Since the GDPR came into effect in 2018, website owners have been scrambling to get their site up to par and avoid hefty fines. While the race to GDPR-proof the Internet has calmed somewhat, it’s important for new sites and existing ones that skipped out to start taking steps to protect user data.
Three years later, GDPR fines are continuing to be issued, and small businesses are certainly not immune. While you’re likely to receive a warning before being fined, there’s no reason to take chances. If you haven’t taken steps to protect your site yet, you need to do it now.
Only a lawyer can give you lawsuit-proof advice, but installing a plugin is a good first step to respecting the GDPR. Below are 13 of the best WordPress GDPR plugins that will help you stay compliant and handle sensitive information properly.
A Rundown of the GDPR
Most people by now know the basics of the GDPR. But in case you missed it when it first came around, here’s a quick recap.
The General Data Protection Regulation aims to act as a single privacy law for everyone in the EU. If you collect data such as cookies or email addresses from EU citizens, which you very likely do, then you may be subject to fines unless you handle that data in very specific ways. Here’s what you have to do:
- Inform them clearly of what you collect
- Request consent for doing so
- Allow subjects to access or erase data you’ve collected and withdraw consent at any time
- Inform users of data breaches
- Only process personal data when necessary and store it for a reasonable amount of time
It sounds scary, but unless you’re part of a large enterprise, it’s usually easy to stay compliant. You likely don’t handle much user data in the first place. If you need more information on what you should do to protect your site from fines, there are many in-depth guides to the GDPR.
What Kind of Data Is Relevant?
When it comes to privacy, you might be surprised how much data you’re putting together and what parts of WordPress can compromise you. If you collect any of this information from EU users, you’re likely subject to the GDPR:
- Personal data (name, address, income, email address) — often submitted through contact forms
- Payment info
- IP address logging (Event log plugins, etc.)
- Google Analytics tracking data
- Email marketing and advertising data
- Data from third-party APIs such as social sharing buttons or Google Fonts
GDPR-Friendly WordPress Plugins
While it’s up to you to ensure that your site complies with the law, a little help can make the task a lot easier. The plugins below will help you inform users of your data collection, ask for consent, and delete their information if necessary. You shouldn’t rely on them, but use them as tools to make your life a little easier.
Cookie Notice is one of the most installed GDPR plugins, so it’s a good place to start. It’s designed with both the GDPR and the CCPA (California Consumer Privacy Act) in mind. If you’re subject to both, it’s doubly helpful.
While it may seem like yet another overly simple cookie banner plugin, it’s chock full of useful customization settings. They allow you to customize the banner and message, when cookies expire, and whether customers can refuse to allow cookies or not.
There are also advanced features to help you with specific parts of GDPR and CCPA legislation, like cookie autoblocking and proof of consent storage. This requires connecting to the third-party web application.
This small, all-in-one plugin tackles a few big issues of the GDPR. Most notably, it adds consent boxes, a log, and anonymizes all user data. It also includes several integrations with a few popular form plugins, WooCommerce, and WordPress Comments.
If you need a small extension that will take care of several GDPR issues at once, this is the one to go for.
3. WP AutoTerms
The plugin can also help you deal with other types of legal pages, like affiliate link disclosures. It contains compliance kits, which help you insert links into your footer or announce changes to your legal pages on your site.
The above functionality already makes it one of the best WordPress GDPR plugins. With the premium version, you can additionally add cookie notices to your site, automatically endorse affiliate links, and create CCPA and GDPR-specific legal pages.
4. Delete Me
One thing the GDPR requires is for you to provide a way for users to delete any data you’ve collected on them. While this plugin doesn’t handle anything like cookies or logged IPs, it does allow users to delete their profiles along with any posts and comments they’ve left.
It has a few settings, such as allowing you to customize what page they land on when they’ve deleted their account. You can also require a password input, add a confirmation box, or delete a user across an entire multisite network.
Another mandate of the new law is the ability for any visitor to be able to opt out of data collection. As you can imagine Google Analytics presents a bit of an issue in this regard. Luckily, plugins like this make it easy to let people decline Google’s tracking.
This plugin can serve as a replacement for other Google Analytics plugins. You can insert your UA code right into it and allow visitors to opt in and out of tracking at will. It also integrates with plugins like Google Analytics Dashboard and MonsterInsights to check that your UA code is valid.
While this has its own issues, namely in that there’s no way to track advanced features like user device or unique views, it’s a much simpler solution that’s privacy-focused out of the gate. If you’re looking for a basic Google Analytics alternative without all the GDPR baggage, definitely go with Statify.
