The General Data Protection Regulation (GDPR) is Europe’s new framework for data protection laws, replacing the 1995 data protection directive. EU legislation says that is designed to harmonise data privacy laws across Europe and that its main purpose is to give greater protection and rights to individuals. After publication of GDPR in May 2016, it will come into force on May 25, 2018.

In a nutshell, GDPR protects user data in just about every conceivable way. Both personal data and sensitive personal data are covered. Sensitive personal data is easier to describe, as the usual suspects like genetic data, information about political views, sexual orientation, religion etc, belong to that category. Personal data, more or less, means any information that can be used to identify a person, starting with name and address and can also include email and IP addresses.

In short, every company, organization and individual that are processing or controlling datasets of their customers or website visitors will be covered by GDPR. It will affect any business that does have customers who reside in the EU.

In order to be GDPR-compliant companies must handle customer data with the utmost care and attention. However, that alone is not enough, and customers have to be provided with tools to control, edit and also delete any information pertaining to them. Furthermore, any data that is handled has to be protected, meaning that anonymization and encryption are two important aspects that come into play. Another very important factor is that customers have to be asked for their consent explicitly, before their data is collected and processed.

It’s important to note that it is the responsibility of every company or website owner to prepare their sites for GDPR compliance. It is not the duty of any framework used to create and manage a websites compliance, solely. In almost all cases a lot of manual fine tuning will be needed. Generally speaking, that means there is no use in asking “Is WordPress GDPR compliant?” or “Is Avada GDPR compliant?”. For example, Avada itself will never be violating the GDPR criteria as it does not collect any data. It is a powerful tool to create websites, and the end users website is what will collect data and the data collected will be different for every usecase.

Does that mean that WordPress and Avada users are left alone in their fight for compliancy? No, not at all!

An article about GDPR Compliance Tools in WordPress was posted on WordPress.org shedding light on the new privacy features that WordPress has added to its latest release 4.9.6, which shipped on May 17, 2018.

The main features are new areas for handling data export and erasure requests, a new privacy policy page and also a consent checkbox for the comments form.

On top of the new WordPress features, ThemeFusion decided that we wanted to give our userbase even more possibilities to get their sites GDPR compliant. In the following we want to present you the main new features in Avada 5.5.2

When you are using Google fonts that usually mean retrieving the font files from their API, which includes sending the IP addresses of your users (which are considered to be private data) to Google. You might find that circumstance worrisome, but at the same time you don’t want to do without the nice typography options Google fonts offer. Avada to the aid. We have added a new Theme Option that easily allows you to decide whether Google fonts should retrieved via the Google fonts API, or if they should be hosted locally on your server. View the new Theme Option below.

Avada 5.5.2 offers a variety of elements and widgets that help you to utilize third party content, like YouTube and Vimeo videos, Google Maps, Facebook and Twitter timeline, Flickr images, SoundCloud files etc. While all of these third party services enrich your websites, they also do collect data about your users. IP addresses, location data or user activity tracking, to name a few. Under the GDPR it is necessary to ask visitors for their explicit consent if data should be passed along to third parties. While that is generally not possible to achieve with embeds, on the other hand, similar to Google fonts, you don’t want to lose these services on your site.

Our development team has come up with a very nice and easy to use solution. We added a new Theme Option to prevent embeds from loading until user consent is granted. For any of the third party services, which you can freely choose from, you add to the consent list, the embeds will stop to be loaded on page load. Instead your users will see a placeholder graphic, with custom text on it and a button to accept this third party service. The background color and text color for that placeholder can be set in Theme Options.

We have also added a Fusion Builder privacy element, that you can easily add to your privacy policy page, or wherever it fits best for your site. It will display checkboxes for all services you chose, and will show to each of your users which of the services they have consented to and which not. They can also easily update their consents within that element.

The whole setup is cookie driven, and thus we also added an option, so that you can set a custom expiration date for that cookie. Once it is expired your users will have to set their consents newly according to their preferences. Check out the images below of these third party embed tools and settings.

In Avada 5.5.2 we have also added a new option to display a consent checkbox on the contact form page. The label can be easily customized in Theme Options to reflect your needs which you can view below.

In previous versions, we used the default WordPress note before the submit button on the user registration element in Fusion Builder. In Avada 5.5.2, to give you full freedom of choice, and added a new setting to show custom text before the submit if you want to inform a new user about GDPR compliance. View the new custom registration notice message field for the user registration element below.

For Avada 5.5.2 we did focus a lot on GDPR, but we also wanted to give you some other nice features to work with, to make your work flow even easier. Here are some of the coolest ones:

And don’t forget to check out our last major update Avada 5.5 packed full of new features and improvements.

The whole team here at ThemeFusion wishes you all the best for your GDPR preparations, and we will keep working on other great new features for you, so always stay tuned for the next Avada update.