How to achieve GDPR and ePrivacy Directive compliance on your Wix website

Wix provides one of the world’s most popular website building platforms. Their users — and visitors to Wix websites — are all over the world. That means that Wix users need to comply with global data privacy laws, as their sites collect personal data from visitors via cookies and other tracking technologies. 

We look at the European Union’s General Data Protection Regulation (GDPR) and ePrivacy Directive (ePD) and their impact on websites and the collection of personal data. We’ll also look at consent management platforms and why they’re crucial tools for privacy compliance, and walk you through how to achieve and maintain GDPR and ePrivacy compliance with Cookiebot™.

Why GDPR and ePrivacy Directive compliance is crucial for websites

Data privacy regulations and related laws protect and regulate access to individuals’ personal data and provide people with various rights. Privacy laws go back decades, but a lot has changed in recent years, and new laws are being passed. 

Major drivers of change for companies and individuals include the advent of huge digital platforms owned by a few dominant tech companies, ever-advancing technologies, and increasing global reliance on the internet to live, work, and socialize. 

The average person leaves a rich trail of personal data just about everywhere they go online, including on the websites they visit. Companies use that data for effective marketing and performance analytics.

Why the GDPR is important for Wix users

Since the GDPR came into effect in 2018, it has protected the privacy and personal data of residents of the European Union and European Economic area. It gives them control over their personal data, and a number of rights regarding access to that data and how it’s used. 

The GDPR is extraterritorial, which means that it doesn’t matter where the company or website owner is located; it only matters if that entity processes the personal data of EU residents. So if your Wix website has visitors or customers who live in the EU, you need your site to comply with GDPR requirements.

Why the GDPR is so important globally

Many other countries around the world have used the GDPR as a model when drafting their own data privacy legislation, so achieving compliance with the GDPR makes it easier to become compliant with other laws as well if needed. GDPR requirements are also tied into some other laws, like the Digital Markets Act (DMA), so data privacy requirements come from multiple sources these days.

The GDPR levies some of the strictest requirements among global data privacy regulations. These include having a valid legal basis to collect personal data, and requiring entities to obtain prior consent from visitors and customers to use cookies and other tracking technologies on websites to collect personal data. Most websites today use various kinds of cookies for a number of purposes, and quite a few of those involve collecting personal data.

The GDPR also requires entities (mostly commercial enterprises) to provide specific notifications and information to the people (data subjects) from whom they collect personal data, e.g. from website visits. This can be done in a few ways, but the most common ones are via a privacy policy page and cookie notice or policy on the website, and with a consent banner displayed by a consent management platform (CMP). 

GDPR noncompliance can come with substantial financial and reputational penalties. This is why it’s important for Wix users to achieve GDPR compliance.

The consequences of GDPR noncompliance

Fines for GDPR violations have made some pretty splashy headlines, with the biggest GDPR fines topping hundreds of millions or even a billion Euros. The GDPR outlines fines for violations to be from 2 percent of annual global turnover or EUR 10 million, whichever is higher; or 4 percent or EUR 20 million, whichever is higher, for repeat or more egregious violations (e.g. willful violations).

Many smaller companies and website owners don’t feel that GDPR compliance really applies to them because news coverage can make it seem like it only matters for big tech companies. The penalties against large tech companies are of that magnitude because of the size of their business operations and audiences and volume of data they process. But it’s important for smaller organizations to consider noncompliance risks contextually.

GDPR fines hurt small businesses more

While they may not make headlines, plenty of smaller organizations have been cited and fined for violating the GDPR, and for a small business, any fine can present a significant financial difficulty. That’s only the beginning, though. 

Authorities can also make companies halt operations related to the violation or delete data, which could cause significant issues with a company’s ability to do business. 

A violation is also a significant hit to the trust customers place in a company and can damage brand reputation, which can have both short- and long-term financial consequences. This is particularly dangerous in an era when more and more regulations include data portability provisions, making it easier for customers to take their information and leave for a competitor.

For a small business or agency with a Wix site, the risk of GDPR noncompliance can be too great, especially since achieving and maintaining privacy compliance is simple and cost effective.

