GDPR: How to make sure your website is compliant

Data privacy has been a huge issue for end-users in the last few years. Since the beginning of the internet, companies have opted to gather more and more information from their users to provide better-tailored content.

While this can improve user convenience, with huge leaks such as Cambridge Analytica, data privacy is becoming more and more of an issue.

What is GDPR?

The General Data Protection Regulations – or GDPR for short – applies to all companies which are based in the EU and any companies that have customers in the EU.

It’s a policy that is meant to improve the privacy of end-users and ensure that any data-gathering is clearly mentioned to the user or visitor.

One example of this is that a website must include a banner to inform you about cookies that are being used on your website – and to give an option to reject the usage of cookies.

Below are some key points of GDPR:

  • Websites must disclose that they are gathering personal data
  • Visitors or customers must be informed about why, how, and where their data is stored
  • Customers have a right to request a copy of their data or for their data to be fully deleted

Consequences of not complying

If you are the owner of a larger website, the chances are higher that your website might be reported for any violations.

The fines for GDPR violations can range up to €20 million, or 4% of the annual revenue.

How to make sure your website is GDPR-compliant

Most websites from pre-GDPR times were built in a more lenient way, with analytics, cookies, IP logging, and more. With GDPR, this all changes, and any data gathering has to be explicitly explained.

Due to this, you will need to make changes to your website to ensure it is compliant with GDPR.

1. Triple-check your Privacy Policy

The most important factor when it comes to GDPR is your privacy policy.

Make sure to update your privacy policy to ensure that all the necessary disclaimers are clearly laid out and cannot be misunderstood by the reader. The way you collect and use end-user data should be explicitly stated, as well as the reason for using it. Any data sharing with third parties such as Google Analytics should be noted as well.

Copying another website’s privacy policy can sometimes be a great starting point. But don’t rely on their policy to also fit your website. Make sure to double-check and ensure everything is clearly stated.

Where applicable, also state the ways in which you don’t use data, such as:

  • We do not sell user data
  • We do not share user data with third parties

If you are not sure what you should include with your privacy policy, contact a legal expert that specializes in GDPR compliance.

2. Make sure to ask for permission to use Cookies

GDPR also states that cookies contribute to personal data, which can be used to identify them. Due to this, you must obtain clear and explicit consent to use cookies with a specific visitor.

The best way to handle this is to place a one-time pop-up that shows up the first time the user visits the website and asks the user for permission to use cookies. Once they accept, you can use cookies and not show the pop-up anymore for that visitor.

wordpress gdpr cookie compliance

However, if they reject, you need to stop placing cookies in that visitor’s browser. This is not always the easiest to accomplish, but you have to do it to be compliant.

When it comes to WordPress GDPR compliance, you can use a cookie consent plugin that blocks cookies if the visitor declines the permission.

Some WordPress plugins for Cookie Compliance do not actually block cookies, so make sure to find a good plugin that will also block cookies in the event that the visitor rejects them.

3. Update your software

WordPress versions 4.9.6 and higher have more privacy options integrated directly into them, such as:

  • Explicit consent to save data while commenting
  • More data export and erase features
  • Privacy policy generator

WordPress as one of the most used applications has to update the software with GDPR compliance to stay relevant.

This is the same with most other code such as Themes, Plugins, or other applications. If they do not update to better support GDPR, then they lose a huge percentage of the market, which is Europe.

Benefits from updating your software will vary depending on what you are using, you can look through the changelogs for any information.

4. Make sure to check your forms

Contact forms have the potential – and on some websites already store – a large amount of information. When it comes to forms, the best policy is to not store any data. The next best option is to store as little as possible for only as long as you need it.

If you are storing full form data, make sure to check how much of that data you actually need.

In case you need to store this information, make sure to provide a checkbox under the form where the user can explicitly consent to store the data.

Bear in mind that for WordPress GDPR compliance, you have to check which form plugins you are using. There are some plugins that store the data in the database for referencing later. Usually, you can disable this feature, so check your settings to make sure you are compliant.

Conclusion

Have in mind that it is not possible to cover all the steps you need to take to ensure your website is GDPR-compliant in one article. Take this article for what it is – a guideline or starting point for your GDPR compliance.

There are online scanners available to help you scan your website and find any issues.

We hope this article helped you with GDPR and WordPress GDPR compliance and allowed you to take the first steps to full compliance with GDPR.