This is a general guide to show you how to set up tracking that follows privacy regulations. However, it does not cover all aspects of GDPR or other regulations. For full information, we recommend consulting with a legal professional.
WP Full Picture lets you track your visitors according to GDPR and other privacy regulations. Follow these steps to learn, how to set it up.
When you do NOT need a consent banner
You do not need to use a consent banner if any of these is true:
- Your website is only visited from a country, which does not require a consent banner
- There is no tool on your website that collects information about your visitors that is personal or can identify them
The first point does not depend on you. The second one is not easy to avoid. There is a very high chance that you are using a tool that tracks users and collects their data. For example:
- Most of web-analytics tools do that
- Advertising platforms, like Google Adsense
- All marketing tools
- Embedded content, like YouTube videos, maps, forms, etc.
- Live chat applications
- Plugins that track visitors and send the data to other platforms (like Jetpack)
- WooCommerce (if you do not disable order attribution feature in its settings)
- CRM and marketing automation tools that have scripts installed on your website
- Google Fonts
Important. Don’t rely on online scanners to tell you if your website uses these tools. You must do your own check.
You may need to display a consent banner even if you use a self-hosted, GDPR-compliant analytics tool that does not use cookies. This can happen, if you use it to collect visitors’ private information.
How to set up WP Full Picture to track users according to privacy regulations
Step 1. Choose how the consent banner should work
Your consent banner controls how and when other tools track your visitors.
You can set it to start tracking visitors:
- after they agree to tracking – this is called opt-in
- from the moment they visit a page, but with an option to decline tracking – this is called opt-out
- all the time (usually you need to only inform them about tracking)
- or use one of the automatic methods to switch between these modes, depending on where your users are
If your site is visited only from one country, choose the method that is required there. Otherwise, go for the opt-in (safest, but most strict) or one of the automatic modes.
Tip. If you do not know which one to choose, we recommend the opt-in method, as it is required in 60+ countries and respected in all the other ones.
Step 2. Make sure all tracking tools are controlled by the consent banner
The consent banner that comes with WP Full Picture automatically controls all the tracking tools that you install with WP FP’s modules.
However, you may also have other tools that track your visitors, e.g.:
- Tracking tools installed with other plugins
- Live chat applications
- Scripts for your newsletter automation
- Scripts for your CRM
- and others
There are two ways you can control them with the consent banner:
- Use the “control other tools” settings (in the settings of the Consent Banner module)
- or move their installation scripts to the “Custom Scripts” module
Step 3. Check if you need to disable tracking tools in some countries
Make sure that you can use all your tracking tools in all the countries you get traffic from.
This is important, because in some countries you cannot use tracking tools that store data in other countries. Google Analytics is often impacted by this.
If you find out that one of the tools that you use cannot be used in a specific country, you can disable it from loading in the “Loading” section of the module’s settings.
Step 4. Control iframes
Content embedded from other websites, like YouTube videos, maps, forms and other, can also track your visitors.
WP Full Picture gives you 3 ways you can block it. All of them are described in this article.
Step 5. Replace Google Fonts
Google Fonts can collect your visitor’s IP addresses, thus breaking some privacy regulations (mostly in Europe).
Unfortunately, there is no one way to replace them.
WP Full Picture gives you a simple “Safe fonts” module, which you can use, but it may not work for all websites.
Other ways to replace Google Fonts are:
- to switch them to local fonts (files kept on your server) in your theme options and/or plugin options
- or use a plugin like OMGF
You can check if these methods work using a fonts checker website service or checking it in your browser’s console (“sources” tab).
Step 6. Follow GDPR setup info
While setting up your tracking, I strongly recommend looking at the information in the GDPR setup helper in WP Full Picture. It contains helpful information on what you need to do to comply with tracking regulations.
Step 7. Have a solid privacy policy and other required documentation
Privacy regulations in different countries require you to disclose different levels of information about how you track your visitors, what information you collect, what you do with this data and what your visitors can do about it.
From my test, no free generator of privacy policies includes all the important information. If you have a serious business, you need to invest in professional help or at least a good generator, that will be later checked by a lawyer.
Also, depending on your business and your website, you may also need to have extra information pages with additional data, like terms of use, “impressum” in Germany, “Do not sell” page in the US,
Lastly, you may also need to have specially written contracts with your employees who handle personal information of your visitors and emergency protocols.
Step 8. Monitor changes
Your work will not end when you finish with all the steps above. Monitor changes in your tracking setup to always keep your legal setup and documentation in check.