GDPR, the new EU regulation, has come to effect and it brought the requirements to build in a considerable amount of changes.

This new EU regulation, although primarily focused on technical aspects having to do with data collection, processing, and data storage, requires other important activities to be addressed.

Specifically, GDPR demands your attention on several areas and activities that have little to do directly with what you are required to develop to comply, but rather with third-party tools you're using and other areas that are closer to UX concerns.

So what are these 4 lesser-known yet key activities you need to take care?

1. Discuss the situation with third-party service providers

As GDPR is all about data and privacy, first and foremost you'll need to understand how all service providers managing user data you work with are going to approach GDPR. Especially, you should inquiry them on what they've done related to GDPR compliance.

If you've some technical background and a good understanding of GDPR, you might want to jump on a one-to-one call with their developers and present them with their respective plugin/tool and just ask. If you're not feeling comfortable doing that, you can hire a developer do that on your behalf and report back to you. WordPress developer and Codeable expert Robin Scott explains how to go about it:

As part of this call, I'd suggest asking the developer of that tool, or the company behind that tool, something along the line of: 'We think your tool or this task within your tool is against GDPR. What measures did you take?' It could be the case that they might satisfy you say: 'Well, actually here's the opt-in, it shows up on the screen just before checkout. If people opt-in, we store their data. If they say no, we turn it off.'

That's an important aspect you need to be aware of because as a business using that tool or service, you need to disclose that in your privacy policy (see below) and, of course, be aware to what extent third-party tools or services handle your user data.

Third-party providers you want to engage with about GDPR compliance:

  • Hosting
  • Third-party scripts provider
  • Shipping handlers and partners
  • Plugin developers collecting and storing user data you currently use (or plan to use)
  • Emailing service providers

2. Refresh your privacy policy and privacy notices

Given how great the domain of GDPR is for a website or online store, a major revision of your current documentation around user data and privacy is also required. As Chapter #3, Art. 12 dictates, you should convey all of the information pertaining to how you handle and process user data in a way that's:

  1. In clear and plain language
  2. Easily accessible
  3. Concise
  4. Transparent
  5. Intelligible
  6. Free of charge

That means, of course, your privacy policy and privacy notices might need to be revised to reflect these requirements.

Here's a good example provided by the ICO:

Example of a GDPR-compliant Privacy policy

3. Use consistent icons (and wait until standard icons are being implemented)

Explicit consent to obtain personal information is the cornerstone of GDPR, although not the only lawful basis you could use. Any website or store - yours as well - collecting personal data and information will have to carry icons that will facilitate your users understand in detail what consent they're about to give. Robin explains:

It's very specific in the GDPR: icons should be consistent. And what the creators of GDPR mean by this is they would like to see a global standard coming up for icons related to personal data. There is nothing in place yet but I think quite quickly we'll start to see it springing up because they want to create a standard.

To give you a better idea of these privacy icons you should expect to see under GDPR, here's an academic project from Aza Raskin of Mozilla who developed privacy icons inspired by Creative Commons that seems to simplify privacy policy.

Privacy icons Raskin

Once the new standard for privacy icons will be adopted, you'll need to use them in a consistent manner on your forms, checkout pages, privacy policy and privacy notices, and anywhere your users' personal data is required.

The benefits of standard icons

Once people start getting accustomed to seeing a new set of icons for they privacy concerns, that is the right time to have a UX specialist and a designer have these icons designed and put on to your website or store allowing the users to know and be at ease with the change. Robin pitches in:

Visitors to your website will start to get used to them. They'll start to say: 'Okay, this is a consent about how my data is being used.' They will either pay attention to it, or they'll blindly tick the box because they're already used to it.

4. Embrace the trial and error approach until clearer guidelines are available

All the changes that accompany the new EU regulation are not going to be immediate. They will be implemented slowly and website owners, store managers, and developers themselves will have to see which ones are the most imperative to deploy first and which ones can be implemented afterward.

Since the EU hasn't provided any clear and factual guidelines businesses can refer to in a standard way. Many aspects covered by GDPR will require a different approach from your part, where temporary uncertainty and trial and error workflows to implementing the new requirements might temporarily drive your future choices.

As a result, you should keep informed about the latest news and use cases about GDPR but also be ready to act fast into addressing what you ought to have to make your WordPress website or WooCommerce store GDPR-compliant.

Wrapping up

GDPR is an important piece of legislation that shook a lot of what the market knew and used to do in its day to day flow of transactions, communications, data gathering, and so on.

The earlier you start preparing your business for GDPR, whether it is a WordPress website or a WooCommerce store, the least will be the impact of this earthquake on it.


This blog post features Robin Scott, an experienced WordPress developer who's also one of the founders of Silicon Dales, an agency focused on WordPress, WooCommerce, and a variety of other services. Robin has specialized in several areas such as Custom Plugins, Gravity Forms, Hosting Transfer, Maintenance, and WooCommerce Extensions, just to name a few.

GDPR GuideQuality: The Codeable Differene