WordPress GDPR compliance

How to make your WordPress website GDPR compliant? Read more how to install cookie pop-up, cookie policy, privacy policy in WordPress.

The ultimate guide to WordPress GDPR compliant cookie consent

To help you get a better overview of cookie consent, we will cover the following topics in this guide:

What is WordPress?

WordPress is the most popular CMS (content management system) in the world.

WordPress has a 40.3% market share among all CMS (as of February 2021).

And it is growing super fast - just from February 2020 it increased its share from 35.7%. Second place is held by Shopify - but only with 3.3%.

Some of the biggest brands are using WordPress to build their websites and blogs - such as TechCrunch, Microsoft, Etsy, Walt Disney, PlayStation and many others.

WordPress makes it easy to quickly build all types of websites, without a need to code.

WordPress and GDPR

According to the The General Data Protection Regulation (GDPR) and ePrivacy Directive you need make sure that your website is compliant.

Otherwise, you risk getting a fine - up to €20 million, or 4% of the organization's global yearly turnover, whichever is higher.

How to make WordPress site compliant?

To ensure compliance here are some of the documents and legal elements you need on your WordPress website:

  • Cookie pop-up
  • Privacy Policy
  • Collect email marketing consent
  • Consider links to third party websites
  • Terms & Conditions document

WordPress and cookie consent

As any other website, built on other platforms, WordPress sites require cookie consent as part of GDPR and ePrivacy directive.

WordPress checklist for cookie consent

To ensure cookie compliance on WordPress you need to:

  • Know what cookies you are using and why
  • Have a cookie pop-up
  • Have a cookie policy
  • Be aware of the difference between necessary and non- necessary cookies
  • Obtain consent from your website visitors before you set non-necessary cookies
  • Ensure your users can easily access and change their cookie settings
  • Have an audit trail, so you can document the cookie consents you obtained when users gave their consent (Openli provides consent audit trail)

WordPress cookie plugin

To make your WordPress website GDPR compliant you need to use a cookie plugin.

Openli offers a free and easy to use WordPress plugin.

Openli WordPress plugin

Openli’s plugin is really easy to install.

  • Download WordPress plugin
  • Upload the plugin and click “Activate”.
  • Go to the plugin in the WordPress dashboard, then you will need to create a free account on Openli’s website.
  • Copy widget snippet from Openli’s site to the plugin and click Save.
  • That’s it - now Openli’s cookie plugin is installed on your WordPress site.

WordPress cookie policy

Your WordPress cookie policy needs to include:

  • Your company details, e.g., name, registration number, full company address, contact information.
  • A description of why, how and what you use cookies for.
  • A definition of what a cookie is.
  • A description of the different types of cookies on your website: Their purpose, provider, duration and how you use them, including but not limited to: Necessary or essential cookies, Non-necessary cookies, such as Analytical cookies, Marketing cookies, Third party cookies.
  • A link to your own privacy policy.
  • Your agreement with third party providers.
  • Information about how to opt-out of being tracked.
  • Make your WordPress cookie policy readable.

WordPress privacy policy

Read our guide on how to write a general privacy policy here.

As a WordPress website owner, you also need to have a privacy policy.

First of all, privacy policy should be available on your website. Second, it also should be available in all places where you collect personal information - for example WordPress sign-up forms, newsletter pop-ups and so on. Third, you need to prove that you gave users the option to read the privacy policy when their consent was given.

WordPress privacy policy checklist You need to have a privacy policy that clearly states:

  • Your company name, address, email, and other contact details as data controller
  • What personal data is collected from your users (the purposes) and what you are using this data for
  • Who you are sharing the data with
  • The data retention periods for the specific data collected
  • How to file a complaint and to whom
  • How the user can exercise their right to request data access, data deletion or data edits
  • Make sure your privacy policy is accessible when collecting your users information
  • Your privacy policy should be easy to read and understand
  • Make sure you can prove that you gave your users / customers the option to read the privacy policy through when their consent was given

Learn more about about Privacy Hub →