⚡ GDPR Basics
- Create privacy policy
- Install cookie consent banner
- Activate SSL certificate
- Document data processing
What is GDPR?
The General Data Protection Regulation (GDPR) has regulated how personal data may be processed since 2018. Violations can be expensive – up to 4% of annual revenue or 20 million euros.
What is personal data?
- Name, email, phone number
- IP addresses
- Cookies and tracking data
- Order data, payment information
- Comments, user contributions
Privacy Policy
Must explain what data is collected and why. Important points:
Required information:
- Name and contact of the controller
- What data is collected?
- Purpose of data processing
- Legal basis (Art. 6 GDPR)
- Storage duration
- Data subject rights (access, deletion, etc.)
- Right to lodge complaint with supervisory authority
Services that must be mentioned:
- Google Analytics, Google Fonts
- Social media plugins
- Contact forms
- Newsletter services
- Payment providers
- Hosting provider
Setting Up Cookie Banner
You need active consent for almost all cookies.
What needs consent?
- Google Analytics and other tracking tools
- Marketing cookies (Facebook Pixel, etc.)
- Embedded videos (YouTube, Vimeo)
- Google Maps, external Google Fonts
What does NOT need consent?
- Technically necessary cookies (cart, login)
- Session cookies
Plugin recommendations:
- Complianz: Automatic cookie detection
- CookieYes: Easy to use, free tier
- WP Cookie Notice: Simple and lightweight
Contact Forms GDPR Compliant
- Checkbox for privacy consent
- Link to privacy policy
- Don't request unnecessary data
- Don't store data longer than necessary
WooCommerce GDPR
Online shops have additional requirements:
- Privacy policy: Include e-commerce specific clauses
- Data processing agreements: With all service providers
- Customer data: Option to export and delete
- Order data retention: Document how long you keep it