To be compliant with the privacy protection laws of a country is a legal requirement for a website. Any website that deals with the personal data of its users must take the users’ consent for the collection, processing, and storage of the data. They need to publish a privacy policy. GDPR and CCPA are two popular privacy policy regulations. In this article, we will tell you how to make your site compliant with various privacy laws along with a GDPR vs CCPA comparison.
What is GDPR?
GDPR or general data protection regulation is a set of rules that requires businesses to protect the personal data and privacy of EU citizens for any transaction that takes place within the EU. The European Parliament implemented the Law in April 2016, replacing the old data protection of 1995. The GDPR also regulates the exportation of personal data outside the EU. Any business irrespective of its geographical location needs to follow GDPR if it deals with the personal data of EU citizens.
Here is a list of the major types of data that GDPR protects –
- Basic identity information such as name, address and ID numbers
- Web data such as location, IP address, cookie data and RFID tags
- Health and genetic data
- Biometric data
- Racial or ethnic data
- Political opinions
GDPR empowers the EU citizens with the following rights –
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.
What is CCPA?
California Consumer Privacy Act or CCPA is a law designed to protect the data privacy rights of the citizens of California. It is a set of rules that requires any organization dealing with the personal information of the citizens of California to take the consent of people for collecting, storing, processing their data. On 28th June 2019, The State of California passed the CCPA act. The law came into effect on 1st January 2020.
Definition of personal data under CCPA is as follows – “Information that identifies relates to, describes, is capable of being associated with, or could be linked, directly or indirectly, with a particular consumer or household,”
Under CCPA, citizens may –
- Know what personal information is being collected.
- Access the collected information and request to be deleted.
- Know whether the information is being shared and with whom.
- Opt-out of the sale of the information.
- Have equal service & price, whether or not they choose to exercise their privacy rights.
The difference between CCPA & GDPR
Here are the are differences between CCPA and GDPR –
- GDPR applies to all the businesses that possess data of EU citizens whereas CCPA applies to the businesses with revenue above $25 million USD.
- GDPR mandates penalties for noncompliance or data breach which can reach up to 4% of the companies annual turnover. CCPA fines are applied per violation up to a maximum of $7500 USD.
- GDPR is specifically focussed on all data related to EU Citizens whereas CCPA considers both the consumer and household as identifiable entities. In some cases, it only considers data provided by the customers.
Who needs to comply?
Any company that deals with personal information of EU citizens within EU states must comply with the GDPR, even if they do not have a business presence within the EU. The major criteria for companies which are required to comply are:
- A presence in an EU country.
- No presence in the EU, but it processes personal data of European residents.
- More than 250 employees.
- Fewer than 250 employees but its data-processing impacts the rights and freedoms of data subjects, is not occasional or includes certain types of sensitive personal data.
CCPA applies to any for-profit entity doing business in California that deals with the personal data of the citizens and –
- Has gross annual revenues in excess of $25 million; or
- Possesses the personal information of 50,000 or more consumers, households, or devices or
- Earns more than half of its annual revenue from selling consumers’ personal information.
How to comply with CCPA and GDPR on your website?
Privacy rules are made to give the common people a right to protect their personal information. It is the duty of any website to respect the privacy of the users. It is mandatory for all the websites to publish a privacy policy.
GDPR and CCPA both provide the people with the right to access and delete the stored information. They have the right not to share their personal data. So, the website dealing with EU or California citizens must take users’ consent before taking their data. The data needs to be organized properly so that any time they can present them when a user asks.
Here are some major requirements for GDPR and CCPA compliance –
- Updated privacy policy
- Opt-in checkboxes for data collection
- Cookie notification
There are many ways to create a privacy policy or add checkboxes to your website. The easiest one is to go for a plugin that will do all the things automatically. Here we will talk about the five most popular plugins to make your site compliant with GDPR or CCPA.
5 WordPress plugins to help you comply with GDPR
WP Legal Pages Pro is an all in one solution to all your legal requirements. It helps you to create attorney level legal documents on your website without taking help from anybody. It offers you 25+ pre-designed templates created with a consultation with expert lawyers keeping your legal needs in mind. You just have to enter your details and publish the page. You can edit the content of the page any time later.
The plugin is easy to use and customize. All the features are self-explanatory. It works well with all the WordPress themes. It is available in both free and premium versions.
Features
- Easy installation
- Pre-built templates
- Editable templates
- Easy shortcodes
- Helpful docs & guides
- Premium support
Price – Free – $39
WordPress Cookie Consent is an elegant and feature-rich WordPress plugin to make your site compliant with GDPR. It helps you to get categorized consent from the viewers to allow the use of third-party cookies. The users can revoke or change their consent anytime. It's easy to use interface lets you manually add or edit cookies on your site.
The plugin is beginner-friendly. It works with all the WordPress plugins and supports multiple languages. It is well documented.
Features
- GDPR compliance
- CCPA compliance
- Cookie detector tool
- Auto Cookie categorization
- Edit cookie information
- Granular cookie consent
Price – Free – $17
MonsterInsights is a powerful but easy WordPress plugin to make your site comply with various privacy policies. After activation, it automatically makes your site compliant with GDPR or other privacy rules. All you need to do is some setup regarding the privacy laws to be followed. It offers universal data tracking. There are options to automatically disable or anonymize personal data tracking depending on your needs.
The plugin lets you create a consent box via Monster Insight EU compliance addon, an addon offered by the same group. With this consent checkbox, you can take users’ consent for using their personal data without much effort. It is a user-friendly and well-documented plugin.
Features
- GDPR & CCPA compliance
- Customizable dashboard widgets
- Affiliate link tracking
- File download tracking
- Detailed statistics
- Realtime report
Price – Free- $99
WP Forms is a popular WordPress plugin to create easy forms. With this, you can create GDPR compliant forms on your site with just a few clicks. It lets you allow cookies and geolocation tracking on your forms with a single click. You can stop storing and collecting IP addresses of the users and other user information related to form entries.
The plugin allows you to enable checkboxes on your forms for taking user consents. You can split your forms into multi-pages to improve user experience. There are advanced features for user registration and constant contact integration. The plugin is responsive and easy to use.
Features
- Drag & drop form builder
- Pre-designed form templates
- Smart conditional logic
- Entry management
- Instant notification
- Spam protection
Price – Free – $39
Delete Me is a plugin that gives your users a choice of whether or not to stay registered with your site. It gives them the option to register with your site and also to delete their account whenever they wish to. This option improves your image in the eyes of the users as they know that anytime they can move away if they are not happy with your service.
Delete me is a free plugin. It empowers the users with the “right to be forgotten” which means they may request for deletion of their information. It is a great way for sharing the responsibility of handling data safely for small and mid-sized businesses. You get email notification when a user deletes his or her account.
Features
- Allow users to delete their account anytime
- Take users’ permission before erasing their data
- Limit account deletion option to specific users
- Add account deletion option to user profiles or anywhere on your site
- Use shortcodes to add account deletion option
Price- Free
Conclusion
Here we have shared an easy way for WordPress compliance using plugins. All the five plugins that we talked about are user friendly and well documented. You can pick up any of them based on your needs and move ahead. With a few clicks, you will make your site GDPR or CCPA compliant.
If you liked the article, please share it on Facebook and Twitter. Leave your feedback on the comment section. We would love to hear from you. If you have any questions, please let us know. We will get back to you soon.
