In my journey to becoming GDPR-compliant, I’ve done a lot of research on what needs to be done for my online business. And while I’ve found a lot of information about GDPR in general… and what things businesses should be implementing in order to become compliant… I haven’t found a lot of information with step-by-step instructions on exactly how to get this all setup. (I’m assuming some of this is due to all the different website platforms, website plugins/code, and email marketing platforms different businesses are using.) So I decided to document my process in the hopes of helping other online entrepreneurs. In this article, I am walking you through not only the different things I considered in my GDPR-compliant quest… but also the decisions I made for my business and the instructions for how to actually get this stuff done!
Disclaimer: I am not a lawyer or data protection expert – and this blog post does not include legal advice. If you have questions or concerns about GDPR or if you need legal advice about how to comply with the GDPR, please consult with an attorney.
Disclosure: This post contains affiliate links for products or services that I personally use and highly recommend. If you click on the link and make a purchase, I may receive a commission (at no additional cost to you). I’ll probably buy a coffee with it – which I promise to drink while creating more helpful content like this. One more thing: I only recommend products or services I believe will be good for my readers and clients. (I don’t recommend junk; that’s not how I roll.)
OK! Now that that’s out of the way… let’s get on with this, shall we?
As I already mentioned, this is just a walk-through of what I did (and what I’m currently working on doing!) for my own business – and for some of my clients too. You can use this information to help you think about what you might want to consider doing on your website. And if you decide to do something similar to what I’ve done, you can use my instructions for how to actually make these changes on your website or email marketing platform. My goal is to help save you some time and frustration with this process. I hope you find this helpful!
RESEARCH, LEARN AND MAKE DECISIONS
The first thing I did was to research and learn as much as I could about GDPR. I tried to find reputable sources and lawyers who were knowledgeable about GDRP. There’s a TON of incorrect and conflicting information about GDPR; so you’ll need to choose your resources wisely. I have some GDPR resources that I recommend here. Then you’ll need to decide what you need to do to be GDPR-compliant. What works for one business may not be appropriate for another business. You’ll need to make decisions on how you are going to comply with GDPR for your business. It’s not as simple as telling your web designer to “make my website GDPR-compliant”. Get educated – and then be the Boss Lady I know you are… and make your decisions. If you have questions or concerns about GDPR or if you need legal advice about how to comply with the GDPR, please consult with an attorney.
After I felt like I had a good understanding of the GDPR requirements, I did a thorough walk-through of my website. I looked at every web page, every opt-in form, my blog, my plugins, and more. As I did my website audit, I jotted down any instance where I was capturing any data from website visitors. (OK… I didn’t really “jot” it down… I create a spreadsheet that tracked everything so I could make sure I had all the data organized in a way that would be easy for me to use now – and in the future when I added new opt-ins and forms. #NerdAlert)
The purpose of this audit is to understand where data comes into your business and where it goes. For example, if someone takes my “Should you DIY your Website or Work with a Web Designer?” online quiz and wants me to email them with some additional information about their quiz result, their answers and results are not only tracked in my quiz software, but also in my email marketing account. Here are some additional examples from my website’s audit – and from other examples from my clients. (As I include instructions in this blog post for each of these items, I will include a link so you can easily jump to that section.)
- Contact forms
- Lead forms, intake forms and questionnaires
- Newsletter and freebie opt-in forms (aka “lead magnets”) that give people something for free (a download, a webinar, a video training, a challenge, etc.) in exchange for their email address
- The comment form on your blog posts
- The checkout form in your online store
- A registration page for an online course
- Google Analytics, Facebook Pixels and cookies (yep, they store data about your website visitors too!)
Then I included a link to each of these 3 pages in the footer of my website – and in the footer of all of my website landing pages:
I am using the Contact Form 7 Plugin for some of my website’s forms. I found 2 easy ways to add the consent checkboxes:
- Use the WP GDPR Compliance plugin.
– or –
- Add the acceptance checkbox field to your Contact forms.
Newsletter/Freebie Opt-In Forms:
Blog Comment Forms:
There are some new features that have been released in the past few days in order to help website owners with modifying their WordPress blog comments forms as they deal with privacy policies, data consent, and cookies. Here are 3 different features you may want to add to your website blog comments:
- A cookie consent checkbox
Personally, I decided to display the cookie consent checkbox (which is optional for my website visitors to check) and the data storage/handling checkbox (which is required that they check).
- The cookie consent checkbox is a new built-in feature of WordPress (but may require you to change your JetPack settings in order for it to display).
- The Akismet plugin has a new setting that allows you to display their privacy notice.
You can get my step-by-step instructions for all 3 of these features using the following links:
>> HOW TO GET THIS STUFF DONE:
I still am working on getting additional pieces in place. And I also am anticipating GDPR-related updates from some of the services and plugins that I’m currently using. So this will definitely be a work in progress for awhile. But I hope this helps you with your own process of getting GDPR-compliant for your business.