It’s one of those tasks you’d rather put off until the last minute, but it’s actually crucial: ensuring your WordPress website complies with the General Data Protection Regulation (GDPR).
Failing to do so can result in hefty fines, up to €20 million or 4% of your annual revenue. This applies to every organization within Europe—not just large corporations or multinationals
Fortunately, this doesn’t have to be overly complex if you know how to approach it. Previously, we discussed six handy plugins to help make your website GDPR-compliant. In this blog, we’ll list the best-tested WordPress cookie plugins for you. Before diving into these plugins, let’s clarify the difference between the Cookie Law and GDPR, as there’s often confusion around this topic.
The Cookie Law
We’ve been dealing with the Cookie Law for years. Cookies are small pieces of information a website can store on your computer. For instance, think about items you’ve placed in your shopping cart. This information can be saved on your computer, so you can pick up where you left off during your next visit.
The Cookie Law required websites to ask visitors for permission before placing such cookies. In practice, this led to many websites using a so-called cookie wall—a popup that you had to accept before you could proceed.
But… cookies don’t always contain personal data. And personal data isn’t only stored in cookies. A cookie is just one of the possible ways to store personal data.
The Cookie Law vs. GDPR
GDPR goes much further than the Cookie Law. It’s no longer about the technology you use but rather about all instances where personal data might be involved. Think of your email list, bookkeeping with customer information, or personnel files.
GDPR requires you and every organization in Europe to justify that you have obtained permission to process that data. And that it’s well-protected. It doesn’t matter anymore whether the data is in a cookie, stored via server-side tagging, or on a USB stick. You must be able to account for it.
Need help setting up a WordPress Cookie Plugin?
With a WordPress management package, one of our WordPress experts is always ready to assist you!
What does this mean for your WordPress website?
In short, it means that as an organization, you need to clearly identify what personal data you collect, how you protect it, and with whom you share it. You must explain this to your visitors in clear language, such as in the privacy policy on your website. And your visitors must explicitly accept this before you can process their personal data.
The parts of your website that can function perfectly well without that consent must always remain accessible. Therefore, those all-blocking cookie walls are no longer allowed. Learn more about the impact of privacy laws on your WordPress website.
Where do you need and don’t need consent?
Any website that receives visitors from Europe must ask for consent to collect sensitive data. First, it’s important to know that the Cookie Law makes an exception for cookies that aren’t sensitive. These are often cookies that help a website function properly, such as:
Analytical Cookies
Websites use analytical cookies to track visitor statistics, gaining better insight into the website’s performance. Analytical cookies have minimal privacy impact.
Functional Cookies
Functional cookies are necessary for a service or webshop to function. These include files that track what’s in a shopping cart.
If you’re only collecting this type of data, it’s often unnecessary to ask for visitor consent, meaning you might not need a WordPress cookie plugin.
Tracking Cookies
The cookies that nearly always require consent are those used for tracking. These tracking cookies monitor individual browsing behavior and create profiles for targeted online marketing ads.
Additionally, when visitors fill out contact forms or subscribe to newsletters, you must explicitly explain what you’ll do with that information. And again, your visitors must consent to this.
But how do you request consent?
According to GDPR, consent is only valid if it is freely given, specific, informed, and unambiguous.
This means that:
- Visitors to your website must be able to refuse/block consent for tracking cookies.
- It must be clear exactly what you’re asking for consent for.
- Visitors must be sufficiently informed about what happens to their data after they give consent.
- Visitors must give active consent—”silence implies consent” is not valid.
- You should offer visitors a clear choice via a banner between “yes” and “no,” fulfilling the requirement for unambiguous consent.
- You can’t use a cookie wall that denies access to visitors who refuse cookies.
- Simply referring to the privacy policy isn’t sufficient.
- You must be able to demonstrate that your visitors have given consent for tracking their data.
Top 3 WordPress Cookie Plugins
Let’s be honest; many websites are not GDPR-compliant. But the fines are steep, and enforcement is getting stricter. Plus, it ultimately protects your relationships, so it’s worth putting in the effort.
Before presenting the best WordPress cookie plugins, it’s important to note that no plugin automatically makes your WordPress website GDPR-compliant. The correct settings and permissions (see the list above) must align with what you describe in your privacy policy.
