Do you target European markets for your online sales? If so, you are obliged to comply with the General Data Protection Regulation (GDPR) enforced by the European Union. Perhaps even if you don’t sell any products to the European residents, you can’t just blindly believe that you are not going to have EU visitors to your site. Therefore, if you run an online business store, you must ensure that it is GDPR-ready.
Now, let me draw your attention to the key highlights of GDPR and help you understand how to make your WooCommerce store GDPR-compliant.
What is GDPR?
The General Data Protection Regulation has taken effect on 25 May 2018. The regulation gives ultimate protection over the personal data and privacy of the EU citizens.
If you’re offering physical or digital products/services to the European residents, or if your website expects to get EU traffic, you must have to comply with the GDPR. It is not necessary that any e-commerce business has to be physically located in the EU to be subject to the GDPR.
And those who violate the provisions of the GDPR can be fined up to €20 million or 4% of their global annual turnover of the prior financial year.
Why GDPR compliance?
GDPR comprises a set of rules enforced to make sure that users (specifically EU citizens) across the globe have greater control over their personal data they share with businesses. If you are an online retailer managing the EU-based customer data or serving a global audience, you need to pay attention to all the subtleties of the GDPR.
In simple terms; ensure your online store conforms to all the data privacy guidelines specified in GDPR. This shows that you value the data and privacy of your consumers, and that’s certainly a great way to build customer trust.
GDPR compliance for your WooCommerce store
As you perhaps know, data privacy and online security is a growing concern for all netizens across the globe.
Your WooCommerce store would gather user data in different ways. The data collection may occur through user registration, payment gateways, checkout/contact forms, analytics inputs, surveys, comments, plugins/extensions, and much more.
So as a responsible store owner, you may need to address the data privacy issues related to your store and take necessary steps to protect your customers’ personal information against data breaches.
The European Union’s GDPR standards help you secure the data and privacy of your website users. The GDPR demands you to disclose the mode of user data collection and the exact purpose of it. You must also inform users about the data sharing and retention policies of your store.
Hence, you would have to update your privacy policy in order to give users a detailed overview of the collection and usage of their personal information. Also, the GDPR requires you to make sure you always obtain the consent of your website visitors before gathering or processing any form of their data.
GDPR compliance: Key guidelines
Before proceeding to make your WooCommerce store GDPR-compliant, you’d want to have a look-see at the following guidelines that outline the major GDPR requirements. Here it goes!
-
- Collect and store only the user data that is relevant to your business.
-
- Inform the users about the reasons for the collection of their personal information, how long their data will be retained, who all will have access to their information, etc.
-
- Get the users’ consent regarding any data that you are going to collect from them. Most importantly, let it be their choice to decide whether they want to provide the consent or not.
-
- Give users the right to access their data at any time.
-
- Allow users to withdraw the consent they have given to your website to store data.
-
- Enable users to delete their data permanently from your site.
- Send notifications to the users about any possible potential data breaches.
Gear up to get your WooCommerce store GDPR-ready!
1. Keep your WooCommerce store updated
Always ensure you run your online store on an updated WooCommerce platform. The latest versions of WordPress and WooCommerce have developed features to make your store GDPR-compliant.
Note:
Always keep a working backup of your website before testing updates. Also ensure you test updates on a development site prior to updating your live site.
2. Secure your WooCommerce store
Keeping your store safe from hackers and cyber criminals is the next big step for achieving GDPR compliance. Though there are several security factors to consider, the most crucial is to update your WooCommerce store to use HTTPS. You’ll need to configure SSL certification on your website in order to use HTTPS.
3. Create a “Privacy Policy” page
A Privacy Policy page is mandatory for your WooCommerce site. You should create a privacy policy that clearly informs your website users about all the steps that you have taken to ensure GDPR compliance.
When creating your privacy page, ensure you specify what kind of data is collected from users. Also, you need to point out all other specifications like the reasons for data collection, your policies of data storage and sharing, etc.
Now, have a look at the following steps that describe how to create and add a privacy policy page in WooCommerce.
Step 1: Sign in to your WordPress account > From the dashboard screen, head on to Pages > Add New.
Step 2: Create a Privacy Policy document > Publish the page.
Step 3: Now, go to WooCommerce > Settings > Accounts & Privacy.
Step 4: Scroll down to Privacy page under Privacy Policy > Click Select a page > Choose the Privacy Policy page that you have created.
Step 5: Scroll down and click Save changes to save the settings.
4. Add a cookie policy page to your store
Does your WooCommerce store use any type of cookies to track user behavior? Then you are actually collecting the personal data of users. And you’re not supposed to use them unless you make users aware of all the cookies you use to obtain their personal information.
