Skip to content

How to Make a GDPR-compliant Website with Jupiter X

What is GDPR?

GDPR or General Data Protection Regulation is a data privacy and protection law that was passed on May 25, 2018. The GDPR requires companies and site owners to be transparent about how they collect, use, and share personal data. It also gives individuals more access and options when it comes to how their personal information is collected, used, and shared.

You can learn more about GDPR from the European Commission’s Data Protection page.

Many businesses have been learning about how GDPR affects websites and its owners and administrators have made changes to ensure that they have a GDPR-compliant website. However, some businesses are unsure how to construct a website that fully complies with GDPR while others have ignored GDPR completely.

Requirements for Having a GDPR-compliant Website

As a website owner, you need first to acknowledge the way your company gathers personal data. Under GDPR, organizations must inform customers of their new rights under the new regulation. The interaction between users and your website must be as transparent as possible.

Websites must show what information they are collecting and offer various choices to get consent. Furthermore, you should enable users to view the information gathered about them and should give them the option to remove specific information from your systems.

Also, it must be remembered that most eCommerce sites use third-party transaction ‘gateways’, but some do hold personal data on their own servers, too. In such instances, this data has to be held securely, with the users being told where their data is being held.

How to Make a Website GDPR Compliant with Jupiter X

Here are the minimum requirements for GDPR compliance.

Google Fonts

There are still discussions going on about making Google Fonts GDPR compliant. According to this thread, you should either disable Google Fonts from your website or use locally hosted fonts. If you do NOT use any Google Font in the Jupiter X > Customize > Fonts & Typography and also in any other element in Elementor editor, it will be automatically disabled from the whole website. Also, check “Disable Default Fonts” in Elementor > Settings. This way, the Google fonts won’t load on the page unless it’s being called by another plugin.

Cookies

GDPR Compliant Website Cookies

I suppose that you’ve already seen those pop-ups and banners that ask you to accept cookies on a website. Your website uses cookies to track user data. Now more than ever, it’s essential to obtain consent. You need to prevent cookie tracking until you gain consent, and if your users reject your request to track their data with cookies, you must not track their data during their visit. There are plugins that help you out here. Here’s a shortlist of some popular ones:

Google Maps

GDPR Complian Website Google Maps

WP Google Maps has provided for a consent notice on the Map area before the Maps API is loaded. This is because GDPR requires that data subjects (site visitors) give explicit consent before their data may be processed. The Google Maps API sets and stores cookies with some user information, such as IP Addresses, which is regarded as personal data.

So, it’s recommended to avoid using Google Maps altogether. The good news is, you can find alternatives to Google Maps. For instance, you can choose Sweco or Open Street Maps with their own servers.

Removing Youtube and other iFrames

GDPR Compliant Website Youtube

YouTube stores cookies through its iframe player for many reasons. YouTube is tracking which user is watching which video through your iframe to improve its own data collection. This helps YouTube recommend better videos for that user. Yes, YouTube is tracking the user. But that is reasonable considering that they are displaying the content and want to improve their analytics.

To block cookies from iFrame embedded pages like YouTube, you need to watch their embed settings.

In YouTube, there’s an option to enable advanced privacy options https://take.ms/aAvv6s. If you enable this, you will see the embed src changes to “youtube-nocookie.com”.

Obtaining Consent in Collecting Information in the Forms

Did you think about newsletter subscription forms, payment forms, customer info sheets, and even your signup forms? These are affected by GDPR, too.

As a form owner, you should be able to tell which data are identifiable and which are not.

GDPR Compliant Website Form

In Jupiter X, we added “Acceptance” field in the Form element which will enable the GDPR consent check for your form as shown in the example below.

Be aware that if you use a form plugin, they store submitted forms in the database. Fortunately, such plugins are being modified to include a “do not store form data” option in the configuration. Make use of it.

If you follow these steps, then you are on your way to having a GDPR-compliant website. However, there are still things to consider to make sure your website is GDPR ready. Sometimes a third-party plugin can cause incompatibilities which you should find and resolve. There are also GDPR testing tools which will help you detect possible issues on your website. The point is to use GDPR ready tools such as Jupiter X, or other compatible themes and plugins if you want to have a fully GDPR-compliant website.

Create Your
Dream Website with

Stay in the Loop

Sign up for our newsletter and stay up-to-date on the
latest WordPress trends, insights, and resources.

By entering your email, you agree to our Privacy policy and Terms of Services.

Share

Tatyana Hutsol

Tatyana Hutsol

Tatyana is a cherished member of the Artbees Support Team and has a close familiarity and expertise with WordPress Themes. First starting her career in hosting support services, since then Tatyana has been working with creation and functionality in WordPress platforms and themes.

No comment yet, add your voice below!


Add a Comment

Your email address will not be published. Required fields are marked *