Even comment plugins collect personal information. As with contact forms, one of the easiest ways to make sure you`re compliant is to add a consent box. But this too can be a matter of what is called the legality of treatment. Data protection rules are contractual tools for websites and businesses to require their customers, suppliers and partners to ensure that their data processing is in compliance with the law. It is not relevant or necessary for the owner or the typical free website handyman. Although it seems that encryption is not required by law to satisfy the RGPD, it is highly recommended as you are responsible for the data. If you use a WordPress host like Kinsta, we are powered by the Google Cloud platform, which means that all data is encrypted at rest.