There are so many WooCommerce plugins that allow you to create your own Cookie Policy page. But not all complies with the GDPR laws. GDPR Cookie Consent is the leading, most flexible WooCommerce plugin that you wouldn’t want to miss. This cookie consent solution helps you comply with the GDPR requirements without a hitch.
This powerful plugin comes with a Policy generator that makes the creation of a cookie policy page a breeze. Also, it allows you to add and manage multiple cookies, make cookies necessary/non-necessary, customize cookie banners, and more. On upgrading the GDPR Cookie Consent plugin to the premium version, you’d be able to have much more amazing features and cookie settings.
You could also use CookieYes to make your WooCommerce store comply with the GDPR requirements. “CookieYes” is an easy-to-use GDPR cookie consent solution that lets you create a cookie consent banner and manage the user consent for your store. Also, the solution helps you install cookie banners on your website in a matter of minutes.
5. Show cookie notification pop-ups
If your website uses cookies to gather personal information of users, you should inform users about them. then you will have to show a cookie notification banner as a popup notice to all your website visitors during their first-ever visit.
You could make use of plugins or the “Store Notice” feature of WooCommerce to add cookie banners to your store.
The WooCommerce Store Notice is basically designed to add a site-wide message to be shown to your website visitors. It also includes an option to dismiss the message. Thus, the “Store Notice” can also be ideally used as cookie notification banners. But remember, this feature would not help you block the cookies that are being used without users’ consent.
To enable “Store Notice”:
Step 1: Sign in to your WordPress account > From the dashboard screen, go to Appearance > Customize.
Step 2: Select WooCommerce > Store Notice > Check the Enable store notice option > Click Publish.
6. Include a “Terms and Conditions” page
The “T&C” factor acts as a legal business agreement between you and your customer. So you could include a Terms and Conditions section on your store’s checkout page. This will enable users to review and agree to your terms and conditions before they make a purchase.
Here’s how you can create and add your Terms and Conditions to your WooCommerce store.
Step 1: Sign in to your WordPress account > From the dashboard screen, head on to Pages > Add New.
Step 2: Create a Terms and Conditions document > Publish the page.
Step 3: To add your Terms and Conditions on your checkout page, navigate to Appearance > Customize.
Step 4: Select WooCommerce > Checkout.
Step 5: From Terms and conditions page, select the Terms and Conditions document that you have created > Click Publish.
7. Make the “My account” page GDPR compliant
WooCommerce allows user registrations on the My account page. Customers would want to create an account because they can seamlessly manage their checkouts, monitor their current orders, view the details of previous orders, see the list of their reviews and ratings they have given for the products on your store, and assess all their other core activities.
To enable “My account” registrations:
Step 1: Sign in to your WordPress account > From the dashboard screen, go to WooCommerce > Settings > click Accounts & Privacy > Check the Allow customers to create an account on the “My account” page option.
Step 2: Scroll down and click Save changes to save the settings.
Step 3: Now, navigate to Pages > Add New > Create a “My Account” page.
Step 4: Insert the shortcode [woocommerce_my_account] to show up the user account page.
When you enable WooCommerce “My account” registrations, you’re going to deal with the users’ personal data. So in order to comply with the GDPR, you must allow users to opt-in whenever you collect their data. But unfortunately, WooCommerce does not include default opt-in options at the registration level.
However, you can add a privacy policy checkbox field to your user registration form with the help of plugins or custom codes.
Follow the steps below to add a code snippet to the functions.php file in your theme.
Step 1: Sign in to your WordPress account > From the dashboard screen, go to Appearance > Theme Editor.
Step 2: Now from the Theme Files section, select Theme Functions (functions.php).
Step 3: Add the code snippet > Click Update File.
Sample Code:
add_action('woocommerce_register_form', 'mystore_add_registration_privacy_policy', 12);
function mystore_add_registration_privacy_policy() {
woocommerce_form_field(‘privacy_policy_reg’, array(
‘type’ => ‘checkbox’,
‘class’ => array(‘form-row privacy’),
‘label_class’ => array(‘woocommerce-form_label woocommerce-form_label-for-checkbox checkbox’),
‘input_class’ => array(‘woocommerce-form_input woocommerce-form_input-checkbox input-checkbox’),
‘required’ => true,
‘label’ => ‘I\’ve read and accept the <
a href="https://example/mystore/privacy-policy/"
>Privacy Policy</a>’,));
}
// Show error if user does not tick
add_filter(‘woocommerce_registration_errors’, ‘mystore_validate_privacy_registration’, 10, 3);
function mystore_validate_privacy_registration($errors, $username, $email) {
if (! is_checkout()) {
if (! (int) isset( $_POST[‘privacy_policy_reg’])) {
$errors->add(‘privacy_policy_reg_error’, _(‘Privacy Policy consent is required!’, ‘woocommerce’ ) );
}
}
return $errors;
}
Have a look at the user registration page before adding the above section of code.