It’s also impossible for a plugin to determine what types of cookies you use on your WordPress website. Therefore, you must place a script to ensure cookies are correctly set for your visitors. For example, you don’t want certain cookies to load before the visitor has given consent. The best cookie plugins allow you to choose which cookies to accept or reject.
WordPress Cookie Plugin 1: GDPR Consent
This plugin is unique because it can deactivate other plugins on your website until a user has given consent for the associated data processing. This ensures that your website only collects personal data after visitors have given permission.
The advantage of the GDPR Consent plugin is that it genuinely prevents your website from collecting personal data without consent.
With this plugin, you can define permissions and specify which plugins should be activated after consent is given.
In terms of design, this plugin offers plenty of customization options. You can fully adjust the style of the cookie notification to match the branding of your WordPress website.
Moreover, the plugin integrates seamlessly with Facebook Pixel, Instagram, Twitter Feeds, and Google Tag Manager (even with Google Consent Mode!). The GDPR Consent plugin is developed by Sowmedia, and you can find more information on WpUpgrader.com, our English platform. By the way, GDPR is the English name for the AVG.
WordPress Cookie Plugin 2: CookieYes
The CookieYes GDPR Cookie Consent & Compliance Notice plugin can also help make your WordPress website much more GDPR-compliant. The plugin operates through accept and reject options, and cookies are only set after the visitor accepts them.
A nice feature of this plugin is that it can make cookie notifications disappear after a few seconds. The cookies are then automatically not accepted. The different cookies can also be displayed on your privacy policy page using shortcodes.
Like the GDPR Consent plugin, this plugin also offers extensive customization options, but it doesn’t deactivate other plugins on your site. However, you can use it to decide how the cookie notification should look and what happens when “accept” is clicked.
WordPress Cookie Plugin 3: Complianz
Complianz is a Cookie Consent plugin that supports privacy laws for different regions such as the European Union, the United Kingdom, the United States, Australia, or Canada.
The plugin offers options for conditional cookie notifications with standard templates or custom designs. A customized cookie policy is also applied based on the results of a built-in cookie scan.
The advantage of Complianz is that it also stores proof of consent, so it registers users’ consent to accept cookies.
Periodic cookie scans for changes in cookies, plugins, and third-party services are also conducted.
Need help setting up a WordPress Cookie Plugin?
Ask one of our WordPress experts.
Frequently Asked Questions About WordPress Cookie Plugins
How do I install and configure a cookie plugin for WordPress?
Go to your WordPress dashboard, navigate to “Plugins,” and click “Add New Plugin.” Search for the desired cookie plugin, install and activate it. After activation, you can adjust the plugin settings through the plugin’s menu in your WordPress dashboard.
Are there specific recommendations for choosing a cookie plugin for WordPress?
When choosing a cookie plugin for WordPress, it’s important to consider functionality, compatibility with your theme and other plugins, ease of use, and compliance with privacy regulations. We recommend the GDPR Consent Pro plugin.
What are the key features to look for when selecting a cookie plugin for my WordPress website?
Key features to look for when selecting a cookie plugin include customizable cookie banners, options for cookie consent, automatic cookie detection, the ability to categorize cookies, and multilingual support.
Are there specific requirements for a cookie plugin for WordPress, especially in the Netherlands?
Yes, cookie plugins for WordPress must comply with relevant privacy laws, such as the General Data Protection Regulation (GDPR) in the Netherlands. This includes obtaining user consent for placing cookies and providing transparency about which cookies are used.
What is the best WordPress cookie plugin?
We find the cookie plugins mentioned in this blog work very well. There may be other tools that work well too. It’s important to ensure that the correct settings and permissions are in place. Besides plugins, you can also use a cookie management platform (CMP), like Cookiebot.
I have an online store; can I use the recommended cookie plugins?
Yes, the cookie plugins are also suitable for e-commerce websites.
Is there a free cookie plugin for WordPress?
Most cookie plugins are now paid. Using paid plugins can offer certain benefits, such as more advanced features, regular updates, and developer support. It’s important to carefully consider which features and security measures are most suitable for your website’s specific needs.