How to Ensure GDPR Compliance on your WordPress WooCommerce Site (with Videos)

Sujith Reghu

Generally, GDPR guidelines can be confusing to WordPress and WooCommerce site owners. It is important to follow these guidelines if you are doing business with European Union citizens. A lot of WordPress WooCommerce site owners are probably wondering how to ensure GDPR compliance on their WordPress WooCommerce sites. In this article, we will discuss a few strategies that will help you ensure GDPR compliance on your WordPress WooCommerce website.

Table of Contents

Features to help you ensure GDPR compliance for WordPress

You need to ensure GDPR compliance if you are running a WordPress website or a WooCommerce store. The latest versions of WordPress come with a range of features to help you to comply to these requirements. Let us look at a few WordPress features that will help you ensure GDPR Compliance.

Comment cookie opt-in

When a user leaves a comment on your WordPress site, their name, email and website are stored by WordPress as a cookie. This will enable them to leave a comment easily next time without retyping their information. Now, GDPR requires to take consent from users before storing their information.

The latest versions of WordPress have the option to take the consent of users to store their information. On the Comment form, where users type a comment, there is a checkbox that requires them to give consent to save the details for the next time.

Ensure GDPR Compliance — In the latest versions of WordPress, you can display a cookie consent form to users trying to leave a comment.

If you do not see this checkbox by default, you can enable it from Settings > Discussion on the WordPress admin panel.

If after enabling the opt-in form, you still can’t see it on the comment form, it might be an issue with the theme you are using. Try updating the theme and if it is still not working, you may have to contact their support team.

Export or Erase Personal Data

WordPress offers options to export or erase personal data based on your user’s request. As a site owner, you will be comply to such request from users with the help of these features. Under ‘Tools’, you can find two options ‘Export Personal Data’ and ‘Erase Personal Data’.

Based on the user request, you can quickly export or erase their data after an email verification step.

Privacy policy generator

You will be able to access the Privacy Settings page through Settings > Privacy. Here, WordPress offers you an option to specify a privacy policy page for your store. If you already have a privacy policy taking GDPR guidelines into account, you can select that. Otherwise, WordPress offers an option to help you create a new privacy policy in accordance to GDPR guidelines. To try this out, you can click the Create New Page button.

That will lead you to a privacy page template, that includes information on what all to include in your privacy policy. It includes some of the WordPress related compliance aspects. You can add the other aspects such as Analytics, Contact Forms, etc.

You can use this template to create a basic structure of your privacy policy. However, you will need to include all the details of private data usage from the plugins and tools that you use.

Analytics tools, CDN services, opt-in popups, push notifications, video players, etc generally will store cookies. You need to find out all the cookies set by third-party tools and plugins on your website. The complete data should be visible to users. Contact Forms on your site need to be updated according to GDPR. Most popular contact form plugins are updated accordingly, and they will have consent forms while collecting customer information. The same is applicable to building an email list for newsletters. You should take care to disclose all these details in your privacy policy.

Update privacy policy if you are using WooCommerce

You need to update your privacy policy accordingly if you are using WooCommerce. The latest versions of WooCommerce offers several options to help you set up your privacy policy. You need to set up the policy and then make relevant disclosures in your privacy policy.

You can set the privacy policy with WooCommerce by navigating to WooCommerce > Settings > Accounts and Privacy.

Here there are different aspects of the privacy policy, which you can review and set up. For example, you can decide on whether you want to remove personal data from orders when you receive a request to erase. Here you can also define how long user data will be retained on your store for different scenarios like inactive accounts, completed orders, etc.

Please read our article on WooCommerce features that will help you with GDPR compliance for more information.

Cookie disclosure and acceptance notice

According to GDPR, you need to disclose all the details related to cookies to your customers. In addition to the mention in the privacy policy, you need to disclose the use of cookies through another notice on the landing page. Thankfully, there are several plugins that will help you in this regard. Here, we will take a quick look at a couple of these plugins and their features.

Cookie Notice for GDPR

This plugin helps you inform users about the cookies that you use on your site and ensure GDPR compliance. You will be able to create a customized notice with cookie information and will be able to redirect customers to a particular page for additional information. It helps you sync with your WordPress privacy policy page. The plugin offers several options for user interaction like to accept cookies on scroll or refuse functional cookies. It also offers an option to reload the page after the cookie is accepted.

The plugin offers several options to customize the cookie notice and you can even animate the message box after the cookie is accepted. It is SEO friendly and compatible to WPML.

GDPR Cookie Consent

This is another popular plugin that will help you display cookie content notice on your WordPress site. The plugin ensures that cookies are stored only after user consent and not by default. It offers an option to list out all the cookie details on the cookie policy page using a shortcode. You will be also able to customize the look and feel of the cookie notice to complement your brand and site design. Moreover, the plugin is WPML compatible and supports qTranslate.

Enable easy requests for personal data

With GDPR, you should allow your users to easily access the personal data that is collected and stored on your site. They should be able to do this easily if they want to request you for an export file or erasure. Now, how will you implement this? Are you going to handle all such requests through your email id? A better way would be to integrate a contact form to handle all the user’s personal data-related requests. Some of the popular contact form plugins like Ninja Forms have already incorporated specific templates for such requests.

Prompt alerts on policy updates and data breach

One of the other important requirements of GDPR is to promptly inform users about any policy updates or data breaches. This is particularly important if you are collecting and storing customer information on your site. GDPR compliance plugins can help you with automatic notifications in these cases. Here is a plugin that you can use for this:

WP GDPR Compliance

The plugin assists you in multiple ways to comply with GDPR. It will help you add the GDPR consent field to some of the plugins that you may be using. With this plugin, you will also find features like encrypted audit logs and double opt-in mail. Another important feature is to make user data anonymous on request.

WP Autoterms

This plugin helps you manage multiple terms pages on your website for legal compliance. These include a GDPR-compliant privacy policy, terms and conditions, and your cookie policy. The plugin automatically inserts links to the legal documents in the footer section. In addition, it also creates an announcement bar to inform users on any updates that you made to your legal documents.