Divi GDPR Guide: Best Practices & Plugins

Privacy and data have become major concerns for both companies and online visitors, for all the right reasons.

It seems that there’s always someone behind the scenes that can either let us know that the data is used righteously for improving our service, or we won’t even know where that data goes.

However, since WordPress and Divi are committed to developing everything to the GDRP, the options for optimizing your website according to the rules and the plugins available are plenty.

This guide will help you stay transparent with your website visitors and their data and inform you about the best plugins that can help you achieve that purpose. Let’s begin.  

Disclaimer: We are by no means attorneys or legal GDPR advisors. The following advice comes strictly from our experience and educated work. From a legal perspective, for implementing GDPR regulations to their full extent, please consult with a legal solicitor before starting your online business with a Divi website.

Table of Contents

GDPR & Its Impact

The General Data Protection Regulation (GDPR) went into effect on May 25, 2018, as the new data protection law intended to protect individuals’ online privacy within the EU. This includes ensuring that personal information is collected and processed securely, safely, and transparently.

The regulation gives individuals greater control over their data and establishes strict guidelines for data controllers to respect whenever they handle user data.

Under the GDPR, individuals have the following eight basic rights:

  1. The right to access: People have the right to ask for access to their data and how a given company uses that data after being collected.
  2. The right to be forgotten: If users stopped being your customers or they withdrew their consent for you to use their data, they have the right for the data to be erased.
  3. The right to portability: People have the right to transfer their data from one service to another in a machine-readable format.
  4. The right to be informed: Whatever data you collect, people must be informed about it prior to collecting it.
  5. The right to data correction: When users want their data updated or corrected, they have the right to ask for it, and companies need to correct it immediately.
  6. The right to restrict processing: People can ask companies to limit their data for processing, which means that their data will remain but not be used for any purpose.  
  7. The right to object: Users have the right for companies to stop processing their data for direct marketing, as soon as the request is received.
  8. The right to be notified: Whenever a data breach occurs, people have the right to be informed within 72 hours of the event.

All websites that collect or process personal data must comply with the GDPR, including informing users clearly about how a website uses personal data and how to request access to that data. It also requires personal data to be processed lawfully, fairly, and transparently.

In general, to ensure GDPR compliance for your Divi website, you need to take the following steps:  

  • Examine existing privacy policies and communicate them – You should update your privacy policies as soon as possible to keep users informed about how the website collects and uses their personal information.
  • Get consent from your users for data collection – Consent can be withdrawn at any time and should be done so.
  • Provide users with access to their data – When a user requests access to their data, you should provide it to them in an easily accessible format and promptly inform the user of any delay.
  • Inform website visitors of any data breach – If a data breach occurs, you must notify the user of the breach immediately after becoming aware of it, as well as contact the supervisory authority to inform them about the breach.

The GDPR financial penalties for non-compliant businesses and data breaches can range up to €20 million or up to 4% of the infringing company’s global revenue for the previous fiscal year. The following are some of the biggest non-compliance fines issued so far:

  • Google – €50 million: They were one of the first major companies to be punished with a massive fine in 2019. Regulators from France ruled that Google didn’t make its data processing statements openly accessible to the users.
  • TIM – €27.8 million: Last year, the Italian authorities issued a €27.8m fine to Tim. The fine was imposed after countless complaints from users about unexpected promo calls lasting from 2017 to 2019, for which they never agreed.
  • British Airways – £20 million: In 2020, British Airways was fined £20 after website visitors were directed to a counterfeit site, which helped hackers collect the personal data of approximately 400K citizens!

Undoubtedly, GDPR created an equal playing field for businesses. Moreover, it reduced data breach risks, and now everyone is actively improving legislation and transparency towards the users.

In essence, GDPR has completely transformed how companies work with potential EU customers from the start, as well as how they conduct their marketing activities. Now, businesses regularly review their processes to make sure that they’re compliant with the GDPR.  

