In this article, we’ll be outlining some tips to help you comply with the General Data Protection Regulation (GDPR) privacy law, which takes effect on May 25, 2018.
This article is provided as a resource, but is not legal advice. We recommend you contact your legal counsel to find out how the GDPR affects you.
Make sure everything on your site is up to date
Please update your WordPress to the latest version, and also update Eaven theme to the latest version.
And please also update all plugins on your site to the latest version.
Comments Consent Checkbox
WordPress added Commenter Cookie Opt-In in the latest version.
After updating your WordPress to v4.9.6, a consent checkbox will be added to the comment form:
When a logged out user comments on a post, they are asked for their name, email, and website. This information is stored locally in the commenter’s browser for two purposes:
When they leave another comment on the site, their name, email, and website will be pre-populated into the respective fields.
- If their comment is held for moderation, they can return to that post and remove the comment before it is approved.
- The information stored in this cookie is for convenience and is not essential. Therefore, the user needs to be given the choice to opt in or opt out of the storage of this data.
For this reason, a checkbox has been added to the comment form that allows commenters to opt-in to storing this data in the cookie. This checkbox will be unchecked by default, as opt-in is an action the user must explicitly approve.
“It’s also up to you as the site owner to communicate how your customers’ information is being used — it’s more of a communication and process question, rather than something that can be solved with technology.
Hide the new GDPR tools
If you’d like to remove/hide the new GDPR tools introduced in WordPress 4.9.6, you may use this plugin: https://wordpress.org/plugins/disable-privacy-tools/
Eaven theme doesn’t include any feature that would collect/store/transfer the visitors’ personal data. However, there are a few features in the required plugin Eaven Extension would collect some data.
Social share buttons
FYI: When a visitor click the social share button to share content (a post or a product) to this visitor’s social media site, no any personal data has been collected or stored by our users’ websites.
Contact Form 7
By default, WordPress does not include a contact form. When you install Eaven theme, you will see the note that we recommend install the third-party plugin “Contact Form 7” to create a contact form on your WordPress site.
If you are using this plugin, please update it to the latest version. Then add an acceptance checkbox to your contact form.
Please check their official documentation for more details: https://contactform7.com/acceptance-checkbox/
Please read this article: https://businessbloomer.com/how-to-make-a-woocommerce-website-gdpr-compliant-12-steps/
MailChimp for WordPress Plugin
Please check this plugin’s official doc for more information: https://kb.mc4wp.com/gdpr-compliance/
This plugin added a new “agree to terms” checkbox to field helper since version 4.2.2.
The markup may look like the following:
<p> <label><input name="_mc4wp_agree_to_terms" type="checkbox" value="1" required="">I have read and agree to the terms & conditions</label> </p>
If you need support when using this plugin please go to: https://wordpress.org/support/plugin/mailchimp-for-wp
For MailChimp users:
More information about store your contacts’ personal information in your MailChimp account, please read this article: https://blog.mailchimp.com/gdpr-tools-from-mailchimp/
Please check this page: https://ec.europa.eu/info/cookies_en
If you’d like to display a cookie consent on your website, you may like to search on wordpress.org (https://wordpress.org/plugins/search/cookie+law/) to find a suitable plugin for your website.
The Google Fonts API is designed to limit the collection, storage, and use of end-user data to what is needed to serve fonts efficiently.
Use of Google Fonts is unauthenticated. No cookies are sent by website visitors to the Google Fonts API. Requests to the Google Fonts API are made to resource-specific domains, such as fonts.googleapis.com or fonts.gstatic.com, so that your requests for fonts are separate from and do not contain any credentials you send to google.com while using other Google services that are authenticated, such as Gmail.
In addition, we have seen websites of many large companies still use Google fonts – we think that if using Google fonts is not GDPR compliant, they will avoid doing so.
However, we will add more features for fonts in future updates of our themes. For example, a feature that allows users to use other fonts instead of Google Fonts.
Identify how visitors can contact you if they want to get a copy of or remove their data from your site.
Get some inspiration
We recommend that you check out websites of large companies and read their privacy policies to get some inspiration when writing yours.