Now after adding the above code snippet to the functions.php file, the registration page would look like;
8. Create GDPR-compliant opt-in forms
An opt-in form enables you to fetch the details like name, e-mail etc. of your customers, so you could add them to your email marketing database. The opt-in strategies help you grow your email marketing list thereby letting you reach the right audience at the right time. Always ensure you create an opt-in form that complies with the GDPR requirements. A plugin like Mailchimp certainly helps you create GDPR-friendly forms.
In order to achieve GDPR compliance, you have to display your privacy policy checkbox before letting users opt-in. Also make sure that your opt-in checkboxes are not checked by default. Instead, give users the complete freedom to tick the consent boxes themselves.
Your opt-in form should not include fields that ask for irrelevant customer details. And inform the users why you collect their personal data.
For example: When you specify “Enter your email address to receive our newsletters, special offers and discount coupons.“, the users are more likely to provide their info because here the purpose is quite clear.
Make sure you also let the users know about the ways to opt-out forms.
Note:
Even if your existing customers have already consented to receive emails from you prior to the GDPR, you will still have to get consent from them once again.
9. Make sure all your third-party plugins are GDPR-ready
You’d definitely be using various third-party plugins and services on your WooCommerce store — mostly for payment processing, cart abandonment recovery, newsletter subscriptions, creating contact/opt-in forms, fetching analytics data, etc. So it is important to keep in mind, if any of your plugins process or store your customers’ personal data in any manner, it has to compulsorily comply with the GDPR requirements.
Therefore, it’s high time to do a plugin audit in order to find out whether your user data management plugins are GDPR-ready.
In order to check whether a plugin complies with the GDPR, consider checking the plugin’s changelog, release notes, email announcements, etc. Most importantly, check the plugin’s website information to identify the evidence for its GDPR compliance. And keenly follow their guidelines to make your WooCommerce store comply with the GDPR.
In most of the cases, you’d be able to ensure the GDPR compliance of a plugin just by updating it to its latest version.
If you find any plugin that does not comply with the GDPR, the best thing you can do is to replace it with another similar plugin that is GDPR-compliant.
MailChimp, MonsterInsights, OptinMonster, etc. are some examples of WooCommerce plugins that have taken measures to make their services GDPR-compliant.
Note:
After ensuring all your third-party plugins that manage user data complies with the GDPR, make sure you specify these plugins in your privacy policy.
10. Encourage only registered users to review your products and services
When purchasing a product from your store, a vast majority of people rely on the reviews posted by their fellow customers. Therefore, you should always ask your customers to rate your products and leave reviews after they’ve made a purchase from your store.
Undeniably, customer reviews contain personal information. Hence, it is obvious that you need to get the users’ consent before letting them rate or review your products. Obtaining their consent is important in achieving GDPR compliance.
WooCommerce offers an option to allow only “verified customers” to leave reviews. You can consider the registered users of your store as verified customers. And as the registered users might have already consented to your privacy policy, you can definitely ask them for reviews without any worries.
Following are the steps to enable reviews only for verified users;
Step 1: Sign in to your WordPress account > From the dashboard screen, go to WooCommerce > Settings
Step 2: Select Products > Under Reviews, check the Reviews can only be left by “verified owners” option.
Step 3: Now click Save changes to save the settings.
11. Build a data breach response plan for your store
Data breaches and identity thefts has become increasingly common in today’s digital age. According to the GDPR, you must allow your website visitors to know how you respond to a data breach and what type of data protection procedures you have in place. Also, you have to create and maintain an appropriate data breach response plan in order to make your store GDPR-compliant.
Conclusion
The GDPR has been making continuous efforts to protect the personal data and privacy of each individual across the EU member states. So as a WooCommerce store owner, it is now your turn to reshape your business policies to best comply with the GDPR standards.
However, getting your online store GDPR-ready is not going to happen in a jiffy. You will have to stay focused on a lot of key considerations as described above. While preparing your store for GDPR compliance, you’re in fact building customer confidence and trust naturally. This, in turn, helps you increase your customer base and thus grow your business at a rapid pace.
Disclaimer:
This article is intended to be used for informational purposes only and does not constitute any form of legal advice. You shall seek a subject matter expert or your own attorney for any legal advice on getting your WooCommerce store fully GDPR-compliant.