You might not know what the GDPR is but you have certainly felt its effect. The General Data Protection Regulation (GDPR) was passed by the European Union (EU) in 2016. If you don’t live in Europe, you might assume the law doesn’t affect your website, but it certainly does. Considered one of the most robust pieces of security and privacy legislation in the world, the GDPR imposes harsh restrictions on anyone collecting data from users in Europe. That means if your website is even accessible to Europe, it needs to follow the regulations contained in the law. Creators could face millions in fines if they don’t comply, and that’s one tough cookie. If your website collects data in any way, shape, or form these regulations need to be a top priority, and that’s when it helps to manage your cookies.
User data is at the center of the GDPR regulations. If your website uses cookies to collect user data, this article is for you. Trust is paramount when it comes to customer regulations, and at its core, that’s what the GDPR enforces. You shouldn’t be using private data for nefarious purposes if you want to build positive relationships and avoid legal issues. Cookies bolster the user experience and have some unique benefits for you and your advertisers, but they need to be closely managed to ensure GDPR compliance. Like every other function, all it takes is the right tool to give a difficult problem a simple solution.
You should want to protect your user’s data as much as the EU, so you need a cookie management system that ensures you’re doing just that. Let’s talk about the cookies you’re using and why cookie management needs to be on your radar.
Understanding Cookies & GDPR
I’m trying to avoid making cookie puns, but they’re just so delicious. Now that we’ve gotten that out of the way, you should know that cookies are on most websites. They’re small pieces of data that are collected when anyone visits a website on their computer, smartphone, or anything with a browser. Those cookies stick to your device so that the next time you visit that website, the website knows about your previous visit. The most basic version of this is when your username or password is saved on an e-commerce website. The benefits are a more personalized and simplified experience for your users and targeted ads from advertisers, but the negatives are more complicated.
Tracking or saving user data is a mixed bag, which is one of the many reasons the GDPR was created. There is a thin line between tracking user data to create a more custom experience and tracking user data to sell it to nefarious parties. The EU wasn’t worried about the former but they are most certainly worried about the latter, which is why the GDPR is so strict and far-reaching. Even small violations could result in thousands in lost revenue, so take every measure you can to avoid them.
It’s simple. If you offer your website to Europeans, be mindful of how you manage your cookies.
Wordpress & GDPR
WordPress actually makes compliance easier with a bunch of built-in features and plugins. Here’s the lowdown:
- Privacy Policy Template: WordPress gives you a basic privacy policy template that’s ready to roll. You can tweak it to spell out exactly how your site uses data, and voila! It’s ready to share with your visitors.
- Comments and Data Retention: Whenever someone drops a comment on your blog, WordPress has their back by letting them know what’s collected. Users can also request edits or have their data deleted altogether.
- User Data Export and Erasure: Got a visitor who wants their personal info exported or removed? WordPress has tools that let you zip up a copy of their data or erase it from the database in no time.
- Cookie Consent: While WordPress doesn’t have a built-in cookie banner, it works seamlessly with plugins like CookieYes, ConsentManager, or OneTrust. These plugins scan for cookies, throw up those handy consent banners, and keep a consent log for any future audits.
- User Consent Management: With CookieYes and other plugins, you can stay on top of who agreed to what and when. It’s all stored in a neat consent log so you’re always in the clear.
- Privacy Plugin Ecosystem: If CookieYes isn't your flavor, you can also tap into OneTrust or TrustArc for a more comprehensive privacy setup. They’ll keep you sorted with detailed audit logs and privacy policy generation.
- Security Measures: WordPress has plugins that can add two-factor authentication (2FA) for extra security, encrypt data, and keep your software up to date to thwart phishing attacks. Plus, regular updates ensure your website stays secure.
So, whether you’re using a plugin or leaning on WordPress’s built-in tools, you can dodge those hefty fines by making sure your site is compliant
Top Website GDPR Solutions
The best way to avoid paying through the nose is to use a cookie management system that specializes in compliance. Here are a few tools you can use to save yourself from a GDPR-induced headache.
CookieYes
With over 1.5 million customers, CookieYes has established itself as the biggest name in the cookie management market. There’s no mistaking what it’s for, either. In their masthead, they specifically state that they “empower millions of websites around the world to comply with data privacy laws.” It also helps that they have a WordPress plugin, making them even more accessible to users.
