First, What is GDPR?
The General Data Protection Regulation (GDPR) is the new reference text at European level for the protection of personal data. It strengthens and unifies data protection for individuals in the European Union.
This regulation will enter into account from May 25, 2018. If your site is not GDPR compliant, you risk heavy penalties. I think sites will be punished after a few months but it is still better to do it now.
Who is concerned?
Unless your site is outside the European Union and no country in the European Union can access it, everyone is concerned.
What should I do?
First, understand that I am not a lawyer, just a developer who has read many things about it, so contact a lawyer to be sure your site is GDPR compliant would be a good thing.
Make a site GDPR compliant is different for each site but here are some points to check:
1. Google Analytics
It depends on how you use Google Analytics on your site but this point is very important. For my part, I use Google Analytics to track visitors and cookies to collect data. The collected data are processed anonymously.
In order to be compliant with the new regulation, Google included a data processing amendment.
2. Your Forms
Every form on your website that collects data like names or email addresses needs to have a checkbox for the user to consent the storage of their data.
Great people created an amazing free plugin called WP GDPR Compliance, it is fully compatible with Contact Form 7, Gravity Forms, WooCommerce and probably more plugins in the future.
I don’t really understand why it has bad reviews, I think many users didn’t really understand its purpose or maybe it was not as good as it is now, but this plugin doesn’t make your site automatically GDPR compliant but help you a lot to make the task easier.
In the next release of this plugin, your users will be able to send a request to see all their data present in your database and also to request their data to be anonymized.
WP GDPR Compliance is very simple to use, you just need to activate it and go to Tools > WP GDPR Compliance. I use Gravity Forms on my site, so I added the checkboxes on all my forms and for the WordPress Comments too.
WooCommerce work on a new update to make their plugin GDPR compliant so you will probably have to do nothing on that side. I don’t know about Easy Digital Downloads but they will probably do a similar thing too.
There is also WP GDPR Compliance who have a setting for WooCommerce.
You can see in this post that it is not difficult to make a WordPress site GDPR compliant. You just have to keep in mind that every time you collect personal data from a European user, you have to let them know that their data is being collected.
To go deeper, you can read this great post on the Kinsta blog which explains many things about GDPR: https://kinsta.com/blog/gdpr-compliance/
Do not hesitate to ask questions in comment if you misunderstood a point or if you think I forgot to talk about something.