Have you heard about cookie consent, but aren’t quite sure how it applies to you?

This guide will answer your questions about cookies, privacy notices, and the General Data Protection Regulation (GDPR), and will help you decide what steps to take when making your website compliant.

What are cookies?

Cookies are bits of data that are created and stored (as text files) when websites load — it’s how information is collected from website visitors.

Cookies have multiple purposes, such as providing personalized user experiences or displaying ads. Automattic’s Cookie Policy reveals how different cookie types are used within WordPress.com.

What is the GDPR?

The GDPR protects personal data and user privacy. It went into effect on May 25, 2018. It holds businesses responsible for how they collect, use, and store information by setting fines for non-compliance.

How does the GDPR apply to me?

Every website that collects user data should have cookie consent banners or privacy notices. This applies to businesses and websites around the world. Due to the borderless nature of the internet, if someone in the EU — where the law was passed — were to visit your website and have their data collected, then the law (and the penalties for not complying with it) would apply to your website.

GDPR law applies to WordPress.com sites and plugins that process and store data. This includes contact forms, email marketing outreach, and membership plugins.

GDPR compliance tips for WordPress.com users

Here are tips for making your site trustworthy and GDPR compliant:

Create a privacy policy and notice: Privacy policies and notices inform your visitors whether your site collects any data, and how visitors are tracked.

If you don’t know where to start, Automattic made its privacy policy, privacy notice, and other legal documents available on GitHub.

Pick a template, copy it, and adapt it for your needs. A credit to Automattic for the original use is recommended.

Enable the cookies and consent widget: WordPress.com updated its cookie widget in accordance with the GDPR. The widget lets you set a banner to share policy links and allow followers to consent to cookies. This guide can help you enable the widget.

Allow users to contact you about data-related concerns: If you collect visitors’ information — for example, through a contact form — provide your contact information so that followers can request the deletion of that information.
Ensuring that your site is GDPR-compliant is another step towards establishing trust with your site visitors and building your brand. Once you’re done, you can take the next step by refining your brand voice.


By using this website, you agree to our use of cookies. We use cookies to provide you with a great experience and to help our website run effectively.

Disclaimer: The purpose of this article is to provide helpful information to assist you in making informed decisions for your business. This information shall not be construed as legal advice.