Towards Making Your WooCommerce Store GDPR-Ready

Originally published at — August 14, 2020.

Do you target European markets for your online sales? If so, you are obliged to comply with the General Data Protection Regulation (GDPR) enforced by the European Union. Perhaps even if you don’t sell any products to the European residents, you can’t just blindly believe that you are not going to have EU visitors to your site. Therefore, if you run an online business store, you must ensure that it is GDPR-ready.

Now, let me draw your attention to the key highlights of GDPR and help you understand how to make your WooCommerce store GDPR-compliant.

What is GDPR?

If you’re offering physical or digital products/services to the European residents, or if your website expects to get EU traffic, you must have to comply with the GDPR. It is not necessary that any e-commerce business has to be physically located in the EU to be subject to the GDPR.

And those who violate the provisions of the GDPR can be fined up to €20 million or 4% of their global annual turnover of the prior financial year.

Why GDPR compliance?

In simple terms; ensure your online store conforms to all the data privacy guidelines specified in GDPR. This shows that you value the data and privacy of your consumers, and that’s certainly a great way to build customer trust.

GDPR compliance for your WooCommerce store

Your WooCommerce store would gather user data in different ways. The data collection may occur through user registration, payment gateways, checkout/contact forms, analytics inputs, surveys, comments, plugins/extensions, and much more.

So as a responsible store owner, you may need to address the data privacy issues related to your store and take necessary steps to protect your customers’ personal information against data breaches.

The European Union’s GDPR standards help you secure the data and privacy of your website users. The GDPR demands you to disclose the mode of user data collection and the exact purpose of it. You must also inform users about the data sharing and retention policies of your store.

Hence, you would have to update your privacy policy in order to give users a detailed overview of the collection and usage of their personal information. Also, the GDPR requires you to make sure you always obtain the consent of your website visitors before gathering or processing any form of their data.

GDPR compliance: Key guidelines

  • Collect and store only the user data that is relevant to your business.
  • Inform the users about the reasons for the collection of their personal information, how long their data will be retained, who all will have access to their information, etc.
  • Get the users’ consent regarding any data that you are going to collect from them. Most importantly, let it be their choice to decide whether they want to provide the consent or not.
  • Give users the right to access their data at any time.
  • Allow users to withdraw the consent they have given to your website to store data.
  • Enable users to delete their data permanently from your site.
  • Send notifications to the users about any possible potential data breaches.

Gear up to get your WooCommerce store GDPR-ready!

1. Keep your WooCommerce store updated

Always keep a working backup of your website before testing updates. Also ensure you test updates on a development site prior to updating your live site.

2. Secure your WooCommerce store

3. Create a “Privacy Policy” page

When creating your privacy page, ensure you specify what kind of data is collected from users. Also, you need to point out all other specifications like the reasons for data collection, your policies of data storage and sharing, etc.

Now, have a look at the following steps that describe how to create and add a privacy policy page in WooCommerce.

Step 1: Sign in to your WordPress account > From the dashboard screen, head on to Pages > Add New.

Step 2: Create a Privacy Policy document > Publish the page.

Step 3: Now, go to WooCommerce > Settings > Accounts & Privacy.

Step 4: Scroll down to Privacy page under Privacy Policy > Click Select a page > Choose the Privacy Policy page that you have created.

Step 5: Scroll down and click Save changes to save the settings.

4. Add a cookie policy page to your store

There are so many WooCommerce plugins that allow you to create your own Cookie Policy page. But not all complies with the GDPR laws. GDPR Cookie Consent is the leading, most flexible WooCommerce plugin that you wouldn’t want to miss. This cookie consent solution helps you comply with the GDPR requirements without a hitch.

This powerful plugin comes with a Policy generator that makes the creation of a cookie policy page a breeze. Also, it allows you to add and manage multiple cookies, make cookies necessary/non-necessary, customize cookie banners, and more. On upgrading the GDPR Cookie Consent plugin to the premium version, you’d be able to have much more amazing features and cookie settings.

You could also use CookieYes to make your WooCommerce store comply with the GDPR requirements. “CookieYes” is an easy-to-use GDPR cookie consent solution that lets you create a cookie consent banner and manage the user consent for your store. Also, the solution helps you install cookie banners on your website in a matter of minutes.

5. Show cookie notification pop-ups

You could make use of plugins or the “Store Notice” feature of WooCommerce to add cookie banners to your store.

The WooCommerce Store Notice is basically designed to add a site-wide message to be shown to your website visitors. It also includes an option to dismiss the message. Thus, the “Store Notice” can also be ideally used as cookie notification banners. But remember, this feature would not help you block the cookies that are being used without users’ consent.

To enable “Store Notice”:

Step 1: Sign in to your WordPress account > From the dashboard screen, go to Appearance > Customize.

Step 2: Select WooCommerce > Store Notice > Check the Enable store notice option > Click Publish.

6. Include a “Terms and Conditions” page

Here’s how you can create and add your Terms and Conditions to your WooCommerce store.

Step 1: Sign in to your WordPress account > From the dashboard screen, head on to Pages > Add New.

Step 2: Create a Terms and Conditions document > Publish the page.

Step 3: To add your Terms and Conditions on your checkout page, navigate to Appearance > Customize.