Create and manage cookie banners and collect consent forms at the same time. CookieYes will frequently scan your website for cookies that aren’t compliant with regulations. Then, an audit report can provide insight into your current cookies. It also utilizes a simple consent banner and forms of auto-blocking that ensure your website adheres to a user’s browser settings. A consent log then keeps track of basic user data to ensure you have literal proof of compliance.
CookieYes ensures compliance with over a dozen global privacy regulations, not just the GDPR, which makes it worth every penny.
Pricing Overview
Speaking of pennies, pricing for CookieYes is more affordable than you might think. The most significant factors are the pages per scan - the number of pages that CookieYes will scan under a chosen plan - and the features in the different tiers. Here’s a simple breakdown of what you get and what you’ll pay for it.
Free
- Blogs & personal websites
- 100 pages per scan, basic customization, and Google Consent Mode
- 25,000 pageviews/month
- $0 / Forever
Basic
- Small businesses & startups
- All of the above + 600 pages per scan, custom branding, monthly scans, and auto-translation
- 100,000 pageviews/month
- $10 / month/domain
Pro
Ultimate If you’re not a fan of the CookieYes plans, I’ve got you covered with a few alternatives. For larger corporations and businesses, OneTrust is a robust platform that ensures compliance and also helps to mitigate and manage risks. It’s not just cookie management, it’s an umbrella for all privacy management, making this the most comprehensive, and one of the most expensive, options on the list (averaging $800+/month for each domain). For businesses that want to integrate privacy into their actual operations, TrustArc is a great option for privacy management. It offers similarly strong privacy programs and a continuous stream of updates and insights. Unfortunately, you’ll be paying a similar fee to OneTrust ($10,000/year) but you’ll receive a similarly comprehensive and extensive management system. ConsentManager not only empowers you, it empowers the user, allowing for custom consent and controls that make your cookies visible and transparent to all users. If you’re looking to build trust with your user base, this is how you do it, and it also has free and affordable plans that are much more comparable to CookieYes. So for those of you who’ve decided to take the CookieYes plunge, let’s dive into activation and set-up. Before beginning installation, it’s important to know exactly which regulations you want your website to comply with. The GDPR might be the most extensive, but it’s not the only privacy-regulation law in the world, so it might be safer to be as compliant as possible. Activation
Other Plugins To Use
OneTrust
TrustArc
ConsentManager
Implementing Cookie Management On Your Website
- Head to the CookieYes website
- Select “Try for free”
- Install and activate on your computer
- Connect to CookieYes
- Navigate to the Dashboard
- Create your account
- Select a plan
Cookie Banner Set-Up
- Navigate to “General settings”
- Enter the specific law(s) your website needs to comply with
- Set the geo-target
- Enter the consent expiration date
- Reload the page
- Navigate to “Layout settings”
- Choose your preferred layout
- Navigate to “Content setting”
- Create your cookie notice message
- Determine the choosable “buttons”
- [if applicable] Set your Google Privacy Policy
- Navigate to “Colour settings”
- Customize your colors
- Navigate to “CSS setting”
- Add any custom scripts or styles
Cookie Manager
- Navigate to “Cookie Manager” from the CookieYes Dashboard
- Add your cookies
- Create different categories to organize them
- Set your load cookies
From the Cookie Manager you can now scan your website and manually audit your cookies, and from the Dashboard, you can navigate to the Consent Log to manage user consent data. Integrating Google Consent Mode also gives more options and improved consent management with Google tags.
Other cookie management systems should have similarly simple dashboards to navigate scanning, consent, customization, and more.
Beyond Cookies: Broader Privacy Measures Under GDPR
The GDPR and other privacy laws are crucial to data protection. The unfortunate truth is that the GDPR exists to protect consumers but also protects users from racial or religious profiling, unnecessary genetic data collection, and the gathering of sensitive health or safety information. You’re entitled to privacy, and so are your users. Whether you want to build trust with customers on principle or you just want to avoid a $20 million fine, make privacy compliance a priority.
There’s more you can do to help your users, too. Add two-factor authorization (2FA) to protect user accounts. Use secure web and data hosts that make privacy protection as much of a priority as you do. Then, ensure your software is consistently up-to-date to protect against the latest phishing and spoofing attacks.
Building trust isn’t easy, but it’s much easier when you care about a customer’s privacy as much as they do.