Whether your business runs in the EU or working with European customers, your website should adhere to the General Data Protection Regulation (GDPR). If you do not want to have any penalties or lawsuits filed by users who worked with you or tried your services, you should make your WooCommerce site GDPR compliant.

In this post, we will discuss the major steps you should take to play by the rules. The eCommerce projects should seriously consider implementing GDPR elements into their online resources because they directly work with customers, collect their personal information, and should make people feel sure that their sensitive data is protected from any risk. So, here’s how you can make your WooCommerce website compliant with the latest GDPR demands


How to Make Your WooCommerce Site GDPR Compliant 

WooCommerce GDPR maintains the law, or if you sell in the EU or to the European customers, then your eCommerce project should be compliant with the GDPR law. It is the responsibility of your WooCommerce website to inform your visitors of how you use their data. You should also give people the freedom to decide if they agree to the terms of your privacy policy or not. 

Use WordPress 4.9.6 and higher 

To get started, update your WordPress core installation to version 4.9.6 or higher. It’s set by default that this WordPress version automatically makes your web project set up for the GDPR compliance success. Here are some of the critical features dealing with the General Data Protection Regulation that are included in this WordPress update. 

Policy Generator

Add the privacy policy page to your website or introduce your audience to the existing privacy policy rules. To access the privacy policy page, navigate to your WordPress dashboard, and click Settings > Privacy. You’ll be asked to set the privacy policy page or generate a new one. 

privacy-policy-page

If you need to create the privacy policy page from scratch, make sure that it includes privacy information and disclosures related to your WordPress core. Also, provide suggested details that point out to your website’s GDPR compliance. This includes Contact Forms, Contact Information, Analytics, Breach Disclosure, and more information. 

privacy-policy

Comments Cookie Optin

It’s set as the default settings that WordPress stores cookie, which frees users from the need to retype their information every time they leave and come back to your website. In WordPress 4.9.6 and higher, there is an optin included in the comments form. 

Data Export and Erase

In the Tools tab of your WordPress dashboard, there are two new options: to Export and Erase personal data. If your website collects user information, you can erase or export their details from the WordPress database whenever you receive their request. 

Keep the Privacy Policy Updated 

As long as your website grows and you add new plugins, services, and extensions, you’ll need to include disclosure for all of the cookies and data that you collect on your website. 

Depending on the information that you ask your customers to share, here are some of the most common points that are worth an update in the cookie policy. 

WooCommerce Data

Every WooCommerce store should add disclosure of how they retain customer information, for how long, and what they do with it. 

Make sure that your privacy policy includes the necessary disclosures. For example, you may add a section telling why you need to collect users’ personal information. You may also highlight in what ways the sensate data is users (e.g., for promotions, to proceed transactions, manage shipping, etc.). Do not forget to mention what actions you take to protect user information and process payments on your web store. 

Cookies 

Depending on the services that you use, your website may use cookies through

  • Tracking services like Google Analytics;
  • Ad networks like Google Adwords;
  • CDN services;
  • Optins or pop-ups;
  • Push notifications;
  • Shopping carts, and more.

If you do not know what cookies your eCommerce website uses, there is a simple way to find it out. Open your web browser and clear cookies and browsing data in Settings. Choose to clear cookies and history for all time. When the cookies are clear, navigate to the homepage of your web store and blog. Next, inspect your web page to open the developer tools. If you use Google Chrome, then click on the Application tab > Cookies. From here, click on the URL address of your website to check all of the cookies being set on your WooCommerce site. These details should be mentioned in the Privacy Policy. 

Contact Forms

Contact forms are essential elements of any web page that aim to better engage with the audience. Many contact forms plugins let you integrate the respective functionality into your website. Contact Form 7 is one of the most popular solutions. Make sure that your contact form features the acceptance checkbox. The latter can be added using the following rule before the submit button:

[acceptance accept-this-1] Check here to consent to this website, storing my information so they can respond. [/acceptance]

The developers of wpForms plugin have already integrated the contact form with the GDPR agreement module. To activate it, navigate to the setting in the wpForms and add the GDPR agreement checkbox. This way, your customers can confirm that they consent to share their personal information with your website. 

Newsletter subscription

Similar to the contact forms that you add to your website, the newsletter subscription form should also include a checkbox or a feature a double-optin to your email list. Most popular email services include the double-optin option, which you can enable in the settings of your pop-up message or the newsletter subscription widget. 

Add a Cookie Notice to your WooCommerce Store

I think you have noticed that all websites that you visited after the GDPR update have updated their web pages with cookie notices. This is one of the best techniques that make your web page GDPR compliant. Simply put, adding a cookie notice to your website makes it visible and transparent to every visitor that your web project uses cookies. It’s always a good practice to combine using a cookie notice and explain how you use cookies in the privacy policy. 

There are many WordPress plugins to add a cookie notice. The free Cookie Notice and premium WeePie Cookie Allow plugins are some of the most popular solutions. Use them to add cookie notices that match the design and style of your website. The plugins are mobile-friendly and perform smoothly on all types of screens and devices.  

Privacy Policy Updates

Suppose you offer users to create personal accounts on your web store or collect customers’ information via a newsletter subscription form or any other way. In that case, it’s essential to keep your audience updated about the changes to the privacy policy that happens on your site. 

As soon as you bring changes to the privacy policy according to the latest GDPR demands, put a notice in the email newsletter or through a pop-up. 

Users Should Be Able to Request to Delete Their Personal Details from your Store 

It is one of the crucial factors that GDPR compliant websites should offer their customers. Among many other things, WordPress 4.9.6 update has brought the possibility for web users to request sites to remove their details from the database altogether. To let a user share the request with you, you should first add the respective contact form to your site.

Plugins like Ninja Forms feature built-in Export Data and Delete Data requests. You need to install the plugin on your website, create contact forms, and add links to them in the privacy policy. 


Bottom Line

These are the significant instructions and activities that you need to take on your WooCommerce site to make it GDPR compliant. Just for your notice – we are not lawyers. This guide represents a collection of the essential steps that we have implemented on our site. The tips have proven to be effective, so we can recommend you to follow our advice. 

Before implementing any GDPR techniques and applying changes to the Privacy Policy, you’d better contact a GDPR lawyer for a consultation. It’s essential to do it right and ensure that your website doesn’t violate any rules. Even if your business is not located in Europe, and you have a few EU customers, you’d better play wisely and optimize your web store according to the latest General Data Protection Regulation.

More articles by themes
If you notice that your website starts redirecting users to unknown websites, it is likely it was hacked. WordPress...
If you notice your WordPress website doesn’t load as fast as it used to, chances are its performance is...
Security is all we need. There are many ways to make your website a safer place on the Internet....

Contact

Feel free to reach out with a member of our team! We are excited to begin our collaboration!
Alex Osmichenko
Alex Osmichenko
CEO, Founder
Dima Osmichenko
Dima Osmichenko
COO
Clutch Logo
Reviewed on Clutch

Send a Project Brief

Fill out and send a form. Our Advisor Team will contact you promptly!

    Note: We will not spam you and your contact information will not be shared.