Having a professional WordPress website created
Written by Edwin van der Maas, 12 April 2022

Make your WordPress website AVG proof with this checklist

Anyone who uses a website knows that privacy and General Data Protection Regulation (AVG) is of great importance. Also when you run a website. So you want to take extra care with this but are not yet sure where to start. In this blog, we are going to elaborate on this concept. After a brief explanation of this essential concept, 2manydots establishes a checklist using a step-by-step plan. After completing these eight steps, your website is completely AVG proof. Should you still feel the need for a helping hand after reading this blog, 2manydots with its years of experience in this field can play a role in it.

What is AVG?

Organizations want to collect more data every year but privacy is becoming increasingly important. People are more often questioning themselves about the wisdom of leaving personal data everywhere. The AVG law ensures that organizations no longer handle their clients’ data indiscriminately. The General Data Protection Regulation (AVG) is a privacy law that applies to the entire European union. This AVG privacy law was put into place as of May 25, 2018, replacing the Personal Data Protection Act (Wbp). With the help of this AVG privacy law, all personal data is protected and regulated in the same way. AVG is also known by its English name general data protection regulation (GDPR or AVG GDPR). Simply put, the AVG law insists that you can only use personal data for a purpose. So don’t just ask them out.

AVG website checklist

Now that you know what the AVG law is for, 2manydots explains how to effectively comply with it. Thus, the importance of this privacy law is not negligible. To help your organization get started as best as possible, 2manydots has created a checklist.

1. Provide a clear privacy statement

As a website, you are required by law to inform your visitors about your website’s collection of personal data. You should also mention what you will do with this data. Don’t draft this privacy statement using all kinds of difficult terms. After all, it is important to the visitor, and he or she must therefore understand what happens to the visitor’s data. So be transparent and include in your statement that you collect personal data and the purpose of doing so.

2. Install Cookiebot

Cookies have become part of the online scene in recent years. Cookies allow you to differentiate users of your website. Today, the AVG law requires you to obtain explicit consent for placing cookies on your website by means of a cookie statement. To make it easy for your website, a Cookiebot has been developed. 2manydots has been using a Cookiebot for years and also installs it on clients’ premises. Besides being compliant with the AVG law, the layout of this form of cookie statement looks nice and is very dynamic. But the great convenience of the Cookiebot is in the scan that runs once in a while. This shows you exactly which website contains your cookies.

3. SSL or TLS certificate.

This AVG concept sounds very complicated, but this certificate really just ensures that you keep hackers out. An SSL certificate encrypts Web traffic between the visitor’s browser and the Web server. An encrypted Web site is easily identified at https://. The last ‘s’ is especially important in this. Therefore, when it only says http:// , the website is not encrypted. This certificate is particularly useful if your website has a contact form where visitors are required to leave personal data.

4. Forms and accounts

Make sure at all times that you only request the data that is strictly necessary, this is required by the AVG law. It regularly happens that contact forms contain questions that the website owner ultimately does nothing with. This does not benefit your organization in any way, nor does it make the contact form more user-friendly. This puts you at unnecessary risk of leaking personal data. This core rule is also enshrined in the regulations of the AVG Act. So check your contact forms again for unnecessary questions. In addition, personal data submitted should not be kept longer than necessary. Therefore, pay attention to the retention period when posting forms.

5. Opt-in & opt-out according to the AVG

A visitor to your website does not have to agree to give (all) personal data. If the visitor indicates they do not want to leave personal data, the organization must delete it immediately according to AVG law. This same scene applies, for example, to a newsletter your organization puts out. Visitors should have the option to sign up for a monthly newsletter. But it is equally important that when a visitor no longer wants to receive a newsletter, they can unsubscribe from a newsletter. This button should always be clearly visible, as much as you as an organization would like visitors to subscribe to your newsletter permanently, privacy and visitor preference always take precedence in this one.

6. Check who can log in

An account is created for each employee within an organization. It makes sense, because these employees need to be able to work in the system to make adjustments. The accounts that can log into your Web site are also the only accounts that can see personal data. When an employee decides to leave after years of service, you regularly see that the employee’s account remains. The employee can then, without being employed by your organization, break into the personal data of customers, for example. So always check who can currently log into your website. Are there any accounts here that no longer have anything to do with your organization? Then delete these accounts immediately and avoid not knowing what happens to personal data.

7. Set up Google Analytics properly

Google analytics is a very useful tool to see data from your website. However, Google analytics also collects personal data. In order for Google Analytics to comply with the AVG law, some settings need to be changed for this.

Don’t let Google process full ip addresses by removing the last part of ip addresses before you put them into Google Analytics…. You do this easily by adding a line to your tracking code. Also, never share your data with Google Analytics. You can prevent this by simply disabling the ‘share your data with Google Analytics’ option. Also, disable the User ID feature on Google Analytics. Finally, also disable the ‘share data for advertising purposes’ button. By turning this off, you prevent personal data from ending up with third parties.

8. Check settings of WordPress plugins.

WordPress is a widely used cms. 2manydots also takes advantage of this. However, it is important for the AVG law to set up the various WordPress plugins correctly. Your website also most likely uses several WordPress plugins. Our tip is to go through all your used available plug ins carefully. On the developer’s website, you can then find whether the plugin in question complies with the AVG law. When this is not the case, the plugin probably requests too much (often unnecessary) personal data. It is then advisable to consider whether these WordPress plugins add the right value. Then, should this not be the case after the fact, you can disconnect the WordPress plugin and you won’t run afoul of the AVG law.

Need help making your WordPress website privacy proof?

Even though the AVG law has been in place since May 25, 2018, it is never too late for website owners to make a good start or check current settings. After reading this blog, you will have gotten an idea of what the AVG law is and how important it is to your business and clients. By following these eight steps, you will significantly improve the privacy of personal data. Should you, as an organization, still want help with this, or would you just like a guarantee that personal data is well protected? Then engage 2manydots. With years of experience and the expertise of professionals, together we ensure that your website is user-friendly but above all secure.