Cofounder and CEO Guy Leibovitz shared the pitch deck the team used to close its Series A. The deck showed how Nominal would use AI to address the accountant shortage and handle manual accounting labor, as the majority of accountants approach retirement and fewer people take the CPA exam.
Nominal's new round brings its total funding to $30 million. Next47 led the round, which included participation from Workday Ventures, Bling Capital, and Hyperwise Ventures. The company declined to share its valuation.
Leibovitz and Nominal's cofounder and CTO, Golan Kopichinsky, previously built another AI startup together in data security, Cognigo, which sold to NetApp for $70 million in 2019.
After the acquisition, Leibovitz saw firsthand much of the manual work NetApp's finance teams struggled with, which inspired the creation of Nominal.
Leibovitz likened Nominal to a hot $5 billion legal tech startup by calling it "Harvey for accountants and finance teams." Nominal plugs into a company's existing enterprise resource planning (ERP) system and helps CFOs and controllers automate tasks to reduce manual work and errors.
The company said its product can analyze financial forecasts, reconcile balance sheets, and more.
Nominal makes money by selling annual subscriptions based on usage, and Leibovitz said revenue doubled every quarter last year. Funding will go to expanding operations in North America and adding more AI agents to the product.
Nominal has 40 employees, Leibovitz said, and it has dozens of customers, including auto shop chain Jiffy Lube and business travel company GoGlobal.
Nominal isn't alone in disrupting ERP systems with AI. Earlier this month, AI startup Rillet announced it raised $70 million from Andreessen Horowitz and ICONIQ, while Campfire announced a $35 million Series A raise led by Accel in June.
Here's a look at the pitch deck Nominal used to raise its $20 million Series A. Certain slides have been edited and removed so that the deck can be shared publicly.
I’ll be honest: there was a time when privacy compliance felt overwhelming.
Between GDPR, CCPA, VCDPA, and other regulations, it seemed like I needed a law degree just to run a simple WordPress site.
But after spending a lot of time helping website owners figure this out, I’ve learned that compliance doesn’t have to be complicated. In most cases, just a few simple changes can protect your website and show visitors that you take their privacy seriously.
That’s why I created this ultimate guide to WordPress privacy compliance. I’ve researched dozens of laws, tested different tools, and seen firsthand what works (and what causes problems) across different WordPress websites.
⚠️ We are not lawyers, and nothing on this website should be considered legal advice.
Why Does Privacy Compliance Matter for Your WordPress Website?
Online privacy laws are designed to give people more control over how websites, businesses, and online stores collect and use their personal information.
“Personal information” can mean more than you think. It includes names and email addresses—but also things like browsing history, preferences, location, and even biometric data.
That’s why most WordPress websites are affected by privacy laws, even if they only collect basic data like form submissions or cookies.
Following these laws is important for two reasons:
Avoiding legal trouble: Some laws, like the Virginia Consumer Data Protection Act (VCDPA), can issue fines of up to $7,500 per violation. Other laws impose even higher penalties, sometimes reaching millions.
Building trust with your audience: When visitors see that you respect their privacy, they’re more likely to engage with your site, join your email list, and make purchases.
In other words: privacy compliance isn’t just a legal requirement. It’s a smart move for long-term success.
In this guide, I’ll walk you through 12 key tips for WordPress privacy compliance. After that, I’ll break down the most important privacy laws that might affect your site.
Keep reading for the ultimate checklist to comply with international data privacy laws.
12 Tips for Achieving WordPress Privacy Compliance
No single guide can guarantee full compliance with every privacy law. But these tips will give you a strong foundation. You can think of this section as your privacy checklist for WordPress.
After reading through these best practices, I recommend scrolling down to the legal section to see which laws may apply to your site.
1. Perform a Data Audit
Before you can follow any privacy law, you need to know what personal data your website collects and how it’s used.
Start by reviewing all the tools and plugins on your site that interact with visitors. These often include:
Once you’ve identified those tools, take a closer look at what they do.
For each one, ask yourself:
What data does this tool collect?
Why do I need this data?
Where is the data stored?
How long is it kept?
Is it shared with anyone else?
Be sure to document your answers. This record helps you stay organized and gives you a way to prove your compliance if you’re ever audited or asked by one of your users.
2. Collect Less Data
One of the easiest ways to improve privacy on your WordPress site is to collect less data in the first place.
