By now you have probably heard of the new European Union law GDPR (General Data Protection Regulation). Recently, I have received quite a few inquiries from clients asking whether this new regulation affects their website. I have taken the time to research this issue and my answer to them is “yes”, all websites should follow this regulation. In this article I will explain the 6 steps to making your website GDPR compliant. These 6 Steps may not cover everything you need to do, but it’s a good start, especially if you have a wordPress website.

What is GDPR?

The General Data Protection Regulation came into effect on May 25, 2018. The goal of the GDPR is to give EU citizens better control over how their personal data is used and change the approach of data privacy around the world. If a website is not GDPR compliant, hefty fines will be charged. You can read more about what it is here.

You might think that this law does not affect YOU because your website customers are not in the EU. This is simply not true. If your website has VISITORS from the EU then it needs to be GDPR compliant.

Here are the 6 steps I have taken to make my wordPress website GDPR compliant:

Step #1 – WordPress Data Export & Erasure Feature

With the new GDPR regulations you will need to honor a user’s request to either export or erase their personal data. WordPress has accommodated this request by adding a new tool in your dashboard called “Export Personal Data”. You should become familiar with this in case someone contacts you with this request.

Step #2 – Check that all Areas of Your Website are GDPR Compliant

You will need to go through all of your plugins, shopping cart and email marketing etc. to see what measures you need to take to make sure you are GDPR compliant.

For example, I had to update my contact form. Luckily I use WPForms, which has a built-in GDPR consent box that I added to my contact form. This is the text that it added with a checkbox:

“I consent to having this website store my submitted information so they can respond to my inquiry.”

On my website I have an email opt-in form that was created using the Thrive plugin. I made sure that I added a double opt-in to all my signup buttons.

If unsure of how to do it, check with your web designer to find out how to update all the areas on your website so they are GDPR compliant.

Step #3 – Add Comments Compliance Checkbox

If you use the default wordPress comments you can go into the comments section of the dashboard and follow these steps to add a disclaimer. Once done the following checkbox will appear above the send button.

“Save my name, email and website in this browser for the next time I comment.”

Step #4 – Update Privacy Policy to Make Your Website GDPR Compliant

You will need to change your current Privacy Policy so that it is significantly more transparent about the personal information you are capturing.

I changed my Privacy Policy using an automated generator by iubenda. When asked, I included all the services that potentially collect data on my website, ie. Google Analytics, Facebook, Twitter, Mailchimp and Askimet. You can get the Free or Pro version. The cost of the Pro version starts at $27/year which is much cheaper then hiring an internet lawyer or trying to write one myself. The privacy policy you generate is stored on ibuenda’s server and is constantly being updated as laws change. In the long run, using an automated generator to create your privacy policy will save you both time and money.

Step #5 – Upload Google Analytics Add-on

Google Analytics tracks all kinds of user information which is a huge issue when trying to make your data collection more transparent. One of the most popular wordPress plugins to add analytics is Monsterinsights. Luckily I use this well supported plugin and it was easy to fix. I upgraded to the Monstersights Pro version and then I downloaded the EU compliancy add-on.

Step #6 – Add Cookie Notification Plugin

With the website GDPR compliance regulation you need to inform all users of cookies that might be downloaded to their computer when they use your website. I added Cookie Notice plugin which includes a disclaimer on the bottom of my website, that the user can choose to accept. Here is what the disclaimer says:

“We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.”

So now the question you might have is “what if I just leave things and don’t actually follow through with any of these changes?”. Whether you like it or not, GDPR became a law on May 25th, 2018. This affects all websites even if your customers are not in the EU. If your website is still not compliant, don’t worry. You have some time to fix it.

This may sound like a lot of changes but once you figure it out, making your website GDR compliant is worth it in the end. If you have any questions, please contact us and we will help you get your website GDR compliant.