The General Data Protection Regulation (GDPR) entered into force on May 25, 2018. The GDPR sets new standards of data privacy and applies to any website that collects data from EU citizens. If you're running a website and at least some of your users reside in the EU, the GDPR rules apply to you.

More info can be found from the European Commission’s Data Protection page.

 

WordPress and GDPR Tools

WordPress 4.9.6 includes a few tools for GDPR compliance. It helps you collect info needed for your Privacy Policy based on your theme and plugins too. And, it provides a way to retrieve, edit, and export the data you collect.

The new tools are:

  • Privacy Policy Generator based on your theme and plugins.
  • Ways for site admins to list and export data collected.
  • Optin to obtain consent on comments to retain data.
  • A method for visitors to request and edit data held on them.

More detailed info can be found in this article.

 

Crane 1.3.0 adds new tools for GDPR compliance.

Note. Crane theme and its authors don't collect any sort of information from your site.

Google Fonts

When you are using Google fonts that usually mean retrieving the font files from their API, which includes sending the IP addresses of your users (which are considered to be private data) to Google. We have added a new setting that allows you to decide whether Google fonts should be retrieved via the Google fonts API, or if they should be hosted locally on your server.

Note. The option below toggles the location of Google fonts in the Theme Settings. The location of Google fonts in plugins should be regulated in the settings of the plugins themselves. You can disable Google Fonts in plugins WPBakery Page Buiolder and Ultimate Addons by setting font to Theme Defaults.

Embeds

Crane theme supports every embeds that provides WordPress. These are YouTube, Vimeo, SoundCloud and many more. While all of these third party services enrich your websites, they also do collect data about your users. IP addresses, location data or user activity tracking, to name a few. Under the GDPR it is necessary to ask visitors for their explicit consent if data should be passed along to third parties.

We have added a new setting which prevents embeds from loading until user consent is granted. Instead, your users will see a placeholder, with text and a button to accept that third-party service.

We also added an option, so that you can set a custom expiration date for that setting. Once it is expired your users will have to set their consents newly according to their preferences.

Privacy preferences toolbar.

If embeds privacy is enabled the Privacy preferences toolbar will be displayed on the site. The toolbar has 2 buttons: one for Privacy Preferences Modal window and another for agreement.

Clicking on "Privacy Preferences" button will trigger a modal. It will display checkboxes for all the services you choose and will show to each of your users which of the services they have consented to and which not.