Most privacy laws require you to collect only personal data that’s relevant and necessary for a specific task. This principle is known as data minimization.
Take a look at the forms, plugins, and tools you use. For each one, you should ask yourself:
What personal information am I asking for?
Do I truly need this data?
Could I achieve the same result with fewer form fields or information?
If the answer is “no” or “not sure,” it’s a good idea to stop collecting that data.
This approach not only reduces your legal risk. It also makes your site feel safer and more respectful to visitors, which can improve trust and conversions.
3. Create a Privacy Policy
A privacy policy tells visitors what data your website collects, how it’s used, and whether it’s shared with anyone.
Most privacy laws require you to have a policy like this. It helps users understand how their personal data is handled, which many laws refer to as the “Right to Know.”
Thankfully, WordPress has a built-in tool to help you create a privacy policy. To access this tool, simply go to Settings » Privacy in the WordPress dashboard.
Some privacy laws require you to get consent before placing cookies on a visitor’s device. This includes laws like the GDPR.
A cookie popup makes this easy. It gives visitors a clear message about the types of cookies your site uses, what data is being collected, and why. It should also give them a simple way to opt out.
A cookie popup is important, but it’s also a good idea to create a dedicated cookie policy page. This gives visitors a place to learn more about how cookies work on your site.
Your cookie policy should include:
The types of cookies your site uses (such as essential, analytics, or marketing)
What each cookie does
What personal data it collects (like IP addresses or browsing history)
To build trust, try to keep your cookie policy easy to understand. This means you should avoid technical terms or legal words that are hard to follow.
In the plugin’s settings, choose the page where you want to display the cookie policy, and add the shortcode provided by the plugin.
WPConsent will then add this policy to your chosen page.
If you’re using WPConsent to display a cookie popup, then visitors can now access this policy directly by clicking on the dropdown.
This will reveal a link that takes them straight to your policy page.
6. Block Third-Party Scripts
Many privacy laws also apply to third-party tools like analytics, advertising pixels, and social media trackers. If you use services such as Google Analytics or Facebook Pixel, then you’re responsible for how those tools collect data.
That means you should only allow scripts from these tools to run after the user gives permission.
The good news is that WPConsent includes a built-in script blocker that helps with this. It can detect common tracking tools and stop them from loading until the visitor agrees.
Once consent is given, the script runs automatically without needing to reload the page.
This is one of the easiest ways to improve compliance with laws like the GDPR and CCPA.
7. Track and Log Visitor Consent
There’s always a chance your data handling could be questioned, especially if you’re ever audited or someone asks about their rights.
That’s why it’s a good idea to keep a clear record of user consent. It helps show that your site takes privacy seriously.
The good news is, WPConsent creates this log for you automatically.
You can check it any time by going to WPConsent » Consent Logs in your WordPress dashboard.
If someone asks for proof, just head to the ‘Export’ tab, choose a date range, and download the log as a CSV file.
You can now share it directly with the user. Additionally, having this kind of record can give you peace of mind and help protect your business if questions ever come up.
8. Provide an Easy Opt-Out for Data Sales
Some privacy laws, including the CCPA and VCDPA, require you to give users a way to opt out of having their personal data sold or shared with third-party tools.
It’s also important to know that under laws like the CCPA, ‘selling’ can also mean sharing personal data with third-party advertising or analytics partners in exchange for their services, not just for money.
The easiest way to allow users to opt out in WordPress is by adding a clear, dedicated opt-out page.
WPConsent includes a Do Not Track add-on that makes this simple.
It enables you to generate a form where users can submit their opt-out request.
Once the page is live, visitors can use the form to stop their data from being sold or shared, all without needing to contact you directly.
This creates a smoother experience for your audience and helps you stay compliant with important data laws.
Privacy laws like the GDPR give users the right to access their personal data, and the right to ask for that data to be deleted.
One of the easiest ways to support these rights is by adding data request and deletion forms to your WordPress site.
This is where WPForms comes in. It’s a user-friendly form builder that lets you create all kinds of forms using a simple drag-and-drop editor.
WPForms even has a ready-made Right to Erasure Request Form template.
What if visitors want to see their data instead? WPForms also has a Data Request template.
These templates are a fantastic starting point for accepting data erasure and data access requests on your site.
