Undoubtedly, Internet’s stellar development brought us immense progress in web technologies. However, it has also brought the most notorious data violations in the last years. Just ask Facebook!
Enter GDPR (General Data Protection Regulation), the ultimate data privacy regulation for everyone within the EU, officially in force as of May 25, 2018, as arguably the most critical privacy change in the last two decades!
With 43% of the web running on WordPress, and over 2.3 million live websites using Divi, GDPR compliance is a must if you want your site to thrive within the marketplace.
In that regard, if you’re yet to develop your website and you haven’t implemented any GDPR rule, by the end of this article, we’ll make sure that you’ll pay attention to every GDPR aspect of your Divi website. Let’s get started!
Table of Contents
- WordPress and GDPR Requirements
- What Type of Data You Collect?
- Is Your Privacy Policy Up-to-Date?
- Are Your Cookies Sorted Out?
- Is Your Divi Website Encrypted?
- Introducing: GDPR Cache Scripts & Styles
- Wrapping Up
WordPress and GDPR Requirements
The primary purpose of GDPR is to provide EU citizens with complete control over how they exchange and share their data, setting heavy penalties to businesses that do not respect the rules that the regulation imposes, up to 4% of the company annual’s annual revenue OR 20 million euros!
GDPR is mandatory for every business worldwide, especially if your website has web visitors from the European Union. The fundamental GDPR pillars that you need to know about before prepping your Divi website are:
- Unequivocal Consent: EU citizens’ personal data must be collected with their specific and explicit consent. For example, you can’t send people an unsolicited email without them agreeing to give you their email address via a specific opt-in for the purpose.
- Data Privileges: Your website visitors must know how their data is stored and used by your website. Additionally, you need to allow them the right to download their data or to have their information deleted from your database on their request.
WordPress puts immense importance on users’ privacy, committing to operating according to GDPR rules. The vast WP and Divi community help website owners in their efforts of transparency towards the visitors and how their data is processed.
The official GDPR requirements might sound intimidating, but they’re not insurmountable if you prepare well in advance. If you wonder what it takes for your Divi site to be ready for GDPR, we hope that you’ll be much more confident about the entire process by the end of this article.
Disclaimer: We are by no means attorneys or legal GDPR advisors. The following advice comes strictly from our experience and educated work. From a legal perspective, for implementing GDPR regulations to their full extent, please consult with a legal solicitor before starting your online business with a Divi website.
What Type of Data You Collect?
Understanding what type of data you’ll process and where on your website is fundamental for preparing your Divi website for GDPR consent. A live website could collect data via web forms, cookie consent checkboxes, online payments, blog comments, and subscriptions.
A lot of the data that you can collect is not limited to name, surname, and email only, such as IP addresses and device-specific cookies. There’s also data collected via third-party providers that help you facilitate your services, such as payment gateways, email marketing apps, or embedded content.
Ensuring that third-party service provides adhere to the GDPR rules is mandatory if you want to keep potential customers safe.
On our Privacy Policy page, besides detailing the type of data we collect and how we use it under the GDPR regulations, we also outline what service providers we use and how they’re obligated to protect users’ data.
Is Your Privacy Policy Up-to-Date?
When it comes to GDPR compliance, the gold standard you need to stick to is collecting only the required data and nothing else. Of course, every information can be important. But, before updating your privacy policy, consider if the users’ data is indispensable for your business.
Thus, if you’ve already collected any excess data that you no longer need, or worse, data you don’t have permission for, delete it at once! People’s personal data shouldn’t stay longer than the purpose you’ve acquired it for.
Ensure that you’re fully transparent towards your site visitors and customers. Everyone needs to understand what type of data you collect, how you’ll use that data, how long, and what for.
Don’t forget to allow users to access the information you’ve gathered from them in case they want to validate that you’re fully transparent or want their data removed entirely from your Divi website.
Are Your Cookies Sorted Out?
