How to set up GDPR cookie consent in WordPress

GDPR compliance is a major topic among all website owners serving EU citizens, ever since it came to effect on May 25th, 2018. Regardless of the size and revenue, all organizations are required to comply with the law if they are dealing with the personal data belonging to EU citizens.Here you will find – How to set up GDPR cookie consent in WordPress.

If you don’t want your organization, business, or website to get into trouble, you need to get GDPR compliant as soon as possible. Unlike other data collecting/processing entities, websites can be a little hard to achieve compliance because of the presence of cookies within them.

This article introduces you to CookieYes GDPR Cookie Consent & Compliance Notice Plugin – a solution that will help your WordPress website to easily ensure GDPR Cookie Compliance. Go through the article to learn about how it works, its features, and how it helps you achieve GDPR cookie compliance.

Why the CookieYes GDPR Cookie Consent & Compliance Notice Plugin?

The GDPR cookie consent in WordPress in an important among all website owners serving EU citizens  With over one million active installations and a powerful set of features tailored to meet your GDPR cookie compliance requirements, it’s one of the best solutions for all WordPress website owners aiming for compliance.

If you are intimidated by the GDPR cookie guidelines and the whole compliance process of your WordPress website, this plugin would be of great help to you. Its neatly organized features and the great UI will make your journey to GDPR compliance a shorter one.

GDPR Cookie Compliance with the CookieYes GDPR Cookie Consent & Compliance Notice Plugin

This section allows you to learn how this cookie consent plugin helps you adhere to each GDPR cookie consent guideline with its different set of features.

Display a Custom Cookie Notice on Your Website

• GDPR Guideline – Receive users’ consent before you use any cookies except strictly necessary cookies.

GDPR cookie consent guidelines emphasize the importance of displaying a cookie notice on your website that communicates with users on the presence of cookies along with providing options to either ‘Accept’ or ‘Reject’ them.

You can also add a ‘Settings’ button to the banner that allows your users to have granular control over accepting/rejecting cookies.

To create a cookie banner, open the plugin dashboard and enable the Cookie law and select the type of law as ‘GDPR’ (The plugin supports CCPA cookie compliance as well).

On the adjacent tab, Customise cookie bar you can carry out the cookie banner customizations.

1. Customize Cookie Bar

You can add a message heading for your cookie banner, add the content you wish to display on the banner, choose its position (Header/Footer) and how it should be displayed (Banner/Popup/Widget). Further customization options are also available.

The next tab is for customizing Buttons.

2. Customize buttons

You can add ‘Accept’, ‘Reject’, ‘Settings’, and ‘Read More link’ to the cookie banner. Once you customize the button and click Update settings you can copy the respective shortcode and paste it to the message box containing the cookie message.

Following is a screenshot of a cookie banner created using the plugin.

On clicking the ‘Reject’ or its equivalent button all cookies except the necessary ones will be blocked from getting stored on the users’ device.

Allow Users to Revoke Their Consent

• GDPR Guideline – Make it easy for users to withdraw their consent as it was for them to give their consent in the first place.

 This is one of the guidelines from the GDPR. To follow it, you should enable your users with an easy way to revisit their consent. Within the plugin, by going to Settings > Customize cookie bar, you can open the ‘Revisit Consent’ window.

Here you can enable the revisit consent widget by selecting the checkbox. Here you can configure a widget position, its distance from the right margin, title, etc.

Provide Your Users with a Category Based Cookie Consent Option

• GDPR Guideline – Provide accurate and specific information about the data each cookie tracks and its purpose in plain language before consent is received.

Other than the ‘Accept’, ‘Reject’ options, you can also allow your users to enable or disable consent for cookies on a granular/category basis.

For this, you first need to assign all your website’s cookies into their respective categories. This can be done either automatically or manually.

When you have created categories and added cookies to them, you can display them as a popup in which users can easily enable or disable consent to cookies/categories by simply toggling the button and off.

Following is a screenshot of a Cookie popup window.

Here cookies in the necessary category will always be enabled. Users will not be able to disable them unlike other categories of cookies. The ‘Necessary’ category contains cookies that are essential for the functioning of the website.

As per the GDPR guidelines it is required to provide accurate and specific information about the data each cookie tracks and its purpose in plain language before consent is received.

On clicking each category on the popup it expands to give information on its cookies as entered by the admin.

The following screenshot shows an expanded view of the ‘Functional category’.

