Updated: Aug 13, 2019
What is the GDPR?
The General Data Protection Regulation (GDPR), which came into force on May 25th, 2018, aims to protect the fundamental right to privacy and the protection of personal data of European Union (EU) citizens.
This regulation affects any entity (including websites) that processes EU citizens' personal data. Whether or not you or your business is located in the EU, if you have EU site visitors, or if your marketing campaigns target EU citizens, this affects you.
What does the GDPR mean for you?
Transparency and communication with your site visitors are key elements of the GDPR. As part of the new regulation, you must let your site visitors know how you collect, store, and use their data, in a clear and transparent way. In addition, you must comply with your site visitors' requests to receive a copy of their data that is processed on your site.
How to help your Wix site meet GDPR requirements
Take a look at our recommendations below so you know how to start preparing your Wix site for the GDPR. Click here for more detailed information on the regulation.
Establish a legal basis for processing your site visitors' data
In accordance with the GDPR, you are permitted to process your site visitors' data (e.g. collect, use, store), so long as the process meets the requirements of the GDPR. There are many ways in which you can lawfully process your site visitors' data - requesting their consent is just one of these ways.
If you want to receive 'explicit consent' from your site visitors before processing their data you may do so using Wix Forms, Wix Code, or by adding an external feature via the HTML element. Please note that if you choose to receive explicit consent, you must ensure that it meets the standards required by the GDPR.
To ensure regulation compliance we recommend reviewing the details of the regulation, as well as seeking legal advice.
Get consent for your marketing campaigns
Sending marketing campaigns requires consent from your site visitors. If you're using Wix Email Marketing, MailChimp, or any other email marketing tools, this applies to you.
Consent to receiving marketing campaigns can be interpreted and applied in different ways on your site. For example, you can add a disclaimer next to your 'Subscribe' button informing your site visitors that clicking the button will subscribe them to your marketing campaigns. This is called 'implied consent'.
While it is not obligatory under the GDPR when sending marketing emails to your own existing customers, you may request 'explicit consent' from your site visitors before sending them any marketing materials. In many cases, this can be accomplished by adding a check box next to your 'Subscribe' button, obliging your site visitors to check the box and confirm consent before subscribing. This can be implemented by using any of the following tools:
Make sure your third-party apps are GDPR compliant too
As part of the GDPR, you are responsible for any third-party apps or services implemented on your site. These services can include data analytics tools (e.g. Google Analytics, the Facebook pixel, etc.). While reviewing your Wix site for GDPR compliance, make sure that these apps and services are also GDPR compliant. If you're not sure, contact them directly with your questions or concerns.
Use Wix tools to access and delete your site visitors' data
In accordance with the GDPR, site visitors have the right to access their data or "be forgotten" (to be permanently deleted from your databases). Wix has developed the two main tools to assist you in becoming GDPR compliant:
Right to access
Right to be forgotten