⭐ Here at WPBeginner, we don’t just recommend WPForms. We also built all our own forms with it! From contact pages to surveys, WPForms is our trusted, daily-tested solution.
Want to see why it’s our go-to? Just see our detailed WPForms review.
After adding these forms to your site, WPForms will automatically log and display all submissions in your WordPress dashboard. This makes it easy to see new requests as they come in.
You can then act on these requests using WordPress’ built-in Export Personal Data and Erase Personal Data tools.
Contact forms, quote forms, and surveys often collect personal information. That means that they also need to comply with privacy laws.
If you’re using WPForms, there’s a built-in GDPR Agreement field that helps you with this. You can add it to any form and get a user’s explicit consent to store their personal information before collecting it.
Simply drag this field into any form using the visual builder.
It will add a checkbox and consent message so that visitors can agree to how their data will be used.
Apart from the GDPR, this field helps you stay compliant with other laws that require clear consent before collecting or storing personal data.
If you’ve been following along with this guide so far, then you already have a solid foundation for privacy compliance. But the tools you install on your website matter too.
The WordPress plugins you choose can either make compliance harder or give you built-in features that simplify the process.
Let’s look at one common example.
Tracking your visitors with analytics helps you improve your site and understand how people interact with your content. This might include tracking page views, link clicks, purchases, or time spent on each page.
But depending on your setup, analytics tools can also collect personal data—like IP addresses, geographic location, and behavioral profiles. That’s where things get tricky.
At WPBeginner, we use MonsterInsights to handle this responsibly. It includes settings to anonymize user data or disable user tracking when consent hasn’t been given.
These options help reduce your legal risk while still giving you the insights you need to grow your site.
Of course, analytics are just one part of the puzzle. Plugins like WPConsent and WPForms also help you manage cookie banners, collect data responsibly, and process requests like opt-outs and deletions.
When someone leaves a comment on your WordPress site, they usually need to enter their name, email address, and possibly a website URL. That’s personal data, so it’s covered by privacy laws.
WordPress includes a privacy checkbox for comments by default. This gives users a chance to agree to the storage of their information before submitting a comment.
However, some themes use a custom comment form that might not include this checkbox by default.
If you don’t see the checkbox on your site, then it’s a good idea to add it manually. You can use a plugin like Thrive Comments or add some custom code to your website.
WordPress privacy compliance often depends on which laws apply to your website, and that’s not always easy to figure out.
Some laws apply to specific locations. Others apply only if you collect a certain amount of data or meet a business-size threshold.
In this section, I’ll walk you through the most common privacy laws that affect WordPress site owners.
You don’t need to become a legal expert, but it’s helpful to know which rules you may need to consider so that you can take the right steps.
The General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) is a European Union (EU) law designed to give EU citizens more control over their personal data.
Simply put, you must get explicit, specific, and clear permission before collecting personal data from anyone living in the European Union.
You must also clearly tell EU residents where, why, and how you’ll process and store their data.
Under the GDPR, individuals also have the right to download their personal data and the “right to be forgotten.” This means they can ask you to delete their data at any time.
The CCPA is a privacy law that gives California residents more control over their personal information. It allows them to see what data is collected, how it’s used, and who it’s shared with.
This law applies to for-profit businesses that meet at least one of these criteria:
Have annual gross revenue over $25 million.
Buy, sell, or share personal data from 100,000 or more California residents per year.
Make at least 50% of their revenue from selling or sharing personal data.
It doesn’t matter where your business is located. If your WordPress site serves people in California and meets one of these thresholds, then the CCPA may apply.
The law also requires you to provide an opt-out for data sharing and to respond to requests to view or delete personal information.
The Personal Data Protection Law (PDPL) – Saudi Arabia
Personal Data Protection Law (PDPL) is a privacy law that sets clear rules for how businesses can collect, use, and store the personal data of Saudi residents.
Ignoring the PDPL carries substantial risks. Fines can reach up to SAR 5 million (about $1.3 million USD) per violation, and this amount can double for repeat offenses.
If any of your customers or users live in Saudi Arabia, then you should check out our beginner’s guide to PDPL compliance. It shows you how to navigate this important law and avoid those steep fines.
The Utah Consumer Privacy Act (UCPA)
The Utah Consumer Privacy Act (UCPA) is designed to protect the personal information of Utah residents.
