GDPR

On the 25th of May, new EU privacy rules come into effect called the General Data Protection Regulation (GDPR).

These new regulations have a wide-ranging impact on businesses and websites. If you are an EU based business or have website users who are from the EU you will need to ensure that your site is in compliance with the new regulations.

If you’ve never heard of the GDPR or are not sure about the consequences of the new regulations, we recommend reading the following sources:

• https://www.eugdpr.org/
• https://www.codeinwp.com/blog/complete-wordpress-gdpr-guide/
• https://kinsta.com/blog/gdpr-compliance/
• http://www.wpbeginner.com/beginners-guide/the-ultimate-guide-to-wordpress-and-gdpr-compliance-everything-you-need-to-know

WordPress 4.9.6

On May 17th WordPress 4.9.6 was released which included some GDPR privacy-related features including data export and removal tools, privacy policy page template and cookie opt-in for comments. You can read more about WordPress 4.9.6 here.

Ultimate Member & GDPR

To make it easier for your site to comply with the new regulations, we’ve done the following:

• Integrated UM with the WordPress data exporter (Custom UM created fields will show in the data file).
• Integrated UM with the WordPress data eraser
• Updated Private Messaging extension to make it possible for users to download their private message chat history (Private Messaging extension).
• Added a privacy field to registration forms for users to consent to privacy policy before registering
• Recorded timestamp of user confirmation to terms & condition upon registration (Terms & Conditions extension).
• Updated MailChimp extension to either delete or unsubscribe users from your MailChimp list when they delete their account.

Responsibility

Whilst ourselves and other plugin developers are working on making it easier to comply with the GDPR, as the owner of your site, it is your responsibility to ensure that your site is compliant with the regulations.

Action to take

We suggest doing the following in regards to Ultimate Member plugin:

• Update Ultimate Member to the latest version
• Create a privacy policy and enable the privacy policy field on registration forms by turning on the privacy policy from edit registration form page.
• Install our free terms & conditions extension so that users must agree to your terms & conditions before registering.
• Turn on double opt-in for MailChimp subscribers
• Enable the user deletion tab in account page so users can delete their account

What we’ve implemented

To comply with the GDPR regulations ourselves we have:

• Added required checkboxes to forms on our websites (support, pre-purchase etc).
• Updated website to the latest version of WordPress which includes the data exporter/eraser for user requests for data.
• Added a required privacy checkbox to the checkout page.
• Updated our privacy policy.
• Disabled IP storage for form submissions.
• Added GDPR cookie consent plugin to the website.
• Turned on double opt-in for MailChimp signups.
• Moved our website server location to EU