Our Approach to GDPR in 2022

Apr 05 2018 Updated Sep 24 2021

The European Union (EU) General Data Protection Regulation (GDPR) goes into effect on May 25th, 2018. With WordPress powering over 30% of the web globally, this new regulation has prompted many ongoing conversations within the WordPress community.

As WordPress plugin authors and users ourselves, we’ve actively engaged in our own discovery and planning for GDPR.

Disclaimer: This post includes information and thoughts based on our own research. We are not lawyers and we cannot provide legal advice.

The General Data Protection Regulation (GDPR) is a new parliamentary measure that provides regulatory oversight on how personally identifiable information is handled by European Union (EU) member states. In more plain terms, it’s a law designed to increase data privacy for EU citizens.

This privacy regulation extends beyond EU-based companies; if your website collects personally identifiable data from EU citizens, your website needs to be compliant with GDPR. This includes data that is collected through contact form entries, user registrations, eCommerce sales, and even blog post comments, to name a few.

There’s a lot more to it, so we encourage you to do your own research to see how GDPR may affect your site. These resources can help get you started:

Data protection infographic (European Commission)
WordPress GDPR Guide (CodeinWP)
GDPR for WordPress (a validation framework project)
Automattic’s post on GDPR compliance

What We’re Working On

The Events Calendar has always been diligent about information privacy. We regularly conduct security audits for our plugins, as well as security audits of our website to help ensure customer data is securely processed by our servers.

For us, security and privacy are priorities that we routinely evaluate and revisit to ensure we’re providing the best service we can for our customers. Here are some specific efforts we’ve been working on in light of GDPR:

Data Collection and Privacy

Our existing privacy policy has been reviewed so we can identify updates that need to be made. We already include disclosures for information collection and use, log data, cookies, and behavioral remarketing. We also include disclosures relevant to our plugins that outline our data collection and use for both default and opt-in information. There are several other sections within our privacy policy that we’re revisiting in the interest of being transparent with our users.

For our free plugins available in the WordPress.org repository, we are working on adding a privacy policy and data collection statement that is accessible to users without requiring them to visit our website.

Compliance Assistance for Site Owners

We’re working on an additional policy statement on data collection that site owners can add to their own privacy policy that informs their end-users of any data being collected by our plugins.

Since site owners are responsible for sharing this information with their users, our goal is to make it as easy as possible for them to maintain their site’s compliance when running our plugins.

Improved Email Opt-in Choices

Although we primarily use our monthly newsletter as a platform to inform users of news and helpful information related to our plugins, and readers always have the option to unsubscribe, we will be adjusting our signup process to increase the control over the types of emails a user wishes to receive.

An Ongoing Effort

The efforts we’re putting into GDPR compliance—and user privacy in general—are too long to list in this blog post. Our team understands the importance of this issue to our users, and we’ll continue to work hard and earn your trust and your business.