This content originally appeared on Envato Tuts+ Tutorials and was authored by Franc Lucas
Is your website GDPR and CCPA compliant? Are you complying with strict regulations that require your website to protect personal data and privacy of citizens in European Union (EU) countries and in California? In this post, I'll show you how to quickly and easily make your WordPress website compliant with GDPR and CCPA.
What is GPDR?
The General Data Protection Regulation (GDPR) is a European Union (EU) law that took effect on May 25, 2018.
The goal of GDPR is to:
- ensure protection of data and privacy of EU individuals.
- give EU individuals control over their personal data
- change the data privacy approach of organizations across the world
Websites around the world that collect data on individuals in European Union (EU) countries need to comply with strict new rules around protecting customer data.
GDPR compliance requires that you give visitors choice over whether they want cookies or not and also how they want their data to be handled.
Here are some questions you should ask yourself so your can be sure you are compliant.
- Do you run a website that individuals in the EU have access to?
- Do you use Google Analytics or anything else to store personal data for statistics purposes?
- Do you collect users' data using forms like Contact Form 7?
- Do you use addons like MailChimp, Constant Contact to create mailing lists?
- Do you use live chat support or helpdesk to help visitors on your website?
You don't have to be a legal expert to make your website GDPR compliant. GDPR plugins make it easy.
What is the California Consumer Privacy Act (CCPA)?
The state of California also has a privacy and data protection law—this is called CCPA.
Here are some requirements of CCPA:
- cookie consent banner
- age verification
- do not sell my information document
- my account form CCPA disclaimer
Some plugins make sure you compliant with both GDPR and CCPA.
You will find these plugins on both Envato Elements and CodeCanyon.
Before we look at the WordPress GDPR compliance plugins, let's explore the benefits of a monthly subscription to Envato Elements.
Envato Elements: Unlimited Downloads
Envato Elements is a service that provides an unlimited download subscription, meaning that you are free to download as many items as you like from millions of digital assets.
The subscription is covered by simple commercial licensing that gives you the rights to use the item in a broad variety of projects, including those of a commercial nature.
The licensing is future-proof, meaning even if you unsubscribe and can't download items from Envato Elements any more, any existing uses that you registered are still covered.
GDPR Plugins on Envato Elements
With WordPress GDPR your website can easily be brought in compliance with the GDPR regulations.
Features of this all-in-one GDPR compliance plugin include:
- forget me: right to be forgotten forms
- data breach notifications
- request data archive
- cookie popup
- contact DPO
- newsletter unsubscribe
Integrates with WooCommerce, Mailster, BuddyPress, Facebook Pixel, Google Analytics, Google Adwords, Google Tag Manager, Hot Jar, Contact Form 7, Flamingo DB and other custom integrations. You can use this plugin with different languages by integrating it with WPML.
You will also find WordPress GDPR on CodeCanyon
This plugin complies with 7 key features of GDPR compliance:
- Cookie consent: informs users about cookie use and gets their consent.
- Term and Conditions consent: takes users automatically to your Term and Conditions page to gets their consent.
- Request Data Archive: collects data access requests and automatically informs the admin.
- Forget me form: create a form for users to request for their stored data to be deleted and automatically notify website admin.
- Data Rectification: allow users to request their stored data to be rectified.
- Data Breach Notification: notify data breach to all users as required by law.
- Control EU Traffic: display cookie popup for EU countries users only or refuse them.
The Ninja GDPR Compliance for WordPress plugin, which is also available on CodeCanyon, is compatible with most popular plugins related to GDPR requirements: WooCommerce, Contact Form 7, Gravity form, Mail Chimp, Facebook Pixel and Google Analytics.