Most of the user data that you collect can be name, surname, email, and an IP address. Moreover, there’s also data that you collect through third-party providers that help you facilitate services, such as payment gateways, email marketing software, and embedded content.

Start by mapping out each type of personal data that you collect, where that data resides, who has access to it, and what you do with that data.

Afterwards, you need to determine the type of data that you must keep and get rid of any type of data that doesn’t serve your business goals. Consider the following:

  • Why are we collecting this type of data?
  • What do we want to achieve by collecting this data?
  • What is our financial gain from keeping or deleting this data?

On our Privacy Policy page, we outline the type of data that we collect as well as all the service providers we use and how they’re obligated to protect users’ data.

An updated legal document, license, procedure, or policy is a guarantee to staying transparent with potential customers and compliant with the laws. Thus, you must review each of your legal pages and documents, and update where necessary.

Each legal page and document required should depend on the type of business you own, the region you sell your products/services to, and the third-party services that you use for your website.

Publish Your Privacy Policy

If you collect information from your website visitors, such as their name, email address, phone number, or credit card information, you are required by law to post a Privacy Policy on your website.

This legal document informs users about the types of data you collect and why. It helps you establish trust with website visitors, particularly those who are about to become customers.

YouTube

By loading the video, you agree to YouTube’s privacy policy.
Learn more

Load video

Users will be more likely to view your Divi website as a safe place to purchase if you disclose your Privacy policy and explain exactly what type of information you collect and whether you share that information with third parties.

The clauses required for your Privacy Policy will vary depending on the type of business you run and the applicable legislation in the country you’re in. For example, if you sell products online, your privacy policy should be very different from that of a blog-only website.

In general, the Privacy Policy needs to contain the following:

  • A detailed description of the data that you collect, why you collect it, and how that data is used.
  • If your website is restricted for users over or under a certain age.
  • A description of the third-parties that you share users’ information with.
  • Any Privacy Policy update for the website visitors.

You can include a link to your privacy policy in the website footer or on the company’s About page.

When individuals allow you to store website cookies into their browsers for data purposes, that is referred to as providing cookie consent. Only a legitimate cookie consent enables you to process personal data.

The usage of cookies falls under the ePrivacy Directive. However, GDPR’s was pivotal for the vast cookie consent banners implementation. Article 4 of GDPR provides us with four critical conditions which make cookie consent banners valid: Freely given, Specific, Informed, Unambiguous.

According to GDPR, you need to meet the following principles to achieve a valid cookie consent implementation:

  • Personal data must be processed legally and transparently.
  • You can only use personal data for specific and lawful purposes.
  • Personal data must be collected only for specifically and publicly described purposes.
  • The information you collect must be accurate.
  • You must have timely measures to amend invalid data immediately.
  • Users’ data should be stored for as long as necessary for specific purposes.
  • Security measures must be implemented to prevent and resolve eventual data breaches.

The various cookies you plan to use for your Divi website must be distinctively defined and outlined within your privacy policy. It all comes down to consent.

Luckily, we have the plugin that can help – Divi Areas Pro, the ultimate Divi extension!

With the latest version of our Divi Areas Pro plugin, creating cookie notices is effortless! The latest update includes GDPR-compliant usage tracking for all Areas!

Divi’s GDPR Features

Try it now, and we guarantee that Areas Pro will bring your Divi experience to the next level!

When looking for a GDPR-compliant theme, look no further than Divi! It’s a comprehensive web design platform that helps you create and customize any type of website for your business.

YouTube

By loading the video, you agree to YouTube’s privacy policy.
Learn more

Load video

Together with Divi, you’ll also get plugins such as Bloom, which can be used for growing your email list and that provides you with GDPR consent features such as adding a compliance checkbox.

Ever since the GDPR officially stepped into force, the Divi theme included brand new options to the contact form such as customizable input fields which include GDPR checkboxes, and an option for linking your privacy policy adjacent to the checkbox.