Consent Report – GDPR cookie consent WordPress

• GDPR Guideline – Document and store consent received from users.

You can record the details of users who have given consent with the help of the plugin. This feature is only available in the premium version of the plugin.

To log the consent details you first need to enable the consent logging by navigating to Settings > General > Other.

When the consent is being logged, the IP addresses of the users that have given their consent and the cookie categories that they have given consent to will be recorded on the Consent Report page, along with the date and time of the visit and the user ID if the user has logged in.

GDPR guidelines specifically state the importance of documenting and storing consents received from users’. However, when the consent logging is enabled, users should be notified that their IP address will be collected for consent logging purposes.

All this data in the consent report can be exported to a CSV file by clicking on the Export Report button on the Consent Report page.

Additional Features Offered by the Plugin

Following are some of the additional features offered by the plugin. Although they are not directly related to the GDPR Cookie guidelines, these features make cookie management a lot easier for site admins.

Add Custom Cookie Categories and Edit Existing Categories

Both free and pro versions of the plugin support automatic scanning and categorization of website cookies. You can also manually add custom categories and edit the existing categories as well.

When you activate the plugin, some cookie categories will be automatically created on your website such as Advertisement, Analytics, Necessary, Functional, Marketing, Performance, etc. You can keep the existing ones, edit them or add new categories to the list manually.

You can also manually assign cookies to any of these categories with the help of the plugin.

Add custom categories

To add a custom category, you can go to the category page of the plugin.

On the left side of the page, you can add the category name and all the related information before clicking on the ‘Add cookie category’ button below.

Edit Category

To edit a particular category, you can click on the ‘Edit’ option below the category name.

Now you can edit the category information from the opening ‘Edit Cookie category’ page.

Finally, click the Update button to save the changes.

Built-in Templates for Privacy/Cookie Policy

Adding a well-explained cookie policy containing all the necessary details regarding cookies to your website is another important requirement under the GDPR. If you do not have one already, you can easily set up one using the built-in template provided by the plugin.

To build the template go to the Policy Generator page of the plugin.

On the left side of the page, you can select the sections you wish to add to your website’s Cookie Policy page. You can also add custom sections and content to it.

To see how the change looks on the front-end of your website, you can click the ‘Live Preview’ button. There is also another option to Update the existing Cookie Policy Page easily.

This policy generator feature is common for both the free and premium versions of the plugin.

Auto-Script Blocking for Third-Party Cookies

Third-party cookies are one of the major deterrents to achieving GDPR compliance especially because they are hard to track and manage. With the plugin, cookies placed by third-party services and plugins will be automatically blocked on your website until users allow consent to them.

While the free version of the plugin supports automatic blocking of a few selected third-party plugins (Official Facebook pixel, Smash Baloon Instagram feed, Smash Baloon Twitter feed), the pro version supports a long list of third-party plugins and third-party services as well.

You can navigate to the Script blocker section by clicking on the Script blocker menu on the plugin dashboard.

Following is the script blocker page of the free version of the plugin.

If plugins are marked inactive that implies those plugins are either not installed or activated on your website. When you enable plugins (by moving the toggle button) they will be blocked by default on the front-end of your website. If the user grants consent for those cookies, it will be rendered as well.

For the pro version, the Script blocker page looks as shown below.

The page is divided into third-party service scripts and plugins.

To automatically block these scripts until obtaining user consent, you can enable the toggle button across each of them. Scripts that are in disabled mode will not be blocked automatically.

Following is a screenshot of the list of all the plugins supported for auto-script blocking by the CookieYes GDPR Cookie Consent & Compliance Notice Plugin.

Show only to EU Countries

The GDPR only applies to organizations having to deal with the personal data of EU citizens.You can choose not to show Cookie banner to users from countries outside of the EU.

The pro version of the plugin comes with an option to help you with it. You can configure the cookie banner to display only to EU countries by navigating to Settings > General.

Here, you can turn the Show only to EU Countries (GeoIP) button on. It will be in disabled mode by default. Once you enable it, the cookie banner will only be visible to users from the EU countries.

Conclusion about GDPR cookie consent WordPress

Although the CookieYes GDPR Cookie Consent & Compliance in WordPress Notice Plugin is a great tool to help you with the GDPR Cookie Compliance of your WordPress website, you can’t ensure compliance alone with it. It’s important to have a legal body go through your website and ensure that you are dealing with the data as per the GDPR guidelines.