check each plugin and theme you use. Some plugins collect visitor data (like contact forms, analytics tools, or comment systems). Make sure you understand what data they collect and update your privacy policy accordingly.

Set Up Cookie Consent: If your site uses cookies beyond basic WordPress functionality, you need a cookie consent banner. Install a GDPR-compliant plugin like "Cookie Notice" or "GDPR Cookie Compliance" from the WordPress plugin directory.

Handle Data Requests: You must be able to respond to visitor requests to see, edit, or delete their personal data. WordPress has built-in tools for this under Tools > Export Personal Data and Tools > Erase Personal Data.

Common GDPR Tasks in WordPress

To add a privacy policy, go to Pages > Add New in your WordPress admin. Create a page called "Privacy Policy" and use WordPress's privacy policy guide as a starting point.

For contact forms, check if you're using plugins like Contact Form 7 or WPForms. These store form submissions in your database. Add a checkbox to your forms asking for consent to process the data.

Google Analytics requires visitor consent under GDPR. If you use analytics plugins, look for "anonymize IP" settings and enable them.

Managing User Data

WordPress stores comments with email addresses and IP addresses. In your admin area, you can bulk-delete spam comments and moderate new comments before they appear.

For user accounts, go to Users in your WordPress admin to see all registered users. You can delete accounts and their associated data from this page.

If someone requests their data, use the WordPress export tool. It creates a file containing all data associated with their email address.

If you're still stuck with GDPR compliance or need help setting up privacy tools in WordPress, contact our support team through your Web60 account dashboard.

FAQ

Q: Do I need a privacy policy for my WordPress site?

A: Yes, if your site collects any personal data (like contact forms, comments, or analytics), you need a privacy policy. WordPress includes a privacy policy generator to help you create one.

Q: Where is my website data stored?

A: Web60 stores all website data on servers located in Ireland, keeping your data within the EU for GDPR compliance.

Q: What happens if someone requests their data to be deleted?

A: You can use WordPress's built-in data erasure tool under Tools > Erase Personal Data. This removes their information from comments, user accounts, and plugin data.

Q: Do I need cookie consent for my WordPress site?

A: If your site uses cookies beyond basic WordPress functionality (like analytics, social media widgets, or marketing tools), you need cookie consent. Basic WordPress sites without these features typically don't need cookie banners.

Q: Can Web60 help me write my privacy policy?

A: We can't provide legal advice about privacy policies. Use WordPress's privacy policy generator as a starting point, then customize it based on what data your specific site collects.

Q: How long does Web60 keep my website backups?

A: Our backup retention policy is covered in our Data Processing Agreement. Contact support for specific details about backup storage periods.

Q: What if I get a GDPR data request I can't handle?

A: Contact our support team if you need help using WordPress's data export or erasure tools. For legal questions about GDPR compliance, consult with a privacy lawyer.