What is GDPR?

GDPR or General Data Protection Regulation is a data privacy and protection law that was passed on May 25, 2018. The GDPR requires companies and site owners to be transparent about how they collect, use, and share personal data. It also gives individuals more access and options when it comes to how their personal information is collected, used, and shared.

You can learn more about GDPR from the European Commission’s Data Protection page.

Many businesses have been learning about how GDPR affects websites and its owners and administrators have made changes to ensure that they have a GDPR-compliant website. However, some businesses are unsure how to construct a website that fully complies with GDPR while others have ignored GDPR completely.

Requirements for Having a GDPR-compliant Website

As a website owner, you need first to acknowledge the way your company gathers personal data. Under GDPR, organizations must inform customers of their new rights under the new regulation. The interaction between users and your website must be as transparent as possible.

Websites must show what information they are collecting and offer various choices to get consent. Furthermore, you should enable users to view the information gathered about them and should give them the option to remove specific information from your systems.

Also, it must be remembered that most eCommerce sites use third-party transaction ‘gateways’, but some do hold personal data on their own servers, too. In such instances, this data has to be held securely, with the users being told where their data is being held.

How to Make a Website GDPR Compliant with Jupiter X

Here are the minimum requirements for GDPR compliance.

Google Fonts

There are still discussions going on about making Google Fonts GDPR compliant. According to this thread, you should either disable Google Fonts from your website or use locally hosted fonts. If you do NOT use any Google Font in the Jupiter X > Customize > Fonts & Typography and also in any other element in Elementor editor, it will be automatically disabled from the whole website. Also, check “Disable Default Fonts” in Elementor > Settings. This way, the Google fonts won’t load on the page unless it’s being called by another plugin.

Cookies

I suppose that you’ve already seen those pop-ups and banners that ask you to accept cookies on a website. Your website uses cookies to track user data. Now more than ever, it’s essential to obtain consent. You need to prevent cookie tracking until you gain consent, and if your users reject your request to track their data with cookies, you must not track their data during their visit. There are plugins that help you out here. Here’s a shortlist of some popular ones:

• WeePie Cookie Allow
• Ultimate GDPR Compliance Toolkit for WordPress
• Cookie Consent
• Cookie Law Info
• GDPR Cookie Compliance

Google Maps

WP Google Maps has provided for a consent notice on the Map area before the Maps API is loaded. This is because GDPR requires that data subjects (site visitors) give explicit consent before their data may be processed. The Google Maps API sets and stores cookies with some user information, such as IP Addresses, which is regarded as personal data.

So, it’s recommended to avoid using Google Maps altogether. The good news is, you can find alternatives to Google Maps. For instance, you can choose Sweco or Open Street Maps with their own servers.

Removing Youtube and other iFrames

YouTube stores cookies through its iframe player for many reasons. YouTube is tracking which user is watching which video through your iframe to improve its own data collection. This helps YouTube recommend better videos for that user. Yes, YouTube is tracking the user. But that is reasonable considering that they are displaying the content and want to improve their analytics.

To block cookies from iFrame embedded pages like YouTube, you need to watch their embed settings.

In YouTube, there’s an option to enable advanced privacy options https://take.ms/aAvv6s. If you enable this, you will see the embed src changes to “youtube-nocookie.com”.

Obtaining Consent in Collecting Information in the Forms

Did you think about newsletter subscription forms, payment forms, customer info sheets, and even your signup forms? These are affected by GDPR, too.

As a form owner, you should be able to tell which data are identifiable and which are not.

In Jupiter X, we added “Acceptance” field in the Form element which will enable the GDPR consent check for your form as shown in the example below.

Be aware that if you use a form plugin, they store submitted forms in the database. Fortunately, such plugins are being modified to include a “do not store form data” option in the configuration. Make use of it.

If you follow these steps, then you are on your way to having a GDPR-compliant website. However, there are still things to consider to make sure your website is GDPR ready. Sometimes a third-party plugin can cause incompatibilities which you should find and resolve. There are also GDPR testing tools which will help you detect possible issues on your website. The point is to use GDPR ready tools such as Jupiter X, or other compatible themes and plugins if you want to have a fully GDPR-compliant website.