Privacy and cookie policy

As the whole GDPR craze has hit my place of employment, I decided to look into an easy method for to add a privacy policy and cookie policy to my WordPress site.

Adding a privacy policy is pretty simple, all you have to do is to create a new page with the policy on it.  Simple right? Well, it turns out that the devil is in the details as normal.  After a few minutes of research, I found a nice site with a template-based policy generator.  The site, Privacy Policy Template, is pretty self-explanatory.  The code for the template is very easy to edit after you generate the code.  This provides a great starting point for sites that need more information, but also a nice final product for blogs like this one that don’t really deal with any user data other than the owner.

The other shoe is a cookie policy.  Towards this end I used the CookieBot service and the accompanying plugin.  It is a paid service if you have a large number of pages, but if you have a site with 100 sub-pages or less then the service is free.  Be aware that for the purposes of billing and scanning, CookieBot treats each post or page as a separate item.  The pricing structure is really quite reasonable given the capabilities of the service.  For example, this site has a total of 121 pages and posts, so they automatically upgraded my account from free to a 30-day free trial.  Until I hit 500 pages/posts, the cost is only $10/month, which in the overall scheme of things is not that bad at all.

cookiebot-300x212-3902402
Screenshot of slide-down panel with default settings.

The initial scan can take as long as 24 hours to be generated, however that all depends on the size of the site being scanned.  The cookie categories and reports are automatically created for you, however you can also customize the panel with custom cookies and categories, as well customizing the CSS to control the look and feel of the panel.  I choose to start out with defaults only.  The image to the right is what my site looks like after the initial report was generated.

I also received a report in the inbox configured for the account with details on what was found in the scan and which cookies were treated as falling into the pre-defined categories.  For example, the scan found two cookies that were designated as necessary for the site to function.  There were also items found in the preferences and statistics categories.

While I don’t really feel that it is necessary for me to even have a privacy policy or cookie consent feature, I have decided to do it anyway simply out of an attitude of prevention, due to the political climate surrounding personal data collection and the like. (Thanks, Mark Zukerberg, as well as your friends at Cambridge Analytica.)

While these two services are by no means the only ones out there, I found them to be the easiest and simplest to implement.

(The featured image is copyright of HarperCollins Publishers)