GDPR and Avada Privacy Tools
Last Update: September 11, 2024
What is the GDPR?
The General Data Protection Regulation (GDPR) is Europe’s framework for data protection laws, replacing the 1995 data protection directive. It is designed so that website owners can be more transparent in how they collect, use, and share personal data. Likewise, it also provides individuals access and choice when it comes to how their own personal data is collected, used, and shared.
The GDPR came into effect in May, 2018.
Is Avada GDPR Compliant?
What needs to be compliant is the end user website, not the software/framework a website is built on. The Avada Website Builder as an entity does not violate GDPR criteria because it does not collect any data. What we as a team have done, is to give our Avada userbase the necessary tools to ensure that their websites are GDPR compliant. These new privacy tools and options were introduced in Avada 5.5.2, released on May 22nd, 2018.
GDPR Privacy Tools & Features in Avada
On top of the new WordPress features, ThemeFusion decided that we wanted to give our user base even more possibilities to get their sites GDPR compliant. In the following, we want to present you the main new features.
Google Fonts
When you are using Google fonts that usually mean retrieving the font files from their API, which includes sending the IP addresses of your users (which are considered to be private data) to Google. You might find that circumstance worrisome, but at the same time you don’t want to do without the nice typography options Google fonts offer. Avada to the aid. We have added a new Theme Option that easily allows you to decide whether Google fonts should retrieved via the Google fonts API, or if they should be hosted locally on your server. View the new Theme Option below.
User Control Over Third Party Embeds
Avada offers a variety of elements and widgets that help you to utilize third-party content, like YouTube and Vimeo videos, Google Maps, Facebook and Twitter timeline, Flickr images, SoundCloud files, etc. While all of these third party services enrich your websites, they also do collect data about your users. IP addresses, location data or user activity tracking, to name a few. Under the GDPR it is necessary to ask visitors for their explicit consent if data should be passed along to third parties. While that is generally not possible to achieve with embeds, on the other hand, similar to Google fonts, you don’t want to lose these services on your site.
Our development team has come up with a very nice and easy to use solution. We added a new option to prevent embeds from loading until user consent is granted. For any of the third party services, which you can freely choose from, you add to the consent list, the embeds will stop to be loaded on page load. Instead, your users will see a placeholder graphic, with custom text on it and a button to accept this third-party service. The background color and text color for that placeholder can also be set in Global Options.
See these options at Avada > Options > Privacy.
Privacy Element
Also new is the Avada Builder Privacy Element. With this Element you can easily add to your privacy policy page, or wherever it fits best for your site. It will display check boxes for all services you chose, and will show to each of your users which of the services they have consented to and which not. They can also easily update their consents within that element.
The whole setup is cookie driven, and thus we also added an option, so that you can set a custom expiration date for that cookie. Once it is expired your users will have to set their consents newly according to their preferences. Check out the images below of these third-party embed tools and settings.
Privacy Bar
We added a privacy bar, displayed at the bottom of your website, which gives you options to notify your website visitors regarding 3rd party embeds, tracking codes, and any custom cookie contents that you may require. Enabling the Privacy Bar options will give access to additional options that will help you style and personalize privacy bar. These options are located in the Avada > Options > Privacy section.
Contact Form Consent CheckBox
In Avada 5.5.2 we added an option to display a consent checkbox on the contact form page. The label can be easily customized in Global Options to reflect your needs which you can view below.
Custom Message On Registration Element
In previous versions of Avada, we used the default WordPress note before the submit button on the user registration element in Avada Builder. To give you full freedom of choice, and added a new setting to show custom text before the submit if you want to inform a new user about GDPR compliance. View the new custom registration notice message field for the user registration element below.
Is WordPress GDPR compliant?
An article about GDPR Compliance Tools in WordPress was posted on WordPress.org shedding light on the new privacy features that WordPress added to its 4.9.6 release, which shipped on May 17, 2018.
The main features were new areas for handling data export and erasure requests, a new privacy policy page, and also a consent checkbox for the comments form.
Who Is Affected By GDPR?
In short, every company, organization and individual that are processing or controlling datasets of their customers or website visitors will be covered by GDPR. It affects any business that has customers who reside in the EU.