Simple yet customizable, GDPR Cookie Compliance is one of the best WordPress cookie banner plugins you can get. It gives you full control over your banner and its functionality. You can customize the banner itself, control when cookie scripts load, and change the cookie expiration date. Users also retain control over their data; they can revoke their tracking consent at any time.
While all the base features you need are in the free version, the premium edition adds some but helpful extras. These include multisite support, consent logging and analytics, geo-location so you can only show the banner to specific visitors, and a full screen layout.
Privacy violations can appear in the strangest of places. You might not expect something as simple as a social media sharing button to be a GDPR liability. But in fact, those little sharing buttons can end up being a huge deal. Sites like Facebook use them to pull data from not just people who click on them, but everyone who visits your site.
Shariff aims to let users share your content on social media without compromising their privacy or your GDPR compliance. The Shariff Wrapper plugin brings that implementation to WordPress.
It adds privacy-focused share buttons to your site, which come with several designs. Think twice before adding any other kinds to your site!
As mentioned, the GDPR decrees you to provide users with the data you’ve collected on them and erase any information you have on request. GDPR Data Request Form takes automates this whole process for you.
It integrates with the default data privacy tools provided by WordPress core. Use a shortcode, widget, PHP function, or Gutenberg block to display a data request/erasure form anywhere on your site. You’ll get a notification in Tools > Export/Erase Personal Data where you can validate the user request. Doing so will automatically pack up and send over their data or erase it from your database.
It’s a simple, efficient implementation and one that works very well.
If the GDPR isn’t your only problem, CookieYes provides help for various international laws, including the CCPA (California), LGPD (Brazil), and CNIL (France). This plugin can add a cookie consent banner to your site which, in accordance with GDPR, only applies cookies once the user agrees to them.
The premium version has plenty of advanced features. You can accept cookies on scroll, show what cookies you set, and give users the ability to reject specific ones. In addition, the plugin lets you include a button to show again and revoke or give back access, and add a “do not sell” option. Finally, you can even block scripts from services like Google Analytics and social media sites.
If you’re having trouble with other cookie banner plugins and need a feature-rich tool that covers all your bases, try CookieYes.
Third-party APIs can end up being a sneaky GDPR violation, and Google Fonts is a common culprit. You wouldn’t think a simple script that embeds fonts on your site would result in any privacy violations. But, any time a visitor loads a page with a Google Font on it, Google silently logs the user’s info. And unfortunately, it’s your responsibility and not theirs to shut this down.
While you can ask for consent using one of the above banner plugins, another option is to use the OMGF plugin to host the fonts on your own server. As long as you’re not importing them from Google, they won’t set any tracking scripts, and you’re in the clear.
The free version does its job well. You can also try the premium version to automatically detect and replace all Google Fonts on an entire page, minimize your load times with special optimizations, and combine several font style sheets into one.
Complianz is a cookie consent plugin with a focus on customizability. It works with a wide variety of privacy laws from across the globe, integrates with tons of different plugins, and lets you customize your cookie notice for specific regions.
There are plenty of nifty features here, from automatically blocking third parties like Google Maps and ReCAPTCHA until consent is given to scanning automatically for changes in cookies and collected user data.
And it’s not just a cookie banner; you can also use it to export or erase user data.
Last but not least, we have a small but efficient plugin that covers all the GDPR basics. The GDPR Framework is among our best plugins because it aims to reduce the workload of dealing with data export or deletion requests in WordPress by doing it automatically or manually after notifying you as you wish.
The GDPR Framework integrates with plugins like WooCommerce, Easy Digital Downloads, Contact Form 7, and Email Subscribers & Newsletters. That way, the data these plugins collect will be archived and deleted at the user’s request.
Finally, it’s 100% free and fully extensible, so developers can make great use of it. It’s also compatible with WPML so you don’t need to worry if your site isn’t in English.
The GDPR Framework covers all the GDPR basics, and there’s no hidden costs to deal with.
Protect User Data With These WordPress GDPR Plugins
You might think that you’re safe to ignore the GDPR if you’ve gone this long without getting in trouble. But all it takes is one report to get hit with several costly fines. This is definitely something you want to take seriously.
If you’re processing user data, even something as simple and small as logging visitor IPs or setting cookies, it’s imperative that you ask for consent and disclose this to users, along with following all of the other GDPR regulations.
You shouldn’t just install a plugin and hope you’re covered. It’s always best to do careful research and consult a lawyer if possible. But these plugins can take care of the functionality you need to add, so implementing the GDPR’s regulations can be a simple, painless task.
Let us know which of these WordPress GDPR plugins you like best. They’ve all got a little something for everyone, but which do you find most appealing?