In the months following the enactment of The General Data Protection Act, it seems like GDPR-mania is finally starting to die down.
Given the size of the legislation, along with the fact that there is no one-size-fits-all solution to comply, and the potential 20 million euro fine that could be faced for non-compliance, it’s understandable that we witnessed the level of urgency from businesses that we did.
In short, GDPR is intended to stop the unfiltered flow of user data between businesses, and give the user agency over their own data, who has access to it, and what it may be used for.
As noted, there is no one-size-fits-all solution to ensuring that your business is GDPR compliant. However, this simple checklist could help steer you in the right direction:
- Are you ensuring that you’re only asking for details that you need?
- Are you ensuring that you’re not keeping data for longer than you need it?
- Is the data that you’ve captured from your users secure?
- Are you ensuring that you notify users about your site’s cookies before you load cookies?
- Are you aware of the distinction between ‘data controller’ and ‘data processor’, and of the responsibilities of each of those parties according to the EU?
If you answered ‘no’ or ‘I’m not sure’ to any of the above, read on, as we’ve listed what we think are the 10 Best GDPR Tools and Plugins For Small Businesses.
(Even if you answered yes to all of the questions, it’s still worth reading on).
*DISCLAIMER: We are not legal professionals, and this is just our advice. These tools, depending on the type and size of your business, may or may not make you GDPR compliant.
The document generator can also produce GDPR compliant documents for mobile and Facebook apps.
Iubenda boasts over 50,000 clients in over 100 countries. Notable clients include Honda, Martini, MIT, and OpenGov.
Additional services the company offer include tracking widgets, and user data management solutions.
2. One Trust
One Trust offer comprehensive privacy management software Packages. Plans range from free to $1500 per month and beyond.
The company’s Demo Video details some of the technical features of their software, and how it helps companies manage data.
Some notable features include customisable privacy documents, custom form generation, cookie solutions, individual user and transaction records.
Given the scale of what One Trust offer, we think this is an option to consider for websites that receive plenty of transactions from users and visitors to their site.
Civic make Cookie Control V8, a cookie plugin for GDPR.
Let’s backtrack a little. As you’re probably aware, cookies are small scripts that websites send to visitors’ browsers to remember session data, and improve the visitor’s user experience.
However, plugins that request visitor consent before sending cookies are following the correct procedure, and Cookie Control V8 is one such plugin. It is currently available for WordPress, Joomla, and Drupal.
Cookiebot have a unique cookie-compliance solution. You can enter your domain and email address on their site, they will then scan your site, and send you a free report about how GDPR-compliant your cookie procedures are.
The scan report gives you a definitive answer as to whether or not your cookie procedures are compliant, it breaks down areas that determine where you are and are not compliant, and offers bullet point pieces of advice.
At the time of writing, you can sign up and use their service for free if your site has less than 100 pages. They also have a number of premium plans for bigger sites, or if you want more frequent site scans than the service normally offers.
You may recognise TrustArc’s logo. Their seal appears on thousands of sites across the web who use their technology, consulting services and certifications to help follow global privacy regulations.
They also boast 12 years of experience, and have clients that include Apple, Kelloggs and Nestle.
TrustArc can offer a service that is bespoke and tailored to your business’ privacy compliance needs. They also have a dedicated GDPR page which details their approach and the specifics of what they offer.
They offer a range of free materials you can use to see if their services suit your needs. These include whitepaper guides, webcasts, and demos which you can request by contacting them via their website.
Privacy Perfect is a software service that aims to provide a comprehensive GDPR compliance solution.
As with all comprehensive solutions, Privacy Perfect’s primary use is to oversee data-flow processes between websites and their users. By doing so, it can assess any potential issues with data management in relation to GDPR.
By following their prescribed processes, Privacy Perfect say you can also “Prove to your customers that their data are safe with you”, “Show which data are used for what purpose”, and “Identify new legitimate ways for improving data quality”.
You can request a demo of Privacy Perfect’s software via the contact form on their website.
Share This are commonly associated with their social sharing buttons, and Google Analytics plugins for WordPress, which currently have around 10,000 and 400,00 active installs respectively.
This particular plugin, GDPR Compliance Tool, prompts users when they land on the site, asks them for their privacy preferences and loads the site on the basis of the user’s conditions. This is potentially a fairly comprehensive solution to GDPR compliance because it ensures consent before the user accesses the site.
However, if you choose this option, you might want to keep an eye on your website’s bounce rate, as requiring visitors to read and respond to prompts before they can access the site, may deter some of them.
Cookie Notice from Factory D, is a cookie plugin for WordPress.
What stands out about this cookie plugin, is the range of user consent, and customisation options it offers. Some of these options are as follows: “Multiple cookie expiry options, option to refuse functional cookies, option to revoke the user consent, option to manually block scripts, customizable cookie message, Set the text and bar background colors”.
Cookie Notice is currently one of the highest rated cookie plugins on WordPress, with currently over 700,000 active installs, and a full 5 star rating. This may be in part because this plugin is an open source project, meaning the more popular the plugin becomes, the more contribution from the development community the plugin is likely to receive.
9. GDPR WP
GDPR WP is also a WordPress plugin, and it offers something slightly different to the tools we’ve looked at so far. GDPR WP covers the same bases as a GDPR cookie plugin, but it also builds in to your site the following features:
Database of user activity, user access to data via request and follow-up email, user capability to delete their own data, privacy page generation, GDPR form checkboxes.
As such, we feel that this plugin is best suited to small to medium sized businesses who need a little more than a cookie plugin, and consent checkboxes, but for whom a comprehensive software solution would be overkill.
Configuration of some of GDPR WP’s features may be a little tricky for some, but with (at present) 30,000+ installations, and a 4.5 star rating GDPR WP is the mostly widely used and trusted GDPR plugin of its kind.
Last but not least – Cookie Allow from Weepie.
Cookie Allow is easy to use and gives users upfront and clear choices about whether to accept and decline cookies.
What stands out to us about Cookie Allow are its customisation options:
“Compose your cookie consent manner: Choose what cookies should be placed before consent.
Choose your consent method: e.g. by scrolling the website or by clicking on the accept button. Choose whether you want to use a layer on top of your website (cookie wall)”.
At the time of writing, Cookie Allow has over 3,200 sales, and a rating of 4.5 stars on Codecanyon.
This plugin also comes with a range of built in styling options, so this could be the cookie plugin for you if you’re looking to avoid adding additional CSS.
In this post we have included a range of tools to try to highlight what are currently some of the best GDPR compliance solutions for small businesses. Taking a broad look at different tools covered here, you can see two trends. The first is a comprehensive approach to GDPR compliance as offered by companies such as TrustArc and Privacy Perfect. These solutions may be worth considering for websites that receive a lot of user data, or lots of user transactions, such as a successful ecommerce site.
The second trend is a more modular approach, which we suspect will be the approach that most small businesses take. This means using different solutions such a GDPR compliant cookie plugin, updating policy documents, perhaps with a policy generator such as Iubenda, and adding required checkboxes to forms where user data will be collected.
With that said, we want to emphasise one last time, there is no one-size-fits-all solution to ensuring that your business is GDPR compliant, and if this is something you’re still unsure about, it is advisable to consult with legal experts.