The GDPR took effect on May 25. WooCommerce store owners are still scrambling to make sure that their sites are compliant with GDPR requirements. If you serve clients from the European Union, then it is imperative that you make your WooCommerce store GDPR-compliant. Don’t know what to do? Read on below.
What is the GDPR?
First off, a brief introduction about the GDPR. The General Data Protection Regulation (GDPR) is a new regulation in the European Union that sets out standards and regulations for data protection. Data protection reform was initiated way back in 2012 and the GDPR is one fruit of that labor. If you are interested in seeing the GDPR in its purest form, you can check out this link.
Why Comply with GDPR Regulations?
If you do not serve customers from the European Union, then there is no need for you to comply with GDPR regulations. Still, your customers will appreciate the gesture if you make an effort to comply. This shows that you value their data and privacy.
If you serve a specific country in the EU or serve a global audience, then you are covered by the GDPR. That means you may receive hefty penalties of up to €20 million if you are found to be in violation of its provisions.
How Can I Make My WooCommerce Store GDPR Compliant?
Due to harsh penalties, it is recommended to act to make your WooCommerce store compliant. We will now detail the tasks that you need to do to comply with GDPR regulations.
Step 1: Update Your Site
The first thing you should do is update your site. The latest versions of WordPress and WooCommerce have implemented features to be GDPR-compliant. WooCommerce now has a feature that allows users to export their data and delete their data. Site administrators are also granted tools to determine how long data will be retained as well as an option to delete user data. Don’t forget to back up your site and test updates on a development site before updating your live site. For more information on the changes relating to the GDPR, you can check out this post.
Other popular plugins that manage user data such as MailChimp and Google Analytics have also implemented measures to make their services GDPR-compliant.
Step 2: Secure Your Site
Another mandate of the GDPR is that store owners should make their site secure. One way of keeping your site secure is by using the HTTPS protocol. You’ll need an SSL certificate to use HTTPS. You can follow this guide on how to install an SSL Certificate on your WooCommerce store.
There are a few other things that you can do to increase the security of your WooCommerce store. This includes keeping your site updated or using a security plugin. You can check this blog post for other important security tweaks.
Step 3: Create Important Pages
Create a Terms and Conditions Page
You can create your own Terms and Conditions page or you can generate a terms and conditions page using this tool from Shopify. If you choose to generate a terms and conditions page, you’ll still need to tweak it. And make sure to add any specific terms and conditions unique to your business.
Notes on Important Pages
After you’ve created all the pages above, you will need to ensure that these pages can be accessed from any page on your site. For this purpose, we recommend adding links leading to these pages on your WooCommerce store’s footer.
Step 4: Create a Data Breach Response Plan
As per GDPR requirements, you will need to detail how your organization deals with a security breach. You can download a template here. Populate it with pertinent information about your Security Incident Response Team and external contacts.
In case of a security breach, you must also inform all customers whose data may have been leaked. You will need to have a template ready for communicating the breach. You can download the email template here.
You also need a link on your site that leads to the Data Breach Response Plan. We recommend adding it to your site’s footer as well.
Step 5: Add a Cookie Notification Pop-Up
Step 6: Ensure that Your Email Opt-in Forms are GDPR-Compliant
If you are using MailChimp, you will need to turn on the GDPR fields on your opt-in forms. Note that this does not make your opt-in forms GDPR-compliant. Rather, this is the first step to making your WooCommerce store GDPR-compliant.
You will still need to get consent from new contacts and existing contacts. You read that right. Even if users have already consented to receive emails from you prior to the GDPR, you will still need to get consent again. For more information on how to get consent, you can check out this article from MailChimp.
If you are using a different tool for your email marketing, you can check with your service provider. Check if they have made any changes to help you comply with GDPR.
Step 7: Ensure that the Plugins You Use are GDPR Compliant
To ensure that your plugins are GDPR compliant, you will need to do a plugin audit. This task may be tedious as you have to sift through all the plugins that you use. First, you’ll need to check if the plugins are still being updated by the plugin author. If that plugin author has not updated the plugin in months (or worse, years), then that’s a red flag. A plugin that is not being updated is a security concern and GDPR requires that websites need to be secure.
Once you’ve weeded out the outdated plugins, you’ll need to identify which plugins manage or use user data. Example of plugins that deal with user data are analytics plugins, contact form plugins, and opt-in form plugins. Check if the plugins that manage user data have taken steps to become GDPR compliant. If they have not, consider finding another plugin that is GDPR-compliant.
Doing all the steps above does not guarantee that your WooCommerce store will be fully GDPR-compliant. We still recommend seeking legal advice. If you need any help getting any of these tasks done, you can contact the Wooassist team and we should be able to help.
Do you have any other tips on how to make a WooCommerce store GDPR-compliant? Let us know in the comments.