Nowadays, there isn’t a professional website that doesn’t use cookies! Each time a visitor opens a website, the cookie consent checkbox always appears, and the cookies are stored in the browser to gather on-site behavior and statistical data.
As we said previously in this article, any third-party integration such as AdWords, YouTube, or Google Analytics could gather users’ data on its own, performing that via cookies in the process.
The various cookies you plan to use for your Divi website must be distinctively defined and outlined within your privacy policy. It all comes down to consent. Will you provide users with the option to accept cookies as they navigate your website?
The usage of cookies must be disclosed to the users when they visit your website for the first time. Luckily, we have the plugin that can help – Divi Areas Pro, the ultimate Divi extension!
With the Divi Areas Pro plugin, creating cookie notices is effortless, and if you’re already familiar with it, it will be a fairly straightforward process for you!
Try Divi Areas Pro today
Sounds interesting? Learn more about Divi Areas Pro and download your copy now!
Many pre-designed layouts. Automated triggers. No coding.
Click here for more details
Is Your Divi Website Encrypted?
GDPR compliance is all about security, and this is where web encryption steps in. To keep your Divi site secure and prevent GDPR infringements, implementing site encryption by moving from HTTP to HTTPS protocol is a must.
When it comes to encryption, there are two main aspects that you need to pay attention to: web traffic and data storage. As of 2018, Google labels every non-HTTPS website as not secure, and the word ‘encryption’ is mentioned several times throughout the entire 200+ pages GDPR regulation.
An SSL certificate, a security protocol working on top of HTTPS, is a critical measurement to set up for GDPR compliance, especially if you want to sell products with your Divi website.
It provides your website with an extra layer of security by transferring data such as payment details via an encrypted internet connection, making it inaccessible to hackers, giving potential customers peace of mind when opening your site.
Introducing: GDPR Cache Scripts & Styles
At Divimode, we take data security seriously, and now we’re thrilled to introduce our revolutionary solution – GDPR Cache Scripts & Styles. Safeguard your visitors’ privacy like never before!
Our plugin is your fortress of protection. It meticulously scans every URL enqueued through wp_enqueue_script() and wp_enqueue_style(). When an external URL is detected, the file is securely stored in your uploads-folder and served from there.
But that’s not all – it also combs through CSS files to identify external dependencies and preserves those files in your uploads-folder.
No need to worry about sluggish response times or performance hits! GDPR Cache Scripts & Styles works seamlessly without any “output buffering.” It harmoniously integrates with recommended WordPress functions, ensuring your website remains lightning-fast, no matter how vast it is.
Our plugin has been rigorously tested with leading themes and plugins, including:
- Block Editor (for embedding Google Fonts via the Customizer’s “Additional CSS”).
- Divi (find detailed configuration instructions in the plugin’s documentation).
- Elementor.
- Jetpack (especially in conjunction with performance-boosting options like “site accelerator”).
- Fonts Plugin | Google Fonts Typography.
And guess what? Most other plugins and themes play nice with GDPR Cache Scripts & Styles, too!
Ready to enhance your website’s privacy and performance? Download the plugin directly from the WordPress plugin directory. Should you encounter any hiccups along the way, please don’t hesitate to reach out. We’re dedicated to perfecting our GDPR plugin for your peace of mind!
BONUS: Curious about the journey behind creating this exceptional plugin? Dive into our story in “Can I Create That Plugin in 24 Hours?” and uncover the magic that powers our innovation.
Wrapping Up
As you’ve learned by now, GDPR is massively important! If you haven’t done anything to make your Divi website GDPR compliant, we encourage you to do your due diligence now and ensure that your site adheres to every rule of the regulation.
Without a doubt, implementing GDPR on your website can be challenging. But remember that by complying with laws, you’re also creating a better experience for your target users. Moreover, you ensure that your website visitors’ data is safe!
Do you have any other questions regarding Divi, GDPR, or WordPress? Please drop us a comment! We’ll make sure to respond, or maybe even write a whole article about it.