GDPR Plugins on CodeCanyon
3. Bestseller: Ultimate GDPR and CCPA Compliance Toolkit for WordPress
Using Ultimate GDPR and CCPA Compliance Toolkit for WordPress you can take control of cookies from your dashboard using the advanced cookie management panel. From here you can use a one-click cookie detector to discover what cookies your website is using. You can block any third-party cookies you don't need. You also have the option to display cookie consent box on the header so it doesn't feel intrusive to users. You can customize your cookie boxes to match the look of your website by choosing from a whopping 34 styles and over 15 cookie notice skins.
With just a few clicks, you’ll comply with all GDPR requirements including:
- personal data access: a dedicated form for users to access currently stored personal data
- right to be forgotten: an accessible, dedicated form for users to request deletion of stored data
- requests for data access or deletion: easily browse these requests and set custom email notifications
- cookie consent: a dedicated box for cookie consent and cookie blocker until consent is given
- services consent: automatically add consent boxes for various forms on your website
- data breach notification: automatic global email notifications regarding data breaches
- pseudonymisation: pseudonymise stored user data
- privacy by design: manage, encrypt and erase all users’ data easily via your WordPress admin panel
- data portability: export all user data easily to JSON format or text files, with an option to automatically send via email
This plugin is is designed to be compatible with a range of popular themes, such as Divi and Avada, as well as other plugins and tools including: Contact 7 Form, QuForm, Gravity Forms, Facebook Pixel, BuddyPress, Google Analytics, WP Bakery Builder, MailPoet, Mailstar, Polylang, Wordfence and more.
4. Trending: WeePie Cookie Allow
WeePie Cookie Allow makes it possible your website to fully with the GDPR and CCPA.
GDPR compliance features include:
- icon to open the cookie settings pop-up that includes accept cookies button and decline cookies button
- change cookie settings
- blocking privacy sensitive or 3rd-party cookies before consent
- consent logging
- cookie consent only for EU visitors (disable cookie consent bar/box for non-EU visitors)
CCPA compliance features include:
- show a bar/box with a notice at collection
- add a link to your Do Not Sell My Personal Information (DNSMPI) page inside your Notice of Collection text
- opt out of placing 3rd party cookies
Third party cookies are automatically blocked.
Cookie Plus GDPR is a complete GDPR Cookie consent solution for your WordPress website. It automatically blocks all non-essential cookies from your website so no plugin or script will be able to add cookies in the user’s browser without consent. Cookies are added after the user has accepted cookies.
You can create your cookie popup form by choosing from 8 cookie pop templates. The consent popup form has 5 cookie categories that visitors can activate or deactivate. You have many options at your disposal to show your consent popups of cookies only to users in the EU by countries.
The plugin is easily integrated with forms, plugins, and themes used to collected users' data. These include WooCommerce, Contact Form 7, Gravity Forms, WordPress comments, BuddyPress, Google Analytics, Google Tag manager, Google Adwords, Facebook Pixel, DoubleClick and more.
If you use Bookly PRO on your website, then this plugin will allow you to comply with GDPR requirements by providing customers with a possibility to access, manage and delete their personal details and appointments list in a user account.
Let your customers return to your website at any time to manage their profile details and bookings that have been made. They’ll be able to:
- update the name, email address, phone number, customer information
- delete customer’s profile
- view appointments history
- view appointment details
- reschedule or cancel an appointment
Integrate Total GDPR Compliance plugin on your website and become totally GDPR compliant. The plugin is fully responsive. You have 30 customizable consent templates to choose from. Each template has a choice of 3 layouts: cookie bar, popup cookie, and floating cookie. It also includes "Privacy Policies" consent button and “Terms & conditions" consent button.
The plugin comes with a consent box for different WordPress sections such as the default WordPress login, registration, and comment submission, along with third-party plugins such as Woocommerce and Contact Form 7.
8. Easy GDPR
Easy GDPR makes your website GDPR compliant in a few easy steps. You can show the cookie popup to EU users who can accept or decline cookies. A cookie detector allows you to find out all cookies your site uses with one click. The cookies are grouped into categories.
