How to Add GDPR-Compliant Privacy Policy on WordPress

According to a recent study, 41% of the respondents admitted that they’ve purposefully altered their personal information when filling in online forms due to a lack of trust.

As a website owner, your ability to keep personal information private is vital to your site’s success. Besides building credibility, being clear about what data you collect and why you collect it can also keep you away from legal issues.

With GDPR coming into effect, every website has to participate in transparent data gathering and processing regardless of the location. In this post, you’ll learn about GDPR and how to make your site GDPR-compliant.

What Is GDPR-Compliant Privacy Policy?

The General Data Protection Regulation is a regulation aiming to protect EU citizens’ personal information. With GDPR, EU citizens will have more control, access, and choice regarding how businesses collect, use, and share their data.

Suppose your company offers goods and services to EU citizens. Or, your website gets a small amount of revenue share from the EU citizens. In those cases, you have to have a GDPR-compliant privacy policy. Therefore, this regulation is not only limited to those companies in the EU, but it also covers all having business transactions with EU citizens, regardless of where the business stands.

On top of that, if you don’t have a GDPR-compliant privacy policy, you risk being fined €20 million out of your bank account.

Step-By-Step Guide to Add a GDPR-Compliant Policy on WordPress

Cutting the EU out from your business marketing campaign is not an option way. As they share 8.4% of the global internet traffic, doing so will limit your site’s growth. Here, we have five easy steps to make your site GDPR-compliant.

1. Update WordPress

The latest WordPress version, 4.9.6 or higher, comes with many in-built privacy policy features, including:

  • a privacy policy page generator which allows you to create a privacy policy page instantly,
  • the straightforward consent option for more GDPR-compliant WordPress comments, and
  • data handling that will enable you to export and erase users’ personal information.

Take advantage of those features as any WordPress hosting service often packs WordPress auto-updates, ensuring your site runs on the newest version.

2. Create a Privacy Policy Page

The basis of GDPR is to encourage website owners to provide their visitors with safe browsing experiences. Meaning, a privacy policy page is a must-have page for every business’ success. A good privacy policy page should cover who you are, what personal data you collect, why you collect it, and where you share them.

To create a privacy policy page, you can use WordPress’s privacy policy page generator. To do this, go to Setting and choose Privacy. With this feature, you can select the default page WordPress has prepared for you or Create a New Page. However, you can also find lots of privacy policy page plugins, such as WP AutoTerms, to take advantage of.

3. Provide a Cookie Consent

As cookies can collect and share personal information, providing cookie consent is an excellent call when making your website GDPR-compliant. When providing cookie consent, you give your visitors the choice to share or keep their personal information. That way, you only collect users’ data after they’ve given permission. 

Starbucks does a great job at it. Its cookie notice pops up in the middle of its homepage, allowing users to spot them very easily. Moreover, the model makes it inconvenient for users to scroll through the page and read the content. Thus, it’s impossible to ignore the notification.

Luckily, creating cookie consent is easy. You can add the GDPR Cookie Consent plugin to your WordPress site. It will add a cookie banner with Accept and Reject options to your website. The Reject button provides users opt-out of any data storage, emphasizing the value of users’ choice over their personal data.

4. Review Your Third-Party Solutions

While your website is free from processing users’ data unlawfully, it never hurts to check if the additional software you add is GDPR-compliant. These third-party solutions include analytics tools, WordPress themes and plugins, social media sharing buttons, and chat services.

Ensure you understand what the services collect, why they gather them, and how they handle that sensitive information. Once you obtain all the data, include them on your privacy policy page. Also, you can list them on your cookie consent.

5. Provide Notifications for Policy Updates and Data Breach

There are chances that in the future, the EU will alter GDPR regulations. Therefore, it’s best to keep your users informed in the events of policy updates.

To do this, you can notify your users through emails as soon as you update your site’s privacy policy. However, GDPR compliance plugins make it easier to email blast your users. As these plugins can help you with auto-notifications, you can set one after any changes to your site’s privacy policy or when a data breach occurs.

Components of an Effective Privacy Policy

With GDPR encouraging all site owners to be transparent about the users’ data storage and processing, you’re left with one choice: providing your site with a privacy policy. Here’s the list of four essential elements that your privacy policy should have.

  • List of the types of data you collect. Write down every single type of data you gather from users. This can include names, mailing addresses, phone numbers, credit card information, email address, place and date of birth, and photographs.
  • Use of the data. Aside from knowing what data you collect, users also deserve to know why you need them. Therefore, you need to be clear about the reason you store users’ data. In the case that you share the data with third-party services, you also should inform them upfront.
  • Security assurance. Users need to feel at ease when sending their personal information off. Therefore, elaborate on the security efforts you’ll make to keep the data sound.
  • Effective date. Including this will show users that you update your privacy policy regularly.


Although GDPR may look like a formidable challenge to tackle, it doesn’t mean to stand in your way. Its true intention is to ensure users have control over what they’re willing to share on the internet and that their data is in good hands. By implementing GDPR requirements, you’re participating in preventing a future data breach, which can also save your business.

More Articles:

How to Clean History, Cache, Data, Cookies in Microsoft Edge

How to Turn on InPrivate Browsing Mode in Microsoft Edge

Fixed: your Connection Is Not Private in Google Chrome

Brian Peng
Brian Peng is a PC technician and network engineer with over 13 years of IT experience. He has worked in the IT industry for a long time, providing IT support and network service support for various companies. Currently, he has written over 1000 articles about computers, games, and mobile.

Leave a Response