Crowdsourcing. How can the wisdom of the crowd help your business?20 September 2018
9 tools that will make Link Building easier29 September 2018
As everyone knows, the deadline for implementing the GDPR was May 25, 2018. Since then, all online stores that have not adapted to the new general European rules should face severe financial penalties. For new e-commerce stores and for latecomers from the whole industry, we have prepared a short guide on what should be implemented in stores operating on WooCommerce. The following tips are only a guide to necessary changes but to adapt your store to legal regulations, it is worth consulting a qualified consultant/lawyer.
General news regarding GDPR
In order to be compliant with the GDPR, companies must conduct an audit of their WooCommerce website and marketing procedures. It is worth remembering that these regulations affect companies both in the EU and outside. Any non-EU company dealing with EU clients will have to adapt to the GDPR.
To achieve full compliance with the end of May 2018, companies using WooCommerce must:
- inform the user who they are, what data they collect, why they collect data, how long they store it, and what third parties will receive it.
- obtain clear consent before receiving any data
- allow users to access their data
- allow users to download their data
- allow users to delete their data
- inform users if there has been a data breach.
If companies do not strictly follow these rules, they risk a fine of up to EUR 20 million or 4% of the company’s annual turnover worldwide (depending on which of these penalties will be higher).
Changes will affect things like:
- WooCommerce terms and conditions (order page)
- Registration of WooCommerce users (My Account page)
- Abandon WooCommerce cart (checkout page)
- Opinions about WooCommerce products (page of a single product)
- WordPress comments (Blog pages)
- WordPress and WooCommerce application forms (newsletter, etc.)
- WordPress contact forms (Contact page, widgets, etc.)
- WooCommerce analytics
- WordPress and WooCommerce plugins and APIs (payments, email marketing, etc.)
- Notifications of security breaches
Once we have read the basic information, we can now go to the main part, i.e. the activities that we must do:
WooCommerce terms and conditions
The terms and conditions include the legal terms and conditions that bind the customer to your company.
- Create a page with information if you do not have it (you can use the ads generator and get acquainted with popular websites with e-commerce materials.)
- Use the WooCommerce Checkout settings to add a checkbox to the checkout page
Registration of WooCommerce users
The “My Account” page of WooCommerce has a registration form with a username and password if you have enabled it previously in the WooCommerce settings.
- Check if you have your WooCommerce account registration enabled
Abandoning the WooCommerce cart
WooCommerce product reviews
The opinions contain personal data for which you need the user’s consent. A good way to avoid this “consent” is to allow only logged in customers who bought a product to leave feedback.
- Check the box “Reviews can be left only by verified owners” in the WooCommerce settings
If your pages and posts in WordPress have comments enabled, another issue appears regarding compliance with the GDPR. Users are usually asked to provide their name, email address and website URL along with the message without having to register an account.
- Use the default WordPress comments or choose the WordPress Comments plug-in compatible with the GDPR
WordPress and WooCommerce consent forms
A consent form is a contact form in which users enter their name and e-mail address (usually) to join their email marketing list (or contact database).
- Audit all consent forms
- Check that your consent form / bulletin / email marketing service provider has a GDPR solution
WordPress contact forms
- If the contact form will store personal data in the database and/or is associated with email marketing software, you must inform users why and where you store data
- Use only reliable GDPR-compatible tracking software
- Ask software providers how they handle compliance with the GDPR rules
WordPress and WooCommerce plugins
- Choose the plugs compatible with the GDPR
- Discard the plugs that are not compatible with the GDPR
WordPress and Woocommerce APIs
API (Application Programming Interface) is simply a “piece of code” that allows access to external software without leaving your site.
- Control all your APIs
- Discard non-GDPR APIs
Security breach notifications
According to the GDPR, if data is violated on your site, you should immediately inform the users affected by the violation. The notification must be sent within 72 hours.
- Secure your WordPress / WooCommerce website
- Subscribe all software vendors / third-party APIs to be aware of any data breach that affects users
- Reduce the amount of unnecessary stored data.
- Establish a contingency plan in case of data breach.
Consent from current WooCommerce customers / subscribers
You must re-contact all existing subscribers, customers and users and ask them for “active” consent, as well as an indication of how to download, delete or access your personal data.