Do You Need Cookie Consent and Privacy Notices for Your Site?

Have you heard about cookie consent, but aren’t quite sure how it applies to you? The European Union’s General Data Protection Regulation (GDPR) law has left many website owners around the world feeling confused. This guide will answer your questions about cookies, privacy notices, and the GDPR, and will help you decide what steps you might need to take when making your website compliant.

What are cookies?

Cookies are bits of data that are created and stored (as text files) when websites load — it’s how information is collected from website visitors.

Cookies have multiple purposes, such as providing personalized user experiences or displaying ads. Automattic’s Cookie Policy reveals how different cookie types are used within

What is the GDPR?

The GDPR protects personal data and user privacy. It went into effect on May 25, 2018. It holds businesses responsible for how they collect, use, and store information by setting fines for non-compliance.

How does the GDPR apply to me?

Every website that collects user data should have cookie consent banners or privacy notices. This applies to businesses and websites around the world. Due to the borderless nature of the internet, if someone in the EU — where the law was passed — were to visit your website and have their data collected, then the law (and the penalties for not complying with it) would apply to your website.

GDPR law applies to sites and plugins that process and store data. This includes contact forms, email marketing outreach, and membership plugins.

GDPR compliance tips for users

Here are tips for making your site trustworthy and GDPR compliant:

  • Create a privacy policy and notice: Privacy policies and notices inform your visitors whether your site collects any data, and how visitors are tracked.

If you don’t know where to start, Automattic made its privacy policy, privacy notice, and other legal documents available on GitHub.


Pick a template, copy it, and adapt it for your needs. A credit to Automattic for the original use is recommended.

  • Enable the cookies and consent widget: updated its cookie widget in accordance with the GDPR. The widget lets you set a banner to share policy links and allow followers to consent to cookies. This guide can help you enable the widget.
  • Allow users to contact you about data-related concerns: If you collect visitors’ information — for example, through a contact form — provide your contact information so that followers can request the deletion of that information.

Ensuring that your site is GDPR-compliant is another step towards establishing trust with your site visitors and building your brand. Once you’re done, you can take the next step by refining your brand voice. Courses make it easy to start that blog, website or podcast.

Build, publish and grow your blog, website or podcast with on-demand go-at-your-own pace courses taught by WordPress experts.

Browse courses