INTEGRATE GDPR COMPLIANCE PLUGIN INTO WORDPRESS
Compliance: Integrate the data protection plugin into WordPress - this is how it works with the setup wizard
The data protection plugin compliance for WordPress convinces with a strong performance in blocking data retrieval before consent to data processing. Ideal for strong data protection.
There are many things to consider when it comes to data protection on websites. Above all, it is important that they have strong script blockers that make it possible to block third-party data retrieval before the user consents – i.e. before the confirmation of the cookie banner. Such third-party data retrievals not only happen in the integration of Google Analytics, Google Tag Manager or Google Optimize, but also through Google Maps, Youtube (if videos are integrated), Google Fonts, Google ReCaptcha, data visualization providers and third-party iframes.
So quite a lot that comes together. If these data retrievals are not blocked prior to consent, this means retrieving personal data with IP address, device information and browser information without consent. The GDPR does not provide for this, and it is therefore important to consistently block such data retrievals before consent is given.
It depends on the script blocker
Many website privacy providers have trouble blocking the scripts that initiate data retrieval for the application in question. It may be the case that with some providers an effective blocking is only possible if the installation of these data retrievals only takes place via the data protection plugin itself – with the corresponding effort for code integration and tests to see whether everything worked. It is better if an external data protection plugin can reliably block the delivery of a script. This means: Your existing website infrastructure remains untouched and the Script Blocker is added as an additional roof. This is possible with compliance. unangetastet und der Script Blocker kommt als Dach zusätzlich drauf. Das ist mit Complianz möglich.
Instructions: Installing and setting up compliance
Step 1: Setup Wizard
After installation and activation, you should open the compliance setup wizard. You can find this under:
WordPress dashboard > left menu bar: Compliance > Assistant
In the General – Visitors section, you can tick the items that apply to your website. For me the points would be:
Figure: Compliance view General – Visitors.
For the other two points, the page for the data protection declaration and the page for the imprint must be specified. You can either do this manually via a link, or directly select the relevant page in the drop-down menu.
Figure: Compliance view General – Documents.
Information about the contact person for data protection and the website owner
Under General – Information about the website you should enter the relevant contact details.
Figure: General compliance view – information about the website.
Security and Consent
In the Security and Consent section, you can accept the default settings.
Figure: Compliance view General – Security and Consent.
In the Consent – Cookie Scan section, you can simply click on save and continue as soon as the blue bar is complete. Compliance automatically analyzes which cookies are used on your website.
Figure: Compliance view General – Security and Consent.
In the Consent – Statistics section, you can again select what applies to you. I use Google Analytics, so the corresponding tick applies to me.
You should definitely check the box at the bottom ( “IP addresses are anonymised or I will let Complianz do this for me” ). The background is that IP anonymization is necessary for Google Analytics for the purpose of data protection in the EU. Google Analytics 4 automatically anonymizes the IP when retrieving data in the EU.
Figure: Compliance view Consent – Statistics.
Statistics - Configuration
In the point of consent – statistics – configuration , it now depends: If you use Google Analytics 4, you can integrate it directly via Complianz. Simply tick the appropriate box and enter the tracking number.
This has the advantage that you don’t have to worry about the integration any further. In addition, Complianz automatically blocks Google Analytics before consenting to data processing in the cookie banner.
So if you include your Google Analytics tracking code manually and without compliance, you would have to manually block Google Analytics data retrieval before consenting to data processing in the Complianz Script Center.
The disadvantage , however, is that tracking codes actually have to be built into the <head> area of the page. However, data protection plugins appear in the <body> area of the website – where the tracking code from Google Analytics is stored accordingly. As a result, you cannot automatically verify yourself with your Google Analytics account in the Google Search Console to retrieve data on your organic Google rankings, Google search terms, impressions, positions and clicks. You can also use the Google Search Console to submit sitemaps, or submit indexing or re-indexing of URLs to Google.
In this example screenshot, the very simple way is chosen: the integration of Google Analytics 4 via Compliance.
Figure: Consent compliance view – statistics configuration.
In the Consent – Services section, you can again select the applications that apply to your website by ticking them.
Figure: Compliance view Consent – Services.
Then scroll down further on the same page and also select the points that apply to your website.
Figure: Compliance view Consent – Services (below).
In the Consent – Plugins section, you can simply click on save and continue .
Figure: Compliance view Consent – Plugins.
In the Consent – Cookie Descriptions section, you can also simply click on Save and Continue.
Figure: Consent compliance view – cookie descriptions.
In the Consent – Service Descriptions section, you can also simply click on Save and Continue.
Figure: Compliance view consent – service descriptions.
Figure: Documents compliance view – create documents.
Link to menu
Figure: Documents compliance view – link to menu.
In the Finish item, there is only one button that you use to finish the setup wizard.
Figure: Click on Finish.
Step 2 - Set the design of the cookie banner
You then have various design functions for your cookie banner. You can control the size, color, position, text content and arrangement of elements in the cookie banner. You can also set a soft wall here. This means that the website behind the cookie banner receives a dark gray filter until the user has either clicked on the “Accept” or “Reject” button – or until they switch off the cookie banner (equivalent to: “Reject). In this way, users can continue to use the website in any case, regardless of the status of their consent (i.e. also in the event of rejection). Opting out of data processing is an important requirement under the GDPR – users should always be able to.
Figure: Customize the design of the cookie banner (optional).
Step 3 - Script Blocker
Almost there! Now check whether third-party data is accessed on your website before cookie consent. The best way to do that is with the uBlock Origin browser extension . These are available for all common browsers: Firefox, Chrome, Safari, Opera and MS Edge. uBlock is a high-performance, open-source tracking blocker that gives you a handy way to see what data a website is pulling. Also, uBlock Origin has network request logs that you can use to track every single data request.
Here is an example: Apart from my domain slavawagner.de , before the cookie consent , data is retrieved from:
Figure: View with the tracking blocker uBlock Origin as a browser extension. What third-party data is retrieved before cookie consent?
If this is the case, it can be fixed directly in the Complianz Script Center:
WordPress dashboard > left menu bar: Compliance > Integration > scroll down to: Script Center
Under the item “ Block a script, an iframe or a plugin ” you can now block the relevant domains that retrieve data before approval. The data for these domains will only be retrieved once consent to data processing has been granted.
The overview looks like this:
Figure: Script Center compliance view.
- now click on add new
- Enter a name for the permanent blocking process
- enter the main domain of the service you want to block (you can see this in uBlock Origin, see screenshot above)
- toggles the slider at the top right to enable the blocking process. The slider must appear blue .
- click save
Figure: Block scripts in compliance (deposit the main domain of the retrieving service).
Done: This is what it looks like when all third-party data is blocked before consenting to data processing (view with uBlock Origin). Only the actual domain retrieves data here.
Figure: No more third-party data retrieval, before accepting the cookie notification.
And this is what the finished cookie banner looks like in the end.
Figure: Completed cookie banner with strong data protection from Complianz.
You might also be interested in:
Track phone number redirects from Google Ads campaigns
With Google Tag Manager you can install phone number forwarding for Google Ads campaigns on your website.
Create reports with Data Exploration in Google Analytics 4
Many report views that were preconfigured in Google Analytics 3 must be manually created in Google Analytics 4.