GDPR Compliance

Are you GDPR Compliant?

Ok, do you know what GDPR is, right? Also, why it’s so important for your website to be compliant?

Well, GDPR, or ‘General Data Protection Regulation’ is important to any website that can be visited by people in the European Union – so any of the countries listed on this page (including Europe and the United Kingdom).

Non Compliance can lead to you being hit with a crippling fine of 20 million euros or 4 percent of a company’s annual turnover for a data breach – whichever is greater.

That’s full on! So naturally, you should have your website ready and GDPR Compliant so I created a quick guide to how I personally approached the situation. But first…

DISCLAIMER: I am not a lawyer or solicitor.  The following post should act as a demonstration of how I approached the GDPR.  I strongly advise you seek a qualified legal professional to get the final word on your GDPR Website Compliance – I cannot guarantee that this will make your website 100% GDPR compliant.  By reading this article you hereby agree to take full responsibility for your actions and to seek legal advice before implementation.

If you want more information about the GDPR law itself, go to

This is what I’ve been doing…

So what do you need to do to be GDPR Compliant?

That’s a tough question…

Every single website is different so there is no ‘one size fits all’ approach.

Basically, you need to offer people the chance to give consent for any personal data collected from them before collecting it, along with the right to access the data and have it erased.  To back this up, you need an easy to find privacy policy and information about the cookies your website uses.  But it’s pretty particular, you may need to research the ins and outs of GDPR to be certain.

Consent is different depending on the data collected though.

Implied consent is apparently good enough for non-sensitive data, while explicit consent (nothing short of opt-in – not opt out) is required before collecting any sensitive data (more on that here)

Sensitive Data, according to this Criteo article,  is:

  • Racial or ethnic origin
  • Political opinions
  • Religious or philosophical beliefs
  • Trade union membership
  • Genetic data
  • Biometric data for the purpose of uniquely identifying a natural person
  • Data concerning health or a natural person’s sex life and/or sexual orientation

So if the data you collect doesn’t contain any of the above, an implied consent such as “by continuing to use our site, you agree to the collection of non-sensitive data” should work.  But if the above sensitive data is being collected, you must acquire explicit consent before collecting it (tick box or something similar that is unticked – it cannot be automatically set to consent, the user must actively give consent).

So below are some of the key items I focus on.

Upgrade WordPress to the latest version.

WordPress has recently added some GDPR components such as the ability to export and erase data upon request, adding a consent tick box for commenting and easily adding a privacy policy.

So this first step is easy, log into WordPress – hover over ‘Dashboard’ at the top left of the screen and click updates.  There you can update WordPress to the latest version.

I created a video here showing you how to update WordPress.

Create a Privacy Policy / Cookie Policy

I can’t help you write a Privacy or Cookie Policy, I have no idea how.  But I can point you in the direction of some tools!

  1. Free Privacy Policy Generator – to, uh, generate a privacy policy for free.
  2. CookiePolicyGenerator – Free Cookie Policy Generator
  3. Cookiebot – A more advanced Cookie Policy Generator and GDPR Compliancy Service.
  4. or speak to your solicitor/lawyer

You can then take the generated Privacy Policy and Cookie Policy and add them to your WordPress website – preferably linking to them in a site footer, sidebar or somewhere on every page of your site.

The updated version of WordPress has a ‘Privacy’ section under ‘Settings’ where you can add your Privacy Policy.

Add tick box to Forms on Pages

This is general advice.

If you have a contact form on your website, then you should add a box that needs to be ticked before submission, stating something along the lines of “I hereby consent for the use and storage of the data given in this form for communication purposes between myself and (whatever your name is)”.

That way they consent to you using their data after they’ve submitted it.

Install GDPR Cookie Compliance by Moove Agency

With this plugin, you can create a small popup asking people to consent to cookie usage on your site.

I personally turn off a lot of the settings and use it as an implied opt-in as my site doesn’t collect sensitive data automatically but you can add the code in for certain services that have to be activated by a persona consenting to its use.

It’s very handy and simple to use, I created a quick video on it below:

Note: by watching the video below, you are hereby agreeing to the use of YouTubes Cookies.

You can search for GDPR Cookie Compliance under ‘add New Plugin’ in WordPress.

Change how you’re embedding YouTube Videos

Now when you embed a video from YouTube, you have the option to tick “Enhanced Privacy Mode”, this stops YouTube from collecting information until after the video starts playing.

So I add an implied consent note above the video such as “By watching this video, you hereby consent to the use of YouTube’s Cookies”.

So they have to play the video for the cookies to work and they’ve given consent by clicking play.  Here’s a video showing you how to set it up this way:

Disclaimer: By watching this video you consent to the use of YouTube’s Cookies.

If you still use the classic editor, try this video instead.

Google Analytics

Google Analytics collects a lot of information, but I simply anonymize the data and cover it under my implied consent – which I use the Mooves’ GDPR Compliance plugin mentioned earlier.

I add the code { ‘anonymize_ip’: true } to my analytics code when pasting.  See the difference below:

Google Analytics

You may need to regenerate the code within you Analytics dashbaord if it doesn’t appear as below, as the code has changed in recent years.

There is also a plugin solution – use Analytify to add Analytics to your website, and activate Anonymization. Here’s how to set it all up:

Note: by watching the video below, you are hereby agreeing to the use of YouTubes Cookies.

Review everything.

Every different service or plugin on your website could be collecting data, so you need to check them out and make sure you’re compliant.

A few good examples are things like:

  • Google Adsense – with implied consent, their Non-personalized ads option for EU visitors is a solid option. (Currently, a yellow toolbar shows up when you log into your Adsense Dashboard)
  • Email List – many providers have GDPR options available. ConvertKit have a nice tickbox you can use (targetting only EU visitors) to become compliant under your settings.
  • Surveys and Forms – as personal data is entered, you may need explicit consent
  • Affiliate Links – I recommend disclosing your affiliate links (it’s the law in most countries) and gaining implied consent.
  • External scripts and fonts (such as web fonts or Google Fonts
  • Embedded Widgets, Social Media plugins or anything that connects to another service may use cookies or transmit information.

It sounds like a lot…

..because it is. But it’s necessary and once you’re set up it’s much easier to maintain.

As time goes by many of these things will become easier and more effortless as the various software companies around the update their products to match (they needed this sorted before now anyway!).  But in most cases implied consent is fine as sensitive data can be hard to miss in a lot of cases.

But again, I highly recommend having your site checked and getting legal advice.  You can do a search for GDPR compliance checks or talk to a legal representative some help.  This guide should not be considered sufficient as a guide due to the individual nature of websites and companies.  This is more just to give you an idea of how I handle GDPR on my website.

Again, thanks for reading and I hope you found this useful!

Related Posts for WordPress Advice & Tutorials