As it is with most things, meeting GDPR requirements is something you can take the time to do yourself. One of the easiest ways for WordPress website owners to do it yourself is with the help of WordPress Plugins. Some WordPress plugins are available and designed for implementing privacy protections and GDPR compliance assistance.
In this review, we will be comparing 6 GDPR compliance type plugins. Specifically, we will be reviewing five plugins found in the WordPress repository and a premium plugin.
Disclaimer: Using GDPR WordPress plugins will NOT guarantee compliance to GDPR. No plugin developer in their right mind would accept that legal liability. GDPR plugins are only designed to provide general information and some tools to assist you in reaching compliance. They are NOT meant to serve as complete compliance package. Compliance with GDPR is a risk-based process that is ongoing and will involve your whole business moving forward.
Free WordPress GDPR Plugin Options
Right now there are only about 5 free WordPress plugins available that deal with GDPR in the WordPress plugin repository. GDPR, WP GDPR Compliance, GDPR Framework, GDPR Cookie Compliance, and WP GDPR.
Just reading the description of this plugin makes us think that a lot of research and development has gone into this plugin. Kudos to at least their copywriter. The GDPR plugin has over 10,000 installs. The 4.5-star ratings appear to contain legitimate reviews that were helpful and the developer is very proactive with his support.
We liked the direction of this plugin's description as it addressed exactly what we were looking for.
This plugin is meant to assist a Controller, Data Processor, and Data Protection Officer (DPO) with efforts to meet the obligations and rights enacted under the GDPR.
We are impressed with this GDPR plugin. It is well thought out. The developer provides fantastic customer support and has an extensive roadmap planned to implement improvements. A major release is scheduled just prior to GDPR law going into effect. This allows time for existing users to make the necessary setting adjustments. It also provides new users of the plugin to be able to configure it in time to meet the GDPR law enactment deadline.
If you have not done anything to move toward being GDPR compliant yet and are looking for a free WordPress Plugin option, this plugin is a contender and a place to begin your research.
WP GDPR Compliance By
The GDPR plugin that has the most active installs (currently over 40,000) is WP GDPR Compliance.
The GDPR Compliance plugin will automatically add a GDPR checkbox to other WordPress plugins you might be using, like Contact Form 7, Gravity Forms, WooCommerce and WordPress Comments.
When ticked your visitors, clients, and customers are consenting – explicitly allowing you to handle their personal data for a specific and defined purpose, like processing their order or subscribing to a newsletter.
Your visitors, clients, and customers can also request the data stored in your website’s database through a special Data Request page. They would receive an email, be granted temporary access to a page containing all of their data found on your server, and request their data to be deleted.
Just in reading the documentation on this plugin leaves it with a few shortfalls. Here are some of the shortfalls of this plugin...
- It does not address all of the GDPR areas (though most are on the roadmap to be built in soon). For example, the plugin will eventually help you with a GDPR ready cookie notice.
- It uses the wp_mail() function to send the email. This could become an issue if your server is not be configured correctly to handle sending emails and sometimes your web host may even block this functionality. In order to be able to comply with your visitor, client, or customer request you will need to ensure that you can receive the request to remove their data.
- Your theme may miss certain hooks the plugin uses to establish an integration. When this occurs you may need a web developer to help you in finding the right hook.
GDPR Framework By
The GDPR Framework plugin interestingly has the highest star rating of all the free WordPress GDPR plugins but is also rather low in the total number of installations.
This plugin, in particular, stood out during our research phase mostly because it has an accompanying GDPR Guide we also found along the way. Combining the plugin and the guide could provide a working plan laid out in a system to follow and help you reach your GDPR compliance. It simply seems like a sensible and realistic approach to compliance.
The developer seems to be providing regular, consistent, and sound support while continuing to implement further development and any needed bug fixes for this plugin.
One known shortfall which is likely to be resolved before the GDPR deadline is its lack of Cookie compliance.
The GDPR framework is another Free WordPress plugin to add to your short list of GDPR compliancy assistance plugins.
GDPR Cookie Compliance
This plugin only deals with one aspect of GDPR compliance – Cookie compliance. That being said it does what it is designed to do very well. Once installed AND CONFIGURED properly it will meet the Cookie Compliance portion of GDPR. The integration on the site is technical and will require web developer work.
Beyond meeting the Cookie compliance, what we liked about this plugin is that it allowed for branding and made the user experience as smooth as possible. At least with as obtrusive and interruptive as this legal necessity is, it really is nice looking. The plugin also does a fair job at providing links to the definitions and explanations of what a cookie is and what the differences are with the available options.
Furthermore, and again not the fault of the plugin developers, it is possible that you will see a drop in perceived traffic and visitor numbers in your various analytics because GDPR legislations states that you cannot track users unless they explicitly give consent by enabling the 3rd party tracking and cookies.
