How to make my WordPress website CCPA compliant?
CCPA stands for California Consumer Protection Act. It is a data privacy and protection act that follows in the footsteps of EU’s General Data Protection Act that was implemented in May, 2018.
The purpose of both of these regulations is the same. They’re designed to protect consumers and their personal information. All businesses collect data regarding consumers directly or indirectly. Until recently, there was no surefire way for people to access or erase this information. Regulations like GDPR and CCPA offer more control and protection to consumers.
Despite being similar, the two still have some distinct differences. You will still need to implement some changes even if your website is GDPR compliant, especially if you serve customers in California. Here’s a brief guideline on what to do:
GDPR Requirements
Most websites comply with GDPR and have made the relevant changes needed to ensure they don’t violate any rules. The basic requirements for this regulation include:
- Cookie banner
- Cookie policy
- Privacy policy
- Processing agreement
- Option to view the data collected
- The promise of sending data within one month of the request
- Ability to block cookies
- SSL connection
If you have already changed your website to accommodate these requirements, you won’t have to do much to comply with CCPA.
CCPA Requirements
CCPA is more comprehensive in some areas and less stringent in others. It is important to consult with an experienced professional or a lawyer to see how CCPA will impact your business. Here’s a brief look at all the requirements of this regulation:
- Cookie consent banner
- Privacy policy with links to the opt-out facility, privacy policy, and Do Not Sell My Information Page
- Age verification
- Do not sell my information document
- Processing agreement (including all service providers or processors)
- SSL connection
As you can see, the requirements overlap but there are small differences. You will have to modify your website a little to ensure it is compliant with both CCPA and GDPR.
How to Make your WordPress Site Complaint
You can follow the same steps that you used to make your website GDPR compliant to ensure it is CCPA complaint. The amount of work involved depends on whether you have already made the changes for the EU regulation. Here’s a look at what you can do:
- GDPR Compliance Already in Place
If your website is already compliant with GDPR, you will just need to make minor changes to suit the Californian regulation. WordPress provides several plug-ins to help with the process. The company’s blog recommends Complianz, a plug-in that changes the cookie consent banner based on the business’ location.
Complianz will make sure the cookie banner complies with CCPA regulations if the website is located in California. This saves you the trouble of setting things manually. Complianz will also determine which Privacy Policy it needs to showcase in the banner. This plug-in will also handle other components like:
- Cookie policy
- Disclaimer
- Cookie consent banner
- Privacy policy
- Data leak reports
- Do Not Sell My Personal Information Page
- A/B testing and statistics on cookie banner performance
- Tag manager
The plug-in doesn’t just help with GDPR and CCPA, but will also help with upcoming laws like COPPA and ePrivacy. This means you won’t have to worry about compliance during the upcoming years.
- Starting From Scratch
If you’re starting from scratch, the solution is a little more complicated. Here’s a look at what you might need to do to comply with both CCPA and GDPR if you haven’t implemented any changes or are a new establishment:
- Upgrade your WordPress to the latest version (4.9.6 or higher).
- Update your privacy policy. Mention what kind of information you will take from consumers. This usually includes Google Analytics, Adwords, Push notifications, heatmaps, shopping carts, Cloudflare or CDN services, etc.
- Add consent checkboxes in your contact forms. Almost all contact form plug-ins have this option available.
- Make sure your newsletter subscription form also has a consent checkbox.
- Consent to collect, store, or sell customer data sources through WooCommerce. This plug-in has built-in privacy features.
- Provide a cookie notice. You will need to disclose your cookies and include the banner on all pages. It should pop up on the first page the user visits.
- Ensure users can easily request access to or erasure of personal data through accessible forms.
Finally, all websites should have a system in place to notify users of any changes in privacy policy and to send out notification for data breaches. If your website doesn’t have this system in place and there’s a delay in conveying the information, you can face trouble.
There are several plugins available in WordPress to help you with the entire process. You can also consult with experienced designers who have worked on compliant websites. This will ensure there are no errors in the upgrades. You can also use our help, as we are a web development company.
Make sure you study the requirements and provisions of CCPA carefully and consult a lawyer to see how it can affect you. If you cover all of your bases, it will be easier to avoid legal trouble and penalties down the line.
You have until January, 2020 to comply with CCPA so there’s a lot of time to be thorough. This will save you a lot of trouble and potential penalties in the future. It is a good idea to start working on your website compliance now and get it out of the way in time.