Like some other privacy regulations, the UCPA’s reach extends beyond Utah’s borders. If your site targets users in Utah—for example, through marketing or services—then the law might apply, even if you’re located elsewhere.
However, don’t worry if you’re a smaller blog or website. Just like the CCPA, the UCPA is mainly aimed at larger businesses.
First, your business needs to operate in Utah or offer products or services targeting Utah residents. Next, your business must have an annual revenue of $25 million or more.
You’ll also need to meet at least one of these data thresholds:
Control or process the personal data of 100,000 or more Utah consumers annually.
Get over 50% of your gross revenue from selling personal data and control or process data from 25,000 or more Utah consumers.
I know this is a lot to take in, especially if you’re just getting started with WordPress privacy compliance. So before we wrap up, I want to quickly answer some of the most common questions I hear from beginners.
These answers aren’t meant to replace legal advice, but they’ll help you understand what matters most when it comes to running a privacy-friendly WordPress site.
Do I need a privacy policy if my site doesn’t collect data?
Yes, even if your site doesn’t seem to collect user data directly, it’s still a good idea to have a privacy policy.
That’s because your site may be collecting information in ways that aren’t immediately obvious. For example, your hosting provider might log visitor IP addresses, or third-party scripts could be tracking behavior in the background.
In those cases, having a privacy policy helps keep you on the safe side of the law.
It also shows your visitors that you’re being transparent, which can go a long way toward building trust.
What are the penalties for non-compliance?
Privacy laws can carry serious penalties if you don’t follow them.
Some regulations include fines of thousands or even millions of dollars. You may also be charged per violation.
For example, under the CCPA, penalties range from $2,500 to $7,500 for each affected user. That can add up fast if the issue affects a large number of people.
But money isn’t the only concern. If users find out their data wasn’t protected, they may lose trust in your site. That kind of damage is hard to repair and can lead to fewer visits, lower engagement, and lost sales.
How often should I review my website’s compliance?
It’s a good idea to review your website’s compliance at least once a year.
You’ll also want to check whenever a privacy law changes or a new one goes into effect. Staying proactive can help you catch small issues early and avoid bigger problems later.
When I launched my first WordPress website, I wasn’t thinking about privacy laws. Like most beginners, I was focused on creating helpful content and getting more traffic.
But times have changed. Now, I hear from many small business owners who are worried about data privacy. Laws like the California Consumer Privacy Act (CCPA) sound intimidating, and with fines reaching $7,500 per violation, it’s easy to see why.
If you’ve felt that same pressure, you’re not alone. Trying to stay compliant while growing your website can feel overwhelming.
That’s exactly why I put this guide together. I’ll walk you through a beginner-friendly, step-by-step plan to help you meet CCPA requirements without getting lost in legal jargon. You’ll learn what data your site collects, how to manage it properly, and which tools can help you stay compliant.
⚠️ We are not lawyers, and nothing on this website should be considered legal advice.
What is the California Consumer Privacy Act (CCPA)?
Under the California Consumer Privacy Act (CCPA), California residents have the right to control how companies collect and use their personal information.
It’s also important to know that the CCPA’s definition of ‘personal information’ is very broad. It includes things like names, email addresses, browsing history, and even biometric data.
It can actually affect many WordPress websites, blogs, and organizations all over the world. If you handle data related to people living in California, then the CCPA may apply to you, regardless of your location.
Now, before you start to worry, it’s important to know that the CCPA doesn’t apply to every single website. It’s mainly aimed at larger businesses.
Generally, your for-profit business needs to comply with the CCPA if it meets one or more of these conditions:
Has an annual gross revenue of over $25 million.
Buys, sells, or shares the personal information of 100,000 or more California residents or households per year.
Gets 50% or more of its annual revenue from selling or sharing California residents’ personal information.
Does your website or business meet these criteria? Then it’s absolutely essential you understand what the CCPA is and what it requires.
Why Should WordPress Users Care About CCPA Compliance?
Ignoring the CCPA can have some pretty serious consequences, including large fines. For example, if you intentionally breach this law, you could be fined as much as $7,500 per violation.
Even if you break the rules by mistake, the consequences can still be tough. Non-intentional CCPA violations can cost you up to $2,500 per incident. So, even an accident can lead to huge financial penalties.
Plus, complying with the CCPA is about more than just avoiding fines. By giving visitors more control over their personal information, you’re proving that you’re trustworthy. This can get you more signups, conversions, and sales, helping to grow your online business.
