If you are using WordPress, operate as an entity/organisation/individual in the United Kingdom (UK) and hold any personal data (data which can relate to an identifiable individual) you need to be aware of the legislation covered by the Information Commissioners Office remit; and the consequences of non-compliance with the Acts and Regulations.
The Information Commissioners Office is responsible for enforcing breaches of the Data Protection Act 1998 (DPA), with maximum financial penalties of £500,000. Depending on the breach, there are also potential criminal offences.
As WordPress is often used for e-commerce, newsletters, blog subscription, digital marketing purposes etc., the Privacy and Electronic Communications Regulations (PECR) (closely linked to/with the DPA) often become applicable.
Advice, guidance and help can also be gained on the wider legislation from eNaycH Data Protection & Privacy Services.