WordPress VIP and the GDPR
Europe’s General Data Protection Regulation (aka GDPR) is a far-reaching data privacy and security regulation that took effect in May 2018. Among other things, it requires companies and site owners to be transparent about how they collect, use and share personal data. It also gives individuals more access and more choice when it comes to how their own personal data is collected, used, and shared.
We have taken various steps to ensure that our products and services are GDPR compliant.
For example, we added features to enhance user choice and bring more transparency to our practices around the collection, storage, and use of your data.
We offer our WordPress VIP data processing addendum for customers that require a DPA for compliance purposes.
We have also certified our compliance with the recently announced EU-US Data Privacy Framework.
Shared Principles
User privacy is critically important to us at WordPress VIP. Our privacy principles align with many of the GDPR principles, and we built our products and services with those principles in mind.
For example:
- Data minimalism. We designed our services to minimize the amount of data we collect.
- Control of Your Content. We aim to give you as much control as possible over who can see your content. The Privacy Settings give you choices to make your site public, private, or hidden from search engines. And Page Visibility gives you options about who can see specific pages on your site.
- Strict Guidelines on Providing User Information to Governments. We understand that safeguarding our users’ private information is a vital aspect of the trust our users place in our services to keep them safe, and in some cases, anonymous. Our Legal Guidelines describe when we will disclose user information in response to requests from law enforcement or from complainants in civil litigation. (And we have a reputation for challenging overbroad requestsーfor example, we successfully argued to lift non-disclosure orders on National Security Letters from the U.S. government that prohibited us from revealing information about those requests to our users).
- Your Security is Our Priority. While no online service can ever be 100% secure, we work very hard to protect our platform and your information from unauthorized access.
- WordPress Sites are Portable. Your site is yours and your content belongs to you.
- We provide guides in our documentation that explain how our plugins collect data.
WordPress Privacy Tools
New privacy tools are added regularly to WordPress software to help you manage GDPR. These include a privacy policy page, a privacy policy editing helper, a personal data export tool, and a personal data erasure tool.
You can learn more about how to use and integrate your plugin code with these tools in the WordPress.org Plugin handbook.
Subprocessors
We maintain a list of third-party subprocessors for your records.