This is a general guide to show you how to set up tracking that follows privacy regulations. However, it does not cover all aspects of GDPR or other regulations. For full information, we recommend consulting with a legal professional.
WP Full Picture lets you track your visitors according to GDPR and other privacy regulations. Follow these steps to learn, how to set it up.
See if you need to use consent banner
A consent banner is much more than a popup with privacy information. Depending on user’s choices, it controls which tracking tools are enabled and track what data.
A properly configured consent banner is the central element of a GDPR-compliant website. However, not all sites need it. I wrote an article which explains in details, when it is needed.
How to set up WP Full Picture to track users according to privacy regulations
Step 1. Choose how the consent banner should work
Your consent banner controls how and when other tools track your visitors.
You can set it to start tracking visitors:
- after they agree to tracking – this is called opt-in
- from the moment they visit a page, but with an option to decline tracking – this is called opt-out
- all the time (usually you need to only inform them about tracking)
- or use one of the automatic methods to switch between these modes, depending on where your users are
If your site is visited only from one country, choose the method that is required there. Otherwise, go for the opt-in (safest, but most strict) or one of the automatic modes.
Tip. If you do not know which one to choose, we recommend the opt-in method, as it is required in 60+ countries and respected in all the other ones.
Step 2. Make sure all tracking tools are controlled by the consent banner
The consent banner that comes with WP Full Picture automatically controls all the tracking tools that you install with WP FP’s modules.
However, you may also have other tools that track your visitors, e.g.:
- Tracking tools installed with other plugins
- Live chat applications
- Scripts for your newsletter automation
- Scripts for your CRM
- and others
There are two ways you can control them with the consent banner:
- Use the “control other tools” settings (in the settings of the Consent Banner module)
- or move their installation scripts to the “Custom Scripts” module
Step 3. Check if you need to disable tracking tools in some countries
Make sure that you can use all your tracking tools in all the countries you get traffic from.
This is important, because in some countries you cannot use tracking tools that store data in other countries. Google Analytics is often impacted by this.
If you find out that one of the tools that you use cannot be used in a specific country, you can disable it from loading in the “Loading” section of the module’s settings.
Step 4. Control iframes
Content embedded from other websites, like YouTube videos, maps, forms and other, can also track your visitors.
WP Full Picture gives you 3 ways you can block it. All of them are described in this article.
Step 5. Replace Google Fonts
Google Fonts can collect your visitor’s IP addresses, thus breaking some privacy regulations (mostly in Europe).
Unfortunately, there is no one way to replace them.
WP Full Picture gives you a simple “Safe fonts” module, which you can use, but it may not work for all websites.
Other ways to replace Google Fonts are:
- to switch them to local fonts (files kept on your server) in your theme options and/or plugin options
- or use a plugin like OMGF
You can check if these methods work using a fonts checker website service or checking it in your browser’s console (“sources” tab).
Step 6. Follow GDPR setup info
While setting up your tracking, I strongly recommend looking at the information in the GDPR setup helper in WP Full Picture. It contains helpful information on what you need to do to comply with tracking regulations.
Step 7. Have a solid privacy policy and other required documentation
Privacy regulations in different countries require you to disclose different levels of information about how you track your visitors, what information you collect, what you do with this data and what your visitors can do about it.
From my tests, no free generator of privacy policies includes all the important information. If you have a business, I strongly recommend you invest in professional help or at least a good generator, that will be later checked by a lawyer.
I also recommend you add the clauses about the use of WP Full Picture and ConsentsDB (if you use it) to your website.
Additionally, depending on your business location, you may add to your site extra pages like terms of use, “impressum” in Germany, “Do not sell” page in the US,
Lastly, you may need to have specially written contracts with your employees who handle personal information of your visitors and emergency protocols.
Step 8. Monitor changes
Your work will not end when you finish with all the steps above. Monitor changes in your tracking setup to always keep your legal setup and documentation in check.