By contrast, breaking the CCPA can really hurt your reputation, even if the violation was a complete accident.
How CCPA Affects Your WordPress Site
CCPA compliance is a big topic, but as a broad overview, there are three core principles that will affect you as a WordPress blog or website owner:
The Right to Know: Users can ask what personal data you collect about them.
The Right to Delete: Users can ask you to delete their personal data.
The Right to Opt-Out: Users can tell you not to sell their personal information to other companies.
In this ultimate guide, I will share many tips, techniques, and tools to help you comply with each of these core CCPA principles.
How to Improve Your CCPA Compliance in WordPress
Navigating CCPA compliance can feel like a complex task. But at its core, it’s really all about being clear and open with your users. You also need to give them ways to control how (and if) you collect and use their personal information.
I can’t guarantee that these are the only steps you’ll need to take, but following this guide will put you on the right path to compliance.
That said, let’s get started! You can click the links below to jump ahead to any section:
As with most data compliance laws, the first step is to identify and document all the different types of personal data you collect, process, and store. This means performing a complete data audit of your website.
I recommend starting by listing all the WordPress plugins and tools that gather data on your site, such as analytics plugins, form builders, and SEO plugins.
You can then carefully evaluate how each one handles user information.
For example, if you’ve created a quote request form on your website, then your form builder plugin might collect the visitor’s name, company name, and job title.
To go a bit deeper, try asking yourself these questions for each tool:
What specific personal data does it collect? This might be names, email addresses, IP addresses, payment details, or any other form of personal information.
Where is this data stored? Is it stored locally on your server or sent to a third-party service?
Why is this data being collected? Is it essential, or non-essential? And how are you using that data?
How long is this data kept? Do you have a data retention policy for it?
Is this data shared with anyone? In particular, are there any service providers or advertisers involved?
This may immediately reveal areas where you need to adjust your data handling practices to comply with CCPA. This could involve changing what data you collect, how long you keep it, or who you share that information with.
Collect Less Data
There’s an easy way to protect your users’ privacy: avoid collecting information you don’t actually need. This is called data minimization.
It means you only gather the information that’s absolutely essential for your site to work properly. By doing this, you instantly make CCPA compliance much simpler.
After performing a data audit, I recommend looking critically at all the data you currently collect. Do you really need every piece of information you ask for?
Data minimization also plays a big part in building trust with your audience. By not asking intrusive questions or gathering unnecessary personal details, you clearly demonstrate that you respect their privacy. This, in turn, will make users feel more confident and comfortable interacting with your website.
Create a Privacy Policy
A privacy policy is a page that clearly explains what personal data you collect, how you use it, and who you share that information with.
Creating a detailed and comprehensive privacy policy is essential for CCPA compliance, as it helps visitors understand how you collect, store, and use their personal information.
The good news is that WordPress comes with a built-in privacy policy generator that you can use to get started by going to Settings » Privacy in your WordPress dashboard.
Alternatively, you can always refer to our WPBeginner privacy policy page as a strong starting point.
If you use our template, then just remember to replace all references to WPBeginner with the name of your business website or blog.
Do you already have a privacy policy in place? Then I still recommend updating it with specific information about the CCPA. In particular, you’ll need to explain your users’ rights under the CCPA, such as their Right to Know, Right to Delete, and Right to Opt-Out.
Even more importantly, you must clearly tell visitors how to exercise their CCPA rights.
For example, you could link to a contact form where they can ask for a copy of their data (their Right to Know). Alternatively, you might show them how to request that you delete all their personal information (their Right to Delete).
Finally, it’s important to regularly review and update your privacy policy. This helps you make sure it always accurately represents your current data handling practices and stays compliant with evolving laws.
Add a Cookie Popup
Unlike some other privacy laws, the CCPA doesn’t always require users to actively opt in to data collection.
However, the CCPA strongly emphasizes two key points: users have the right to know about data collection, and they have the right to opt out if they choose.
The good news is that a cookie popup can help you achieve both of these important goals.
A well-designed popup can clearly inform visitors about the types of cookies you use, what data they collect, and why you’re collecting it (their Right to Know). It can also give users a straightforward and easy way to exercise their Right to Opt Out.
There are many different cookie banner plugins on the market. However, I highