After May of 2018 things will never be the same for websites. The reason for this is GDPR (General Data Protection Regulation), which is now in full effect. This means that all websites powered by WordPress must be technically mended in compliance with the new GDPR.
If your site’s hosted in the EU or you have visitors from the EU, then you too have to take the necessary steps or face legal consequences. The regulation was on its grace period for two years, and now that it is in full effect, all sites need to comply immediately. Here is what you need to know.
What is GDPR?
Before we go any further, let’s first talk more about GDPR. Basically, these are a set of regulations and rules meant to protect the personal data of EU citizens online. All organizations that need to comply with GDPR must make sure that all of the data they gather about consumers is in compliance with the conditions set by the GDPR.
At the same time, organizations that manage data will also have to protect it and not allow anyone to exploit it or misuse it. Everyone involved needs to respect the rights the consumers have or get penalized. All of the data gathered, used, or managed requires consent to be legal. Now that we’ve explained GDPR briefly, let’s see how it affects WordPress and anti-spam plugins.
Anti-Spam GDPR compliance issue
All of the plugins on WordPress by Automattic require a connection to the main WordPress.com website, which means that there is a direct connection with all of the data on your site, but also all of the personal information of your visitors such as their IPs or email addresses.
The Automattic anti-spam plugin Akismet also fits this category. Everyone using it should react instantly and find an alternative solution or make adequate adjustments and setups to limit the gathering and usage of personal data so that they comply with the EU GDPR.
All anti-spam providers will struggle with the compliance, as they all send data mostly to other countries for third-party use. This holds true for all service operators that have consented to data and privacy protection but those operators that haven’t will never be able to get compliance for GDPR.
When data is sent to Akismet and similar servers, there’s no control over that data and this breaks the new regulations.
You need to restrict the antispam protection to work only within the limits of your website. There are already various anti-spam plugin alternatives for WordPress sites. One of them is Antispam Bee. This plugin is GDPR compliant. You just need to adjust a few settings properly. To stop sending personal data to third-parties disable the use of public anti-spam database and disable comments in a single language.
Be aware of where your anti-spam operator is from
Even if your anti-spam service provider does comply with GDPR regulations, there are still things to worry about. Organizations might try to protect the data and use it legally but the country which they are in might not. For example, the Russian government has many surveillance laws that are in direct contradiction with the GDPR.
The Russian government has the power and the legal right to decrypt and look into any digital communication happening in the country, which makes it impossible for a lot of companies to comply with the new GDPR, and that also includes encrypted communication providers.
Even if your anti-spam service provider does encrypt the data that they get from you, the surveillance laws in Russia can force them to decrypt it, leaving the enterprise non-compliant with the GDPR. This is why you need to make sure that you work with organizations that abide by GDPR and guarantee the safety of personal data.
All WordPress websites’ operators must find GDPR compliant plugins as soon as possible and work with third-parties that meet the legal requirements of personal data use or face legal consequences.