WP GDPR plugin is unique from the others in that visitors (owners) don’t need user accounts to access their data. Everything works through a unique link and e-mails. The plugin creates a page (accessible in the WP dashboard "Pages")where users can request access to their personal data, stored on your website.
In the admin area, administrators will find an overview of the requests that users send. One thing we did like about this one is the ability to see which plugins collect personal data, indicating which plugins will need a checkbox added to them to collect consent.
Viewing personal data is accomplished by request with automatic email notification. Each request contains a unique URL. Users click on the URL to view their data, update and download their comments.
Users must ask for any data removal. Upon users asking for data removal, the admin must delete the comment through the plugin's settings in the admin dashboard.
Not a bad start but a little too much work for those of us who like to try to automate our business for maximum scalability.
It is worth mentioning that only the plugin is free. To get it to integrate with other plugins on your site (like adding the tickbox for visitors to check when using third-party plugins), purchasing an addon is required.
Additional Things to Consider For GDPR Compliance
For those of us in the United States and not targeting EU residents with our services and products, it would seem one of the simplest options might be to block EU users from visiting our sites. And this is not a bad temporary option until something better comes along.
With many smaller freelancing companies already struggling to survive, implementing the GDPR law which does not apply to 100% of our target markets may not be the responsible business decision. Sure, we could just get the consent for anyone that visits, but sadly, the initial statistics that have returned reveal an 80% loss of potential sales in doing so. That is not a healthy business decision at all.
For those of us that do have EU visitors and to become compliant with the GDPR, it would be ideal to limit the strict GDPR limitations to those that it is required for. This means ensuring we will be able to acquire the required consent from those EU residents.
So how can we apply the law and keep our businesses running without losing 80% of our future sales?
WordPress core may eventually add additional built-in GDPR tools as it continues to evolve but we don't expect to see any full compliance with individual business options until the law has some time to be implemented and the unknowns and repercussions of enforcement start to appear.
Unfortunately, during our research, we also found that none of the free Plugin options offered geo-location segmentation.
Premium WordPress GDPR Plugin Option
There is one plugin that we found that seems to provide the best combination of compliance and business options to assist you in getting set up to comply with GDPR quickly. It is called WP GDPR Fix.
Why do we like this plugin in comparison to the others? It ensures compliance with 7 Key GDPR Requirements
- Cookie Consent
- T&C Acceptance
- Right To Be Forgotten
- Data Access
- Data Breach Notification
- Data Rectification
But that is not the only reason.
- It works with WordPress – all standard or customized installations including e-commerce stores.
- It installs and configures in less than 3 minutes for faster GDPR compliance.
- It gets your visitors consent to your Terms and Conditions fulfilling the T&C policy compliance.
- It lets you delete user data manually fulfilling the Right to forget compliance.
- Or (and this one is may just hold the most weight for many freelancers in the US)... You can set it to refuse to accept EU traffic on your site (Built into the plugin)
WP GDPR Fix is not the perfect plugin. It too has some manual adjusting requirements but they are typically only a single click option. AS it is with all of the plugins so far, we expect it to continue to evolve along with the GDPR law.
WP GDPR Fix will work best for anyone who is using WordPress, running a blog with content, accepting comments and messages on your website, grabbing leads using other third-party plugins, and even running an e-commerce store that uses standard WordPress features.
A nice benefit of this plugin that helps you to get GDPR compliant faster and will save you time is that they have supplied example content that you can choose to use as your own regarding how to word the messages that your visitors will see. It also creates the sections for you that would otherwise be expensive and time-consuming to re-create. And bonus... the message areas are able to be styled to match your business brand.
Our most favorite thing about this particular premium plugin is that it is by far the most complete. It assists in more GDPR compliance requirement areas than any other plugin we looked at. Additionally, it provides a simple self-completing checklist in the admin area letting you know which areas of GDPR you are in compliance with and which areas you are not yet compliant. This means that you can see exactly which areas you may still need to adjust, add content to, or set to able to reach full compliance faster.
It is only fair to mention there is one major thing we really disliked about this paid plugin – which in reality has nothing to do with the plugin itself but with the process of purchasing. This Plugin is sold through JVZoo and is part of an 8 product funnel. This means to be able to purchase you must endure all of the cross-sells and upsells. Beyond that, we are really liking the product and have no regrets in making our purchase.
Which WordPress Plugin is Best for Meeting YOUR GDPR Requirements?
Ultimately, it is up to YOU to make the decisions as to how to best handle GDPR within your business. Bottom line is that data protection is a good thing, we just hope to find the path to protection without destroying the future of technological advancement and profitable businesses for freelancers.