Other features of this GDPR compliance plugin include:
- privacy and terms pages
- right of access by the data subject
- right to be forgotten
- right to data portability
- notification to users in case of a data breach
The plugin integrates with plugins that collect user data: WooCommerce, Facebook Pixel, Yandex Metrika, BuddyPress, Google Analytics, Google Tag manager, Flamingo DB, Contact Form 7, and Hot Jar.
9. WP GDPR PRO
WP GDPR PRO covers cookies consent, creating a delete my account form, request data form, and erase data form. It also handles data breach notifications. Users can submit various requests using DPO forms and admins can manage all requests in the back-end. Google reCAPTCHA is integrated to each DPO form to avoid spamming. All forms are fully multi-lingual using the WPML plugin.
You can set cookie popups to appear at the top, center, or bottom position. You can also add DPO forms in the sidebar using a widget. Admin can display cookies consent notification in all pages and also display all important blocks using shortcode anywhere.
EasyCookie is a lightweight, fully responsive plugin that helps your website comply with GDPR regulations. You can place cookie notification bar at the top or bottom of the page. You can enable auto-accept on page scroll and even choose the number of days the cookies can be valid. The cookie notification can also include emojis if you choose to use them. The plugin is Bootstrap compatible.
Free WordPress GDPR Plugins
CookieYes is a popular cookie consent and compliance notice plugin with over a million downloads. It assists in making your website compliant with privacy regulations:
- GDPR for EU citizens
- the LGPD for Brazil
- CNIL for France
- CCPA for California.
The WP AutoTerms plugin helps you with a wide range of legal requirements your WordPress website might be required to keep up with, such as the CCPA or the GDPR law or Amazon Associates requirement to have a disclosure for affiliate links.
This plugin is for German language users of WP GDPR. As a web admin, you onl have two simple tasks: selection of the services used, and filling in a few input fields
WP GDPR does everything else:
- creation of the cookie popup
- creation of the cookie notice
- control of services
- control of embeddings
- generation of the data protection information
- creation of the imprint
All translations have been translated by sworn and certified interpreters. Official certified by WPML. Works also with Polylang and WPGlobus.
Data collection is part and parcel of our daily lives. Our online activities generates data that is tracked, stored, parsed, packaged, shared and sold. This data is used to create individual profiles that are quite often misused. Having control over our data and privacy is now more important than ever.
What is GDPR?
General Data Protection Regulation (GDPR) is a European digital privacy law designed to give EU individuals more control over their personal data.
Personal Data, Privacy by Design, Consent
Here are the key principles of the GPDR:
- Businesses and websites offering goods and services to individuals in the EU or monitoring behavior of EU individuals have direct responsibility of securing individual data in their possession.
- All businesses and websites have the responsibility to implement appropriate privacy policies.
- IP addresses, geolocations, device identifiers and other online identifiers constitute personal data that can be used to identify individuals.
- Pseudonymisation of personal data will minimize the risk of individuals from being singled out or profiled during processing. Genetic data and biometric data is categorized as sensitive data in need of greater protection. Religious beliefs, web cookies, and political opinions can also be personal data.
Under GDPR EU individuals have the following rights:
- to know what information about them has been collected
- to know how their data is collected and used
- request changes to their data where there is mistakes
- request their data to be deleted
- refuse any data processing requests
Under GDPR all businesses including your blog and websites should do the following:
- ask in clear and simple language for users consent before processing their data
- send data breach notifications to users when it happens
Become GDPR Compliant Now!
Put the control of data and privacy in your visitors hands with GDPR compliance plugins from Envato Elements and CodeCanyon.
If you're thinking of offering better support services for your customers, these posts will guide to some of the best plugins for this purpose available on CodeCanyon. Remember you will also need to give your customers a choice on how they want their data handled.
This content originally appeared on Envato Tuts+ Tutorials and was authored by Franc Lucas