Why the ePrivacy Directive is important for Wix website owners

The ePrivacy Directive (ePD) is older than the GDPR, enacted in 2002. It was updated in 2009 and again in November 2023, when the European Data Protection Board (EDPB) issued new guidelines widening the scope of technologies that the ePD covers. 

The ePD is designed to complement other regulations like the GDPR, with the end goal being for the ePD to become a fully enacted legal framework as the ePrivacy Regulation.

Who the cookie law applies to and its requirements

Sometimes referred to as the EU’s “cookie law,” the ePD addresses privacy concerns with electronic communications. It requires communication confidentiality over public networks, obtaining user consent for the use of cookies, regulates direct marketing practices, and sets guidelines for electronic communication services’ security. 

The ePD extends privacy protection beyond traditional telecom operators, covering a wider range of electronic communications in our ever more digital world. It applies to any business that processes data via EU residents’ (natural or legal persons) use of online communications services, mandating confidentiality, and applying to online tracking technologies, digital direct marketing, etc.

The ePD applies to website and app owners, digital marketers, telecom companies, messaging service providers (e.g. Meta or Apple), or internet access providers, i.e. where open and public WiFi access is available. Machine-to-machine communications (i.e. the Internet of Things) will also be included thanks to the recent update.

With this scope in mind, it’s easy to see why complying with ePD guidelines is important to Wix website owners doing digital marketing and analytics, and customer communications.

The consequences of ePrivacy Directive noncompliance

As the ePD is designed to work in conjunction with the GDPR, noncompliance once again means potential penalties and fines. Once the ePrivacy Regulation comes into effect it will immediately apply to all electronic communications processors. 

It’s safer, more financially sound, and better for customer relations and brand reputation for businesses to achieve compliance in advance and not have to scramble or worry when new laws come into force and enforcement begins.

Wix and GDPR compliance for websites

Websites built on the Wix platform need to be GDPR-compliant if they process personal data from visitors, which most websites do. As every site is a bit different, each user is responsible for ensuring they manage consent compliantly for their sites. 

Fortunately, the Cookiebot™ for Wix by Usercentrics app makes Wix GDPR compliance easy. Install it from the Wix marketplace in a few simple steps and customize it to your site’s appearance and compliance needs. Then the automated scanning helps ensure your compliance remains up to date. Cookiebot™ for Wix by Usercentrics even helps with your privacy and cookie policies.

Wix and ePrivacy Directive compliance for websites

Wix GDPR compliance requirements apply to the ePrivacy Directive as well. In addition to the use of cookies and other trackers for collecting personal data, you’ll need to obtain user consent for electronic communications and personal data collected by those cookies or to run them. Basically, if you want to do any marketing or customer communications.

How a consent management platform (CMP) helps achieve GDPR compliance

A consent management platform (CMP) handles complexities of consent management and GDPR privacy compliance on your Wix website for you. 

How a CMP collects visitor consent for privacy compliance

Implemented on your site in a few steps and customized to match your branding, Cookiebot™ for Wix by Usercentrics displays a consent banner to visitors on their first visit or when new consent information is required (e.g. consent data has expired or visitors cleared their browser settings).

The consent banner presents information about why consent is being requested. Visitors can also drill down into the cookies and other tracking technologies in use on the site to learn about them, and, if desired, provide consent for specific selections. Or visitors can choose to accept or reject all use of cookies.

Other CMP consent management functions for privacy compliance

A CMP also securely stores and documents consent information so it’s available in the future for visitors to update or withdraw their consent preferences. It can also be provided to data protection authorities in the event of an audit, or to a visitor who submits a data subject access request. All of these functions are required by the GDPR.

A high performance CMP has features that help you even more. For example, Cookiebot™ for Wix by Usercentrics runs automated scans of your site to ensure all cookies and trackers in use are detected and controlled until consent is obtained.

The CMP then supplies this information to the consent banner and for your privacy and cookie policies. Those policies stay up to date with specific details about cookies in use, and enable informed visitor consent, as required by the GDPR.

Wix and Cookiebot™ partnership for privacy-compliant websites

Wix is probably best known as a powerful no-code website builder that enables anyone to create a beautiful, full-featured website. It’s one of the world’s most popular platforms, and it also enables eCommerce, marketing operations, scheduling, and more — built right in. Learn all about Wix. 

