GDPR compliance has been the center of attention- especially in the online world – ever since the implementation of the same on May 25th, 2018. The consequences of non-compliance including the hefty fine made it almost impossible for people to take it lightly, as they did with most other online privacy laws.
Among the list, Cookies can be a major hurdle in your journey to compliance. Unlike the rest, they can’t be easily tracked thus making its management hard for website owners. There are first-party cookies that help websites provide better customer experience and third-party cookies that invade visitors’ privacy. Thus, in short, there are both good and bad cookies.
This is why GDPR has brought strict guidelines on how cookies should be managed by websites to achieve compliance. In fact, this article is a review of the GDPR Cookie Consent plugin that helps WordPress/WooCommerce websites with GDPR cookie compliance. You can learn how it works, how it helps with GDPR compliance, its configuration, set up, etc.
If you are ready to take everything in, let get straight into it.
Why the GDPR Cookie Consent Plugin?
It must be the very first question that would have popped into most of your heads. Why the GDPR Cookie Consent Plugin? Let’s start by answering it first.
The GDPR Cookie Consent Plugin is one of the popular options in the WordPress plugin repository with over 900,000 active installations at the time of writing this article. In fact, it’s highly rated, offering the best customer service, and above all comes with a bunch of great features and a user-friendly interface.
Features Offered by the Plugin
Following are some of the major features offered by the WordPress Cookie Consent plugin.
- Fully customizable cookie consent banner – The plugin helps you create a customized cookie banner that blends with your website’s design along with fulfilling the GDPR requirements.
- Assistance in DSGVO, RGPD, LGPD, CCPA compliance – In addition to GDPR, the plugin also offers assistance for DSGVO, LGPD, and RGPD which are language variations of GDPR, and CCPA (California Consumer Privacy Act).
- Useful shortcodes – The plugin offers numerous shortcodes to extend the functionality of the plugin.
- Automatic script blocking for third-party plugins – You can enable automatic-script blocking for certain third-party plugins until users grant consent.
- Cookie audit – You can manually list cookies and display them on your website using a shortcode.
How to Set up the Plugin on your Website
To install and set up the plugin on your website you can either download it from WordPress as a zip file or directly install it from the WordPress admin.
From your WordPress Dashboard go to Plugins > Add new.
Enter the keyword ‘gdpr’ in the search box. It will show you a list of plugins for GDPR compliance and choose the one by ‘WebToffee’ from the list.
Subsequently, click Install and Activate.
Activating the plugin will add a new menu GDPR Cookie Consent to your WordPress dashboard. You can go to the plugin dashboard by clicking on the menu.
How the Plugin Assists in the GDPR Compliance of your WordPress Website?
Learn about the different use cases of the plugin that helps your WordPress website to comply with the GDPR.
Displaying Cookie Notice on your Website
Notifying users regarding the presence of cookies on your website, allowing them options to Accept/Reject cookies, etc., are some of the key requirements under GDPR that determine your website’s compliance.
The plugin lets you configure and customize a cookie banner for your website as per the GDPR (DSGVO, RGPD) guidelines. You can also create it by including the compliance requirements under CCPA.
The General settings window lets you either enable or disable the cookie bar and it also allows you to choose the law with which you wish to comply. You can set it exclusively for GDPR or CCPA. To achieve compliance under both laws you can even enable CCPA & GDPR together.
Up next, you can configure what happens to the cookie bar after a delay and whether to enable ‘Accept on Scroll’ (The plugin warns you to use this option with discretion if serving EU since it is mandatory to take explicit consent under the GDPR).
Cookie Bar Customization
This section is dedicated to the customization of the cookie bar,
As visible from the screenshot, you can add a message heading, include a custom message (if you wish to change the default one), change the background and text color, and choose your favorite font, etc.
The plugin also offers you three different options for displaying cookie notice on your website – Banner, Popup, Widget. You can position your Cookie notice as a Banner/Popup/Widget either on the header or footer of your website. You can also configure how your cookie banner behaves ‘on load’ and ‘on hide’.
Option to Revisit/Revoke consent
In this section, you can allow your users to view/edit/revoke their consent, which is a major requirement under the GDPR. You can configure it as shown below.
By enabling the revisit consent widget checkbox a small privacy widget will be automatically displayed at the footer of your website.
You can choose the tab position for the widget as either right or left. Specify the distance from the right margin and add a custom title for the widget which is ‘Privacy & Cookies Policy’ by default.
You can also manually insert a link to manage consent by adding the shortcode [wt_cli_manage_consent] to your website.
Here you can add customizations to the buttons/links on the cookie banner. This button/link can be customized to either simply close the cookie bar, or follow a link.
Accept, Reject, Settings buttons and a Read more link can be added to the cookie bar.
You can customize the color, style, and size of buttons/links. Each button has a corresponding shortcode. By simply inserting these shortcodes to the cookie notice bar you will be able to add the button to it. You can also change the button/link text to add a custom one.
List of shortcodes available
Inside the Help Guide tab, you will be able to find some shortcodes that you can add to the “message” field of the cookie bar. These shortcodes add nicely formatted buttons and/or links into the cookie bar, without you having to add any HTML.
Other than that, there is another list of shortcodes that can be used in pages and posts on your website. [cookie_audit], [delete_cookies], etc., are some of them.
If you prefer, you can customize the existing content as per your website’s requirements and add custom sections to the policy page.
Create a Cookie-List on your Website
In this section, you can add all the cookies that are present on your website to the cookie list along with their respective Cookie ID, Cookie Type, Cookie Duration, and Cookie sensitivity (necessary/non-necessary), etc.
Newly added cookies will be visible in the below-shown cookie list.
The paid version of the plugin automatically scans your website for cookies and categorizes them based on their purpose.
Other than the direct Accept/Reject options, you can seek categorized cookie consent from your website visitors’ by adding the [cookie_settings] shortcode to the cookie notice. The cookie settings button takes users to the following popup.
Here you can give them the option to enable/disable the non-necessary cookies on your website (by simply toggling the button). Necessary cookies will be enabled by default. Users’ will not have an option to disable cookies categorized under necessary.
This avoids the possibility of having essential cookies (that are relevant for the functionality of your website) getting rejected by your website visitors.
The plugin allows you to add a short description below both necessary and non-necessary buttons to help people understand what these cookies are and how they work. If you do not want to add a custom one, the plugin will display the default descriptions.
You can also change the default titles to anything you like.
The paid version of the plugin supports more categories and gives users granular control over cookies.
Enable Third-Party Script Blocking
Third-party cookies can be a major deterrent to achieving cookie compliance if not handled properly. They creep into your website when using third-party services related to advertising, marketing, etc. With the plugin enabled, you can configure to have these cookies rendered only upon users’ consent.
Currently, the plugin supports three plugins for auto-script blocking – Official Facebook Pixel, Smash Balloon Twitter feed, and Smash Balloon Instagram Feed.
The plugins marked inactive in the above list are either not installed or activated on your website. Enabled plugins will be blocked by default on the front-end of your website before obtaining user consent and rendered respectively based on consent.
If you opt for the pro version you can configure auto-script blocking for many more popular third-party plugins.
GDPR will remain a key element in the management of the online privacy of website visitors. The plugin will indeed be a great help in achieving compliance, but it alone cannot ensure compliance with the law. This makes it important for you to work with a legal body and to make sure that you are leaving no door open to the violation of the law.
Also, check out our handpicked collection of top GDPR friendly WordPress themes.