Step 4: Select WooCommerce > Checkout.

Step 5: From Terms and conditions page, select the Terms and Conditions document that you have created > Click Publish.

7. Make the “My account” page GDPR compliant

To enable “My account” registrations:

Step 1: Sign in to your WordPress account > From the dashboard screen, go to WooCommerce > Settings > click Accounts & Privacy > Check the Allow customers to create an account on the “My account” page option.

Step 2: Scroll down and click Save changes to save the settings.

Step 3: Now, navigate to Pages > Add New > Create a “My Account” page.

Step 4: Insert the shortcode [woocommerce_my_account] to show up the user account page.

When you enable WooCommerce “My account” registrations, you’re going to deal with the users’ personal data. So in order to comply with the GDPR, you must allow users to opt-in whenever you collect their data. But unfortunately, WooCommerce does not include default opt-in options at the registration level.

However, you can add a privacy policy checkbox field to your user registration form with the help of plugins or custom codes.

Follow the steps below to add a code snippet to the functions.php file in your theme.

Step 1: Sign in to your WordPress account > From the dashboard screen, go to Appearance > Theme Editor.

Step 2: Now from the Theme Files section, select Theme Functions (functions.php).

Step 3: Add the code snippet > Click Update File.

Sample Code:

add_action('woocommerce_register_form', 'mystore_add_registration_privacy_policy', 12);

function mystore_add_registration_privacy_policy() {
woocommerce_form_field(‘privacy_policy_reg’, array(
‘type’ => ‘checkbox’,
‘class’ => array(‘form-row privacy’),
‘label_class’ => array(‘woocommerce-form_label woocommerce-form_label-for-checkbox checkbox’),
‘input_class’ => array(‘woocommerce-form_input woocommerce-form_input-checkbox input-checkbox’),
‘required’ => true,
‘label’ => ‘I\’ve read and accept the <

a href="https://example/mystore/privacy-policy/"

>Privacy Policy</a>’,));

// Show error if user does not tick
add_filter(‘woocommerce_registration_errors’, ‘mystore_validate_privacy_registration’, 10, 3);
function mystore_validate_privacy_registration($errors, $username, $email) {
if (! is_checkout()) {
if (! (int) isset( $_POST[‘privacy_policy_reg’])) {
$errors->add(‘privacy_policy_reg_error’, _(‘Privacy Policy consent is required!’, ‘woocommerce’ ) );
return $errors;

Have a look at the user registration page before adding the above section of code.

Now after adding the above code snippet to the functions.php file, the registration page would look like;

8. Create GDPR-compliant opt-in forms

In order to achieve GDPR compliance, you have to display your privacy policy checkbox before letting users opt-in. Also make sure that your opt-in checkboxes are not checked by default. Instead, give users the complete freedom to tick the consent boxes themselves.

Your opt-in form should not include fields that ask for irrelevant customer details. And inform the users why you collect their personal data.

For example: When you specify “Enter your email address to receive our newsletters, special offers and discount coupons.“, the users are more likely to provide their info because here the purpose is quite clear.

Make sure you also let the users know about the ways to opt-out forms.

Even if your existing customers have already consented to receive emails from you prior to the GDPR, you will still have to get consent from them once again.

9. Make sure all your third-party plugins are GDPR-ready

Therefore, it’s high time to do a plugin audit in order to find out whether your user data management plugins are GDPR-ready.

In order to check whether a plugin complies with the GDPR, consider checking the plugin’s changelog, release notes, email announcements, etc. Most importantly, check the plugin’s website information to identify the evidence for its GDPR compliance. And keenly follow their guidelines to make your WooCommerce store comply with the GDPR.

In most of the cases, you’d be able to ensure the GDPR compliance of a plugin just by updating it to its latest version.

If you find any plugin that does not comply with the GDPR, the best thing you can do is to replace it with another similar plugin that is GDPR-compliant.

MailChimp, MonsterInsights, OptinMonster, etc. are some examples of WooCommerce plugins that have taken measures to make their services GDPR-compliant.

After ensuring all your third-party plugins that manage user data complies with the GDPR, make sure you specify these plugins in your privacy policy.

10. Encourage only registered users to review your products and services

Undeniably, customer reviews contain personal information. Hence, it is obvious that you need to get the users’ consent before letting them rate or review your products. Obtaining their consent is important in achieving GDPR compliance.

WooCommerce offers an option to allow only “verified customers” to leave reviews. You can consider the registered users of your store as verified customers. And as the registered users might have already consented to your privacy policy, you can definitely ask them for reviews without any worries.

Following are the steps to enable reviews only for verified users;

Step 1: Sign in to your WordPress account > From the dashboard screen, go to WooCommerce > Settings

Step 2: Select Products > Under Reviews, check the Reviews can only be left by “verified owners” option.

Step 3: Now click Save changes to save the settings.

11. Build a data breach response plan for your store


However, getting your online store GDPR-ready is not going to happen in a jiffy. You will have to stay focused on a lot of key considerations as described above. While preparing your store for GDPR compliance, you’re in fact building customer confidence and trust naturally. This, in turn, helps you increase your customer base and thus grow your business at a rapid pace.

GDPR Cookie Solution Trusted by 1M+ Websites