YouTube

By loading the video, you agree to YouTube’s privacy policy.
Learn more

Load video

Among the most significant GDPR features that the Divi theme offers for your business are:

  • Automatic Custom Field Detection – Each email service works differently, however, each of them collects data using custom fields, which can be added to your opt-in forms.
  • Form Input Field Links – When adding custom checkbox fields to the Email Optin Module or the Contact Form module, you can attach links to the input label.
  • Reduced Data Collection – To make it easier for users to comply with the GDPR and other legal regulations, each data collection that Divi performs is audited and reduced.

GDPR Plugins to Consider

Depending on which plugins you’ll use, you must act in line with the GDPR rules. The following are some of the best GDPR plugins available that can help you stay compliant with the regulation:

1.MonsterInsights

It is one of the best Google Analytics WordPress plugins in the marketplace. MonsterInsights allows you to gauge how your site performs and generate detailed reports on your WordPress dashboard, which can be reviewed immediately.

It also allows you to de-identify IP addresses for Google Analytics in both the free and paid edition of the plugin. Furthermore, the plugin provides you with an EU-Compliance Addon, disabling the tracking and reporting features in Google Ads.’

2. Cookiebot

Cookiebot is a WordPress GDPR plugin that helps you get cookie consent from users for various categories.

YouTube

By loading the video, you agree to YouTube’s privacy policy.
Learn more

Load video

Under GDPR, the consent for cookies must be ‘freely given, specific, and informed’ by all users, which is why Cookiebot is perfect if you want to let users choose which cookies they want to stay active on their browsers.  

3. WP AutoTerms

If you need to create legal pages for different purposes, then the WP AutoTerms is the plugin for your Divi website. It allows you to generate legal pages swiftly, staying GDPR compliant in the process.

Moreover, WP AutoTerms allows you to customize your legal pages through fonts, colors, and CSS.

4. WP Activity Log

Personal data security is one of the main aspects of the GDPR terms, which is why WP Activity Log comes in handy, simply because it makes your WordPress website compliant by tracking what the logged-in users do on your site. The plugin logs all changes that users make on your website.

YouTube

By loading the video, you agree to YouTube’s privacy policy.
Learn more

Load video

This is excellent since most of the GDPR plugins don’t allow logging data access. If there’s a personal data breach, you’ll immediately uncover if the breach is accidental or there’s a culprit!

INTRODUCING: GDPR Cache Scripts & Styles

At Divimode, we are fully committed to data security and now, we are proud to be able to help Divi website owners protecting their visitors’ privacy with our very own solution – GDPR Cache Scripts & Styles.

The plugin scans every URL that is enqueued via wp_enqueue_script() and wp_enqueue_style(), and when detecting an external URL, that file is saved to your uploads-folder and served from there.

It also scans the contents of CSS files for external dependencies and saves those files to your uploads-folder!

This plugin does not add any “output buffering”, but it scans the URLs which are enqueued via recommended WordPress functions.

As a result, GDPR Cache Scripts & Styles doesn’t impact your website’s response time and performance, no matter how massive your website is.

We’ve tested this plugin with the following themes and plugins:

  • Block Editor (embedding Google Fonts via the Customizer’s “Additional CSS”)
  • Divi (see “Configuration for Divi” in the plugin’s documentation)
  • Elementor
  • Jetpack (specially with Performance options like “site accelerator”)
  • Fonts Plugin | Google Fonts Typography

Most other plugins and themes will work with this plugin as well.

You can download the plugin directly from the WordPress plugin directory. If you encounter any issues, please let us know, so we can improve our GDPR plugin!

BONUS: If you want to learn more about how we’ve created the plugin, read: Can I Create That Plugin in 24 Hours?

Wrapping Up

We hope that this article will be an excellent start towards GDPR compliance of your Divi website.

Staying GDPR compliant is an ongoing process of integrating the right legal and privacy practices that must be continuously reiterated and improved.

Besides saving you from legal troubles, staying compliant with the GDPR will provide your potential customers with peace of mind that they can trust you with their data.

What are some of the other practices to make your website GDPR compliant? Share your experiences in the comments below!