How to Make Your WordPress and WooCommerce Site ready for GDPR Compliance?

How to Make Your WordPress and WooCommerce Site ready for GDPR Compliance?


Updated: 1st July 2019

GDPR is a data protection law, (General Data Protection Regulation) that you will have likely come across, and now anyone who uses WordPress needs to make sure their sites are compliant with the GDPR laws. In this updated article for 2019, we explain GDPR in its simplest form, offering you an easy guide to ensure your WordPress site meets GDPR standards.

It needs to be clear that businesses who fail to comply with GDPR law requirements can face fines, therefore, to avoid the panic and bad press, all business websites must be updated and inform users of these changes to avoid facing any penalties.

What is GDPR Compliance?

GDPR compliance is the protection of EU citizens data and the obligations a site owner has in relation to their data, which are detailed below:

  • Users must be informed why their data is been collected
  • Users consent is crucial before collecting any data
  • Users are allowed to know who will be receiving the information?
  • Users can ask how long their data will be held
  • Users must be made aware of any data breaches
  • Access to their own data is allowed if they choose to
  • Users can delete their data if they choose to

GDPR Compliance with WordPress

The core WordPress software 4.9.6 is currently GDPR compliant, with the core team at WordPress adding features to make this software and site compliant for all users and visitors.

New WordPress GDPR plugins have been introduced which means there will be a unified descriptive methodology of the type of data being stored, where it is stored and how long it is there for. This plugin standard will also offer key information on how to safely handle the deletion of any user data.

The standard of the new plugin from WordPress, attempts to offer a solution of GDPR compliance when validating a plugin. This means that administrators will be able to handle GDPR compliance tasks. This solution of GDPR WordPress compliance is free and offers a simple guide in creating a file which will describe the different data the plugin is likely to use and is available for all to read.

Updating Your GDPR Privacy Policy for WordPress

The GDPR privacy policy for WordPress has changed, making it important for businesses to be aware of these changes and inform their consumers. Customers need to be notified of businesses updating their privacy policy because of the changes in GDPR and the changes in the GDPR WordPress privacy policy.

It is important to figure out what cookies and data are been collected on your website. Common cookies collected are google analytics, video players, push notifications and much more. Big sites like Google and Facebook also have to abide by the new GDPR law, no site should be avoiding sending out GDPR opt in forms to their consumers and visitors of their site. Abiding by a GDPR checklist will help you make sure your site is following the law, avoiding any fines.

What Areas Are affected on a WordPress site and how to make these GDPR Complaint?

On your website, the various plugins you use need to be GDPR compliant. These plugins store or process data like analytics, online store, membership sites, email marketing and contact forms.

Many WordPress plugins have already added GDPR enhancement features, for example Google Analytics has started anonymizing data before it is stored and processed, along with adding an overlay to make visitors to the site aware cookies are used, asking for their consent before tracking.

Google Analytics

Google Analytics has started to anonymize data before it is stored and processed, along with adding an overlay to make visitors to the site aware cookies are used, asking for their consent before tracking. To be able to do this using a plugin such as MonsterInsights can make the process easier.

Contact Forms

WordPress sites that use contact forms must have extra transparency measures added for if data will be stored or used for marketing purposes. To ensure your form is WordPress GDPR compliant you must get user consent to store the data and explain what their data will be used for. Complying with data request and data deletion is almost important.

Email Marketing

Email marketing is similar to contact forms, explicit consent from users’ needs to be established before collecting data and adding them to any opt-in forms etc.

How to make a Woocommerce Site GDPR Compliant?

Each website will be using a different set of plugins; therefore, it is important to research GDPR compliance on each WooCommerce site. The one size fits all approach doesn’t work; you need to be aware of what you need to do for your specific site to ensure you are abiding by regulations.

WooCommerce GDPR maintains the law of if you sell to customers within the EU or have shoppers from outside the EU your site must comply with GDPR. It is your responsibility to communicate to your customers how you are using their information. You may have to update your privacy policy to inform people your WooCommerce site is complying with GDPR.

What GDPR WordPress Plugins are available?

  • MonsterInsights – Ideal for Google Analytics, it is their EU compliance addon.
  • WPForms – A user friendly contact form plugin, offering GDPR fields and other features.
  • Cookie Notice – Integrates with top plugins like MonsterInsights and is a free plugin to add to an EU cookie notice.
  • Delete Me – A plugin that allows users to automatically delate their profile on your site.
  • OptinMonster – Advance software that has targeting features to boost conversions while being GDPR compliant.
  • Shared Counts – A plugin that loads static share buttons while displaying share counts.

What Resources Are Available to Help with GDPR Compliance?

There is a complete WordPress GDPR guide from Code in WordPress offering detailed information on how they will help plugin developers ensure they are GDPR compliant. GDPR will impact how every site in the EU operates, but luckily there are plenty of resources and help to assist you.


Author Gyles Seward

Gyles is our Managing Director and knowledgeable in all things WordPress.

More posts by Gyles Seward