This is the third part of a multi-part series covering the topic of GDPR compliance for your WordPress website. Today we will look at what should be done with regard to gaining consent to collect personal data. As I mentioned in the previous GDPR post, this post is not a complete guide to WordPress GDPR compliance, rather I just wanted to bring to light some of the tools and insights that I’ve found useful in getting closer to GDPR compliance. Secondly, I am not a lawyer and therefore you should not rely on any of this with regard to your own legal protections particularly with regard to your website’s Privacy and Cookie policies. You should seek out professional legal advice which is the wisest and cheapest option for you, particularly if you end up facing legal issues with regard to GDPR data protection compliance in the future.
Privacy Consent is a key aspect of meeting GDPR compliance and to a degree, it is a very simple thing to achieve. All that is required with regard to WordPress is that whenever you collect personal data through a form on your website, you should be sure to include a required checkbox that indicates that the visitor has given consent for you to collect the data that they have provided in your form.
There is a little bit of nuance though concerning this. You not only have to include this consent option on your forms. You also have to implement a process within your organization that handles a website visitors’ removal of consent. This is not something that is “implemented” on your website per se, rather is a personal data right given to your website visitors because of GDPR. You need a way to handle this kind of request. There are several things that you should take under consideration when attempting to meet this part of GDPR which are:
- Define a process within your organization that includes steps for handling such a request such that you can demonstrate the handling of said request and that you sufficiently cease from using a person date where consent has been removed.
Form Privacy Consent
Once you have made it possible for someone to revoke their consent, the rest is pretty straightforward. As I mentioned previously, all you need to do is ensure that you include a checkbox on your forms where the user gives consent for you to use their personal data. If you are using a plugin like Contact Form 7, then it is extremely simple as there is an “acceptance” field that you can add to your form that automatically includes this consent checkbox. Here is an example of what that checkbox should look like on your form:
Here is a screenshot of what Contact Form 7 looks like when you are building a form. This may look slightly different than the standard Contact Form 7 plugin because I’m also using the CF7 Smart Grid Design Extension to give me control over the layout of the form but it should give you an idea of what it looks like. Here are the steps to create the privacy consent checkbox:
First – Create a new form in Contact Form 7 and click the acceptance form field type.
Second – Fill out the fields in the window that appears as follows (basically un-check the “Make this checkbox optional” checkbox:
Once you click the “Insert Tag” button, the field should now be added to your form and when you use this form on your website, it will display similarly to the example shown above.
As far as I know, there isn’t much more that needs to be done to meet the GDPR requirement of allowing a user to give consent when they submit a form on your website. In fact, the technical aspects of this are actually quite simple. It is the supporting processes in your organization that might take a little longer to think through and implement.
If you need a website for your business or are working on making your website GDPR compliant, we’d love to help you. Please don’t hesitate to request a free quote to speak with us further about your IT needs!