Is your WooCommerce store GDPR compliant? Or are you looking for a simple way of making sure it meets the legal requirements?
GDPR is a data protection law introduced by the European Union that went into effect on May 25, 2018.
It calls for all websites doing business in Europe to offer more transparency about how they collect, store, use, share, and handle their user’s personal information.
And if any company fails to comply with the regulation can face heavy fines and penalties.
So, in this article, we’ll show you how to make a WooCommerce site GDPR compliant. Let’s kick things off…
What is GDPR?
GDPR or General Data Protection Regulation is a law that applies to anyone doing business in Europe. It provides greater control to users about how their data is gathered, stored, and used by websites, internet service providers, and other web-based companies.
The main aim of GDPR is to protect user’s personal information and prevent firms from wrongfully exploiting the data. What this means is that companies will have to take consent from users before collecting their data.
So, if you sell products to people in the EU through your WooCommerce store, then you’ll have to comply with GDPR guidelines. And if you don’t, then you would have to pay fines up to €20 million or 4% of annual revenue (whichever is higher).
Now, let’s look at the impact of GPDR on your Google Analytics and it applies to your WooCommerce store…
Google Analytics and WooCommerce GDPR Compliance
Are you using Google Analytics on your WooCommerce website to track its performance? If yes, then complying with GDPR is more important than ever.
That’s because Google Analytics works by recording personal information like IP address, age, gender, browser type, and more. And it uses cookies to track your user’s behavior when they land on your WooCommerce store.
So, what it all boils down to is that you’ll need consent from your visitors before you can start to track them in Google Analytics.
You can read more in our detailed guide about Google Analytics and GDPR.
With that, are you ready to learn how to make your WooCommerce website GDPR compliant?
How to Ensure GDPR Compliance of Your WooCommerce Store
The easiest way to ensure your WooCommerce site is GDPR compliant is through MonsterInsights. It’s one the best GDPR WordPress plugin you can use today.
MonsterInsights offers the EU Compliance addon, which allows you to automate a lot of processes for meeting GDPR guidelines. For instance, you can anonymize your visitors IP address and disable user tracking with just a click of a button.
Not only that, but it integrates with other WordPress plugins, so you can create cookie opt-out consent boxes in an instant.
With that, let’s see the steps you need to follow for GDPR compliance for WooCommerce.
Step 1: Install and Activate MonsterInsights EU Compliance Addon
The first thing you’ll need to after setting up MonsterInsights on your WooCommerce website is to install its EU Compliance addon.
And you can start by going to your WordPress dashboard and then navigate to Insights » Addons. Here, go to EU Compliance addon and click Install.
Wait for a while and then click Activate. You’ll then see the Status change to Active.
Step 2: Configure EU Compliance Addon
Next, you’ll have to configure the settings using the EU Compliance addon to meet GDPR requirements for your WooCommerce site.
To do that, go to Insights » Settings and then click Engagement tab. Now, go to EU Compliance to enable the addon.
Here’s what you can do with MonsterInsights:
- Automatically anonymize IP addresses for all Google Analytics hits
- Disable demographics and interest reports for Remarketing and Advertising tracking on Google Analytics
- Disable UserID tracking on Google Analytics hits
- Automatically disable author tracking in custom dimensions
- Enable ga() compatibility mode with a click of a button
- Wait for AMP addon users to agree with Google AMP consent box before tracking
- Easily integrate with CookieBot or Cookie Notice plugins
Step 3: Change Google Analytics Settings
Next, go to your Google Analytics account and change the data retention settings to meet GDPR requirements.
Once you’re logged in, go to Admin settings.
Then under the Property column, click on Property Settings » Tracking Info » Data Retention.
Here you can change the settings to how long you want to retain information about your visitors in Google Analytics.
You can choose from 14 months, 26 months, 38 months, 50 months, or Do not automatically expire. Once you’ve selected the setting you want, click Save.
Step 4: Create a Site-Wide Opt-Out and Consent Checkbox
Now, as per GDPR, you’ll need permission from your visitors to track their information on your WooCommerce store. For this, you’ll need to offer consent boxes on your site. Besides that, you’ll also need an opt-out box for users that don’t wish to be tracked.
While this sounds like a job for a developer, you can easily do it on your own. By using either CookieBot or Cookie Notice by dFactory, you can create site-wide consent boxes and opt-out options in an instant. Both these plugins also help you create cookie declarations for your website.
And with MonsterInsights EU Compliance addon integration, you don’t have to worry about editing any code. MonsterInsights will wait until a user grants consent and will then load the Google Analytics tracking script.
If you’re not using CookieBot or Cookie Notice, then you can use MonsterInsights opt-out link integrations. Or you can follow our guide on how to create Google Analytics opt-out links with MonsterInsights.
Step 5: Update Your Privacy Policy
The last step in making sure your WooCommerce store meets GDPR compliance is to update your privacy policy.
Here you can explain in detail the information you collect from your customers, how long you will retain the data, and will it be shared with other companies.
You can also explain that you use Google Analytics to track WooCommerce performance. And also describe different cookies that are used for tracking.
Besides that, you can also help your users by outlining the process for how they can access their stored data or if they want it to be edited or removed from your website.
For more information, you can follow our documentation on updating your privacy policy.
And that’s it!
By completing all these steps, you can easily ensure GDPR WooCommerce compliance. And with MonsterInsights by your side, you can quickly automate a lot of processes to meet the data protection law’s guidelines.
We hope you liked our article on how to make your WooCommerce site GDPR compliant. If you want, you can also go through our post on the best WooCommerce plugins and how to set up WooCommerce conversion tracking in Google Analytics.
And don’t forget to follow us on Twitter and Facebook for more WooCommerce and Google Analytics tutorials.