The General Data Protection Regulation (GDPR) is in effect since May 25, 2018. It gives EU residents more rights around their privacy.

WordPress and WooCommerce already deliver you the necessary tools to be GDPR-compliant (for example a "Privacy Policy" can be automatically generated and it's automatically inserted on the checkout page or you can erase your customers' data upon their request).

Our theme and all our bundled extensions:

1. Don't create any cookies
2. Don't create any additional GDPR obligations

We don't bundle any additional GDPR plugins.

How to be GDPR-compliant

Key points:

1. GDPR applies only to how you gather and process personal information.
2. All cookies that don't gather personal information (technical cookies) follow the regular cookie law.
3. You need to have a privacy policy page.
4. If you are using Google Analytics or Hotjar you need to obtain consent of your visitors before you can inject the JavaScript code of these extensions.
   1. That means that many plugins that simply insert Google Analytics plugins are not GDPR-compliant and a solution that inserts the code only after user agreed to that is now necessary.
5. As theme vendors we can't recommend any particular solution because your solution depends on 3rd party modules that you install. There exist "GDPR plugins" which have built-in integration of Google Analytics, Hotjar etc.
6. We recommend that you consult the official resources delivered by appropriate entities:
   1. https://docs.woocommerce.com/document/extensions-gdpr-checklist/
   2. https://wordpress.org/news/2018/04/gdpr-compliance-tools-in-wordpress/

Case study

To satisfy both the cookie law and the GDPR law you would need a consent bar and optionally a setttings popup (both are necessary only if you are using any 3rd party modules that require consent). The popup is not necessary if the bar allows rejecting all the optional cookies. Below is a sample styling that you could use: