GDPR Compliance in your 17th Avenue Theme

GDPR, which stands for General Data Protection Regulation, is a privacy law that was enacted to protect the rights of EU citizens and their personal data. The law applies not only to EU-based websites, but to all websites that collect data from EU citizens. This means if you receive any traffic from EU countries, you need to be in compliance with GDPR.

Since GDPR violations can bring on large fines, the law has caused quite a bit of panic among website owners. You don't need to panic. First – you won't ever be fined right off the bat. If you are in violation, you'll be warned first and given ample opportunity to comply. Second – there are lots of easy steps you can take to keep your website GDPR compliant. There is tons of information online about GDPR, so we aren't going parse out every detail of the law here. In this article, we'll go over steps you can take specifically in your 17th Avenue WordPress theme to be GDPR compliant.

Disclaimer: The recommendations below are not exhaustive – even if you follow every suggestion, that doesn't guarantee your website will be fully GDPR compliant. Full compliance will depend on what plugins, scripts, etc. you are using on your site. We are not lawyers and this article should not be considered legal advice. Please consult a lawyer for specific information regarding your website and GDPR compliance. 

WordPress Comments

In version 4.9.6, WordPress introduced a GDPR Privacy Opt-In Checkbox for comment forms. To add the opt-in box, simply update your site to the newest version of WordPress.

By default, in all 17th Avenue themes, the opt-in message will inherit the same font styling as the comment box labels. You can use the following code snippet to add the proper styling (shown above):

.comment-form-cookies-consent label {
    display: inline;
    text-transform: none;
    font: inherit;
    font-size: 13px;
    letter-spacing: inherit;
    margin-left: 10px; }
How to add code snippets to your theme

Genesis eNews Widget: Privacy Policy Link

The subscription areas in our themes use  Genesis eNews Extended. Genesis eNews recently added a "Display link to privacy policy" option, which can add a link to your privacy policy page below the subscription fields. It looks like this:

How to add the privacy policy link

Mailchimp: Opt-In Checkbox

Mailchimp is the mailing list provider we recommend (which  connects to Genesis eNews). If you'd like to add an opt-in checkbox to your Mailchimp signup forms, see this article.

Ninja Forms: Consent Checkbox and Data Removal

All 17th Avenue themes use Ninja Forms to display contact forms. We are huge fans of this plugin and use it extensively on our own website.

Ninja Forms has released an update that makes staying GDPR compliant super easy.  This article on the Ninja Forms website talks about data removal, and this article explains how to add a consent checkbox or notice to your forms.

Cookie Notice

A cookie notice message allows you to inform users that your site uses cookies and obtain their consent. A cookie notice is a requirement for  GDPR and EU cookie law compliance. To add a cookie notice to your site, we recommend this plugin, which features lots of customization and placement options.

Google Analytics

Out of the box, Google Analytics is not (as of Summer 2018) GDPR compliant.  Here is a helpful article that goes over 5 steps you can take to improve GDPR compliance.

Another option is to forego using the Google Analytics script (obtained directly from your GA dashboard) and use  this plugin instead. Their "Basic" paid plan includes an EU Compliance add-on. Monster Insights is a highly regarded Google Analytics plugin – they have a lite version here, but it doesn't come with the EU/GDPR compliance options.

WooCommerce

If you're using WooCommerce on your site, there are steps you can take to be GDPR compliant. Here are some helpful articles:

Other Resources

There is no "one size fits all" solution for GDPR compliance, since it will vary from site to site based on the plugins you're using. Be sure to thoroughly research every plugin you're using for compliance. If you would like to learn more about GDPR and compliance in WordPress, here are some great articles: