• Author
  • #3105337

    Hello everyone! It’s still not clear for me what should I do with the whole GDPR thing. If I have a free blog on WordPress should I do something or our happiness engineers will do everything necessary? I have a free blog and I, personally, don not collect any data since the only purpose of this blog is sharing my hobby (my writing). So what should I do?

    The blog I need help with is



    If you don ‘t collect personal data, you mustn’t do a thing.


    Hy @staartmees ! Thanks for your quick reply! That was what I understood too, but I read some discussions on a Facebook group that left me puzzeled. Thanks again for claryfing :) Have an nice day/evening !



    Note that you do collect personal data: readers can subscribe to follow your blog, which means they provide their email address or Worpress-accountname. Those things are personal data. Your blog (WordPress on your behalf) collects also other personal data through the use of cookies.

    This page contains useful info:


    Thanks @jsbach! I know that those are personal data, but since my blog is a Free WordPress blog and for much as I understand they collect this data and manage the cookies, subscriptioms, etc. And from all I have read the GDPR regulation does not seem to be focused on the type of blog I have, that’s why it is very unclear to me if I should do something or not.


    Hi cuvintenegandite,

    I just wanted to add that we are actively working on implementation of the new GDPR regulations so ensure we are compliance when they come into effect:

    This support documentation contains all of the information we can provide at the moment.


    I have read the above link (and been all over the internet) but it seems to talk about how WP handles my personal data and doesn’t answer my confusion with regard to the fact that I have a free site/blog on WP and I don’t understand if I have any responsibilities regarding GP and others’ data. Is WP responsible for the data that is collected during the everyday running of my blog, or am I?


    I have the same doubts as you @helenpollardwrites. I have read many times the article mentioned by @gemmacevans and many others, but it still I have no idea if I have to do something or not.



    Hello there, May I make a suggestion? If you aren’t using the EU Cookie Widget on your site, you might start by adding it.

    At some point WordPressdotcom may make an announcement on the Blog about GDPR, so you might want to follow that blog if you aren’t already.


    Thank you, justjennifer. I’ll do that. But I know a lot of people are confused about this and don’t feel they have the info to make decisions. I know of some people who have actually deleted their blogs or taken off all comments and comment facilities etc. Anyway, I’ll follow your suggestions, thank you.


    @justjennifer, I still don’t understand if applying this widget will mean I fully comply, and I still don’t understand who is responsible for the data held on my site, me or WP?



    Hi helen,

    you are responsible for your Blog. WP only in this case, that you need an contract about order data processing with WP and Jetpack and Askimed … (and so on?) (So dear stuff, how long we have to wait for that?)
    You have to put a new Data security deceleration on your side. The old one dose not work any longer.
    You also need an PlugIn or Widget for a Datasecurity-checkbox for any Comment posting. (So dear stuff, how long we have to wait for that?)
    The EU Cookie Widget is ONLY for a checkbox for accepting Cookies on your Blog.
    And again: So dear stuff, how long we have to wait for that? Time is running! The rip-off lawyers are in there starting holes!



    Hello again, Helen, the EU Cookie widget is only a first step, which EU users were encouraged to enable on their site when the EU Cookie Law came into effect. This is also why I suggest following the official blog as announcements of this sort are made there.

    The General Data Protection Regulation comes into effect on 25 May, so whatever tools will be made available to WordPressdotcom users should be in place by then. I agree it is difficult to wait for additional information about what we users need to or should do on our sites about GDPR, but the only official information we have at the moment is what is written in the GDPR support guide as mentioned earlier. That document is being updated by Automattic, WordPressdotcom’s parent company.

    In the interim, you might consider adding a privacy policy for your own site and link it to the WPcom GDPR support guide, Privacy policy and User Agreement. (FWIW- If you haven’t read those lately, it is always a good time to do so.) There are also good resources for understanding the GDPR linked in the support guide.

    This also doesn’t necessarily mean your site is in compliance, but it is one step closer to where you want to be on the 25th.


    Thank you, @justjennifer. This is all much appreciated. I have one more question for you, if you could spare the time – sorry. If I were to delete my blog/site before 25th, what would happen to the data that had been therein?



    From the current Terms of Service:

    If you delete Content, Automattic will use reasonable efforts to remove it from, but you acknowledge that caching or references to the Content may not be made immediately unavailable.

    I am not privy to what that timeline may be and this does not include any search engine cache of your site content, which you need to approach each search engine to have it removed.

    Deleting a WordPressdotcom site also means the site URL is made unavailable, not just the content.

    Again, this is in flux and may change. I’d advise patience, as hard as that may be.


    @justtjennifer, I am so sorry, but I don’t understand. I understand the URL would be unavailable as well as the content, if I delete the whole site. I don’t understand about search engines?



    Search engines, such as Google, Bing, Yahoo, crawl and may cache your site. Essentially they keep cached copies of your site available on their servers.

    When you delete your WordPressotcom site, those search engines may retain their cached copies until they crawl your site again (can take up to 2 months) and find that your site has been deleted. More here:

    Hope this helped.



    And just to add that with GDPR coming into effect, the process of removal from search engines may also be in flux. You’d need to check out each search engine’s help desk.


    Thanks everyone for all your useful help and information! It’s becoming clearer for me :)



    After I disabled all social media plugins because they are seen to be highly critical in GDPR (DSGVO), I have the following question:
    What about the “Follow” and “Like” button? Are the GDPR (DSGVO) compliant? Surely there must be a remark in the privacy policy.

    And, of cause, I need to have a contract with for handling and storing user data from my site (sorry, I don’t know the correct name for this)

    And, I need it soon, these are only two weeks until Mai 25 !!!

The topic ‘GDPR’ is closed to new replies.