If you own an eCommerce store, you’ve probably heard of GDPR. However, you may not be fully conversant with GDPR law and have a lot of questions in your mind. Our goal with this article is to address all your GDPR concerns for your WooCommerce website and help you ensure GDPR compliance for your business.
GDPR in a nutshell
The General Data Protection Regulation 1 is said to be the toughest privacy and security law, which is passed by the European Union to protect the privacy of users. The regulation came into effect on May 25, 2018. GDPR imposes heavy fines for those who violate its privacy and security requirements.
There are seven principles to be followed under GDPR:
- Lawfulness, Fairness, and Transparency
- Purpose limitations
- Data Minimization
- Data Accuracy
- Data Storage Limits
- Integrity and Confidentiality
The GDPR defines a person about whom a controller holds personal data and can be identified, directly or indirectly, by reference to that personal data is known as a data subject.
The GDPR outlines eight rights for data subjects.
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision-making and profiling.
To whom does GDPR matter?
GDPR applies to users from the EU region. Even if you are not from the EU, if you are selling your products internationally, especially in the EU region, your website should comply with GDPR. It is recommended that you follow the GDPR guidelines, such as keeping an activity log on your WordPress website to meet compliance requirements, so that your website appears trustworthy and credible.
5 Steps to Achieve GDPR compliance for WooCommerce.
You can achieve GDPR compliance for your WooCommerce store in just 5 steps.
- Obtain explicit consent from the users
- Allow users to export or erase personal data.
- Create a cookie consent banner.
- Inform when there’s a data breach occurred.
Step 1: Obtain explicit consent from the users
You should obtain explicit consent from the users for collecting or storing their personal data.
In a WooCommerce store, there are different ways in which personal data can be collected from a user.
Personal data includes:
- Account registration data (name, email, mobile number, etc.)
- User profile data (comments, reviews, and preferences)
- Contact forms and opt-in marketing emails.
- Checkout data ( payment details, billing address, card details, etc)
You can use checkboxes to obtain consent from the users. This consent shouldn’t be obtained by force. Also, allow them to give partial consent.
To enable the checkbox for obtaining consent for comments.
Navigate to Settings > Discussion in your WordPress dashboard.
In the ‘Other comment settings’ enable the ‘Show comments cookies opt-in checkbox, allowing comment author cookies to be set’ checkbox.
Click Save Changes.
Step 2: Give the option to export or erase personal data.
It is clearly mentioned in the eight rights of GDPR that a data subject has the right to access and the right to erasure. Allow users to download the personal data stored, also give them the option to be removed from the database. The best thing you can do here is not to store the user data. If you don’t need them, don’t store ‘em.
To send the personal data to the users on request:
Go to Tools > Export Personal Data.
Enter the user name or email id and wait for them to confirm the request.
After they confirm the request, click on Email Data.
To delete the user data automatically.
Go to WooCommerce > Settings > Accounts and Privacy.
Navigate to the ‘Account erasure requests’.
Enable ‘Remove personal data from orders on request’ and ‘Remove access to downloads on request’ checkboxes.
Scroll down to ‘Personal data retention’ settings.
You can set the retention period for personal data stored on the website. If left blank, the data will be retained forever.
Click Save Changes.
Go to Settings > Privacy from your WordPress dashboard.
- Who are you?
- What data do you collect?
- Why do you collect the data?
- How long do you retain the data?
- Who else has access to the data?
Click Publish or Update to save the page.
Step 4: Create a Cookie Consent Banner
You can download the free version from the WordPress plugin directory.
Open your WordPress dashboard
Go to Plugins > Add New.
Search for GDPR Cookie compliance.
Install and Activate the plugin.
Now go to GDPR Cookie Consent > Settings.
Enable the cookie banner and select the type of law you want to comply with.
Click on Update Settings to save the settings.
This will add a cookie banner to your website.
Step 5: Inform when there’s a data breach occurred
The smallest negligence can cost you millions of euros in fines. As such, be aware of GDPR and ensure you have taken the appropriate steps to comply with GDPR guidelines.
We hope this article had helped you learn more about GDPR and ways to achieve GDPR compliance for your WooCommerce store.
This article is not legal advice. Website owners should take this article for informational purposes and take professional legal advice if needed.
References used in this article