Since Wix customers are located all over the world, it’s important to the company to ensure all customers have everything they need to do business and promote themselves online. This includes enabling privacy compliance with regulations today, and in the future. That’s where the Cookiebot™ partnership comes in. 

Read the full press release about the partnership: Usercentrics partners with Wix to launch first consent solution on the Wix App Market

Learn more with Wix: How to make a website

Cookiebot™ for Wix by Usercentrics for privacy compliance

The Cookiebot™ for Wix by Usercentrics plug-and-play solution enables GDPR/ePD cookie compliance, with features that automate compliance maintenance as well. Cookiebot™ is the only third-party GDPR compliance app available in the Wix Marketplace and enables Wix users to quickly and easily achieve privacy compliance on their Wix websites. 

Cookiebot™ for Wix by Usercentrics was designed from the ground up for Wix users, to seamlessly bring the powerful features and privacy compliance peace of mind of Cookiebot™ CMP to Wix. It’s user-friendly, reliable, scalable, and ready to go in just a few simple steps.

Wix users can stay focused on their core business and their own customers, and Cookiebot™ for Wix by Usercentrics can handle consent management and website privacy compliance.

Learn more with Wix: How to create a GDPR-compliant website

Benefits of Cookiebot™ for Wix by Usercentrics

The initial website scans detect all cookies and trackers in use on your Wix website and reports them, so you don’t need to set that up manually. Ongoing scans mean you have an accurate list as your web technologies change over time, so you know for what and where you need visitors’ consent. 

This information about Wix components is provided to your Wix site visitors via the customized consent banner that Cookiebot™ for Wix by Usercentrics displays. 

Being able to customize the banner’s design and text to make it familiar in appearance and user-friendly helps build trust and encourages higher engagement. Visitors can provide consent for all cookie use, only the ones they specify, or none of them (aside from “essential” cookies, which do not require consent). They can also change their preferences any time, putting them in control, and meeting GDPR requirements. 

Cookiebot™ for Wix by Usercentrics and Google Consent Mode

Cookiebot™ is a Google-certified consent management platform (CMP), which means it works seamlessly with the Google services you rely on and can signal required consent information to enable privacy compliance.

Cookiebot™ for Wix by Usercentrics is also seamlessly integrated with Google Consent Mode v2. With Google’s new consent requirements, you can obtain valid user consent and signal it to continue to use Google services for measurement, ad personalization, and remarketing, thus protecting your digital marketing operations and revenue.

How to set up Cookiebot™ for Wix by Usercentrics on your Wix website

1. To get started, go to the Wix Marketplace to add Cookiebot™ for Wix, and click the blue Add to Site button. 
2. Review the terms of use, then click the blue Accept & Add button.
3. You’ll need to have an active Premium Cookiebot™ Plan, so click the blue Upgrade app to Premium button, then click the blue Select button for the Premium Plan.
4. Click on the Plan type you prefer — Monthly or Yearly — then click the blue Continue to Checkout button.
5. Add your account and payment details for your preferred payment method, then click the blue Continue to… button.
6. The initial scan of your Wix website will start automatically to detect the components, trackers, and third-party apps you’re using.
7. The scan is really fast, so within a few moments, you can click the blue View scan report button to see the results.
8. The scan report will show you all the components, trackers, and apps that collect personal data, and their compliance status, e.g. if they’re blocked until user consent is obtained. They may not be yet, but you will set that up next!
9. Now it’s time to set up your consent banner that will be displayed to your Wix website visitors. Under the Consent banner tab, customize the layout, theme, colors, and more for a banner that matches your site’s look and feel. You can also customize display languages and other features for the best user experience.
10. Don’t forget the “behind the scenes” customization settings as well to control how the CMP manages activation of your Wix website’s components, trackers, and third-party apps to enable privacy compliance.
11. Once you’re happy with your setup, click the green Save button.

Activate your consent banner by sliding the Enable Banner slider to the right and turning it blue. That’s it! Your banner can now enable visitors to your Wix website to make legally valid consent choices about access to their personal data, so you can achieve GDPR and ePD compliance on your site.

