Did your WordPress website comply with GDPR standards? An active effort will be required to achieve compliance. Managing cookies, transparency, security, consent… the measures to be implemented are numerous. You can rely on dedicated tools. Let’s talk about it.
Why should you be interested in the GDPR compliance of your WordPress website?
WordPress is the most widely used CMS in France and the world to create websites. Do you use it? Great.
However, your website is still a communication platform designed to collect personal data:
- through contact or quote request forms that allow you to obtain first-hand information from your prospects and users;
- through cookies that will enable you to collect behavioral data.
As a result, the question of compliance with legal standards, particularly GDPR, arises. Do you think you don’t have to do anything because the site is compliant?
- The CMS displays a banner by default to manage cookies and request consent from your audience;
- The providers of the plugins you install ensure that they are GDPR-compliant.
And yet, more than these measures and statements of good intentions are needed. You must undertake a GDPR compliance process for your site.
Here are the main points.
Manage your cookies, and request user consent.
In recent years, regulators have become stricter in enforcing rules. Remember this: some of your cookies (advertising, video…) must be consented to by your users before they can be deposited.
This is the end of the informative banners displayed before to tell users that the site uses cookies.
You must now equip yourself with a Consent Management Platform (CMP), a tool that will allow users to authorize or not authorize this deposit and to change their choices later on.
Choose a compliant solution and use it to replace the banner integrated by default by the CMS in your website.
Privacy policy filled up with transparency.
Your user has the right to know what personal data you collect, why, and how you use it. This is why you will provide educational sections:
- A privacy policy. This is the reference document for understanding how you process users’ data.
- A section on cookies and other trackers. It explains how they work and provides a simple way to object to them.
These sections are new pages to create. They are added to the legal documents that you are used to displaying:
- The legal notices. They identify the site publisher and its host;
- The terms and conditions of use and sales.
Attention! If you rely on a template, adapt the content (list of collected data, purposes of data use, types of cookies used…) to the specificities of your activity.
Bring your website’s forms into compliance with GDPR.
You will only need to implement a few simple measures:
- Limit the fields to a strict minimum and mention those that are mandatory to fill in;
- Users who fill in your contact form do not automatically agree to receive marketing emails or SMS messages. If you want to do so, include a checkbox on your forms so your users can subscribe to this mailing list.
- Include a mention at the bottom of the form to indicate the purpose of collecting the data and to refer to your privacy policy.
Optimize the security of your website.
Too many websites have IT vulnerabilities. We had presented cybersecurity as one of the reasons to speed up your GDPR compliance during lockdowns.
For example, if user accounts are poorly secured, quotes, contracts, and customer data can be accessed online.
A few standard measures are therefore required:
- Switch your site to HTTPS. Also, make sure that the deposited cookies are also encrypted in HTTPS;
- If you authenticate your users with an identifier and a password, comply with the standards required by the CNIL. Companies are regularly sanctioned for the lack of robustness of passwords recorded by end users.
Need a plugin for your compliance? Choose it carefully
Some functions, such as collecting and storing consents, sending GDPR rights exercise requests, and displaying a cookie banner… can be handled by third-party plugins.
After all, you are not an expert in GDPR; delegating makes sense. We won’t tell you otherwise. But it’s essential to choose your plugins carefully.
Several free plugins are not compliant with legal requirements, notably because they have yet to undergo legal expertise adapted to your regulation.
Some compliance tools can jeopardize… your level of compliance! For example, if your CMP provider reuses user cookie identifiers for targeted marketing.
Axeptio has designed its solutions based on thorough multi-disciplinary expertise. A high-quality DPO is involved in our work. Using our tool guarantees that you can comply with the regulations.
Conclusion: Axeptio provides intelligent tools for managing GDPR compliance
Axeptio has developed a robust approach to designing a user experience around consent. Our Consent Management Platform results from in-depth thinking and an innovative vision. Our CMP is a plug-and-play tool that is easy to install. By using it, you can easily enrich your website with the following:
- A 100% compliant method of collecting consent and storing the choices of your users regarding cookies.
- A polished user experience that makes using the module enjoyable. With Axeptio, a CMP is not just a “legal” tool but a service provided to your audience.
- A strategic marketing approach. The CMP becomes a valid showcase of the compliance and usefulness of your cookies. This way, you enhance your brand image and reinforce the trust of your audience.