Check out our step by step video to get Cookiebot™ for Wix enabling privacy compliance on your Wix website in minutes.

Learn more with Wix: 6 steps to create a GDPR compliant website

GDPR-compliant Wix policies

The GDPR requires websites to provide information about their privacy practices, relevant regulations, user rights, and more through a privacy document. This is commonly done on a privacy policy page on the website. It’s also required that it be kept up to date as company information, web technologies, and regulatory requirements change. This can be tricky and time consuming, especially for small businesses, and is why automating as much of this work as possible is so valuable.

The cookie policy is often a section of the privacy policy, though it can be a separate document. This outlines information about the cookies and other tracking technologies in use on the website, what data they collect, for what purposes, how long data is retained, who may have access to it, and more. The GDPR requires this granular information as well to fulfill its requirement that user consent be informed.

GDPR-compliant Wix privacy policy

Your Wix website needs a privacy policy to be GDPR and ePD-compliant. You can draft your own or use a template or a generator tool. However, it’s strongly recommended that you consult with qualified legal counsel to ensure your Wix website’s privacy policy is tailored to you. Even using a template you’ll need to customize it to your site, business, and relevant regulations.

To have a GDPR-compliant privacy policy on your Wix site, you need to disclose:

• how your site collects personal information
• the purposes for which your site collects and processes personal information
• how long you retain collected data
• relevant privacy regulations with which you comply
• the legal basis for your data collection (of which consent is one type)
• what parties, e.g. vendors or partners, may have access to the data, and for what purpose
• how you protect the data in your possession
• what rights visitors have based on relevant privacy regulations and how to exercise those rights
• contact information for the business, possibly including a Data Protection Officer

Learn more with Wix: How to write an effective Privacy Policy for your website

GDPR-compliant Wix Cookie Policy

Your Wix site’s cookie policy can be a section of the privacy policy, or a separate page or document. Its scope is more limited than the privacy policy, as it only covers the use of cookies and other trackers. It needs to include information about the cookies in use on your site, what parties set them, what data they collect, for what purposes, when they expire, and other relevant information. 

The Cookiebot™ for Wix by Usercentrics solution can automatically provide information about cookies in use to populate and update your cookie and/or privacy policy.

Maintaining Wix GDPR privacy compliance

Once you have achieved GDPR and ePD compliance for your Wix website, you need to make sure to maintain it. Regulations and technologies are always changing, and it’s especially hard for small businesses to dedicate the resources to keeping tools, systems, and the website up to date.

Cookiebot™ for Wix by Usercentrics helps with powerful automation functionality. The regular scans help to keep cookie and tracker information up to date. However, you should also regularly review that cookie list to make sure you control everything that’s running, and so you’re familiar with the data being collected on your site, especially via third-party vendors. 

Make sure you still need the data you’re collecting and don’t retain it any longer than necessary for the specific purposes for which it was collected. These limitations are also GDPR requirements.

Check your CMP settings and consent banner design and text, and work to optimize it over time to ensure it’s informative and user-friendly to optimize visitors’ consent rates.

Next steps to achieve GDPR and ePrivacy Directive compliance for your Wix website

Complying with the requirements of the GDPR and ePD are complex, and can seem overwhelming, but they don’t need to be. We do the heavy lifting for you, and Cookiebot™ for Wix by Usercentrics can help you notify visitors, obtain and store their consent, and signal it to tools you rely on for advertising, analytics, and more.

GDPR compliance isn’t just for giant tech companies that make headlines. It applies to every organization that collects and processes the personal data of EU residents and/or uses electronic communications with them, which probably includes your business. 

Whether it’s to use cookies on your website, build your newsletter subscriber list, or other ways you grow your business and engage with your customers, data privacy should be built in, and Wix and Cookiebot™ are here to help. A beautiful, user-friendly website draws visitors and customers, and a robust consent management platform helps you build trust with website visitors and compliantly meet the requirements of ever-evolving privacy regulations. So you can stay focused on what you do best.

Head over to the Wix Marketplace now and download the Cookiebot™ for Wix by Usercentrics plug-and-play solution. In just a few simple steps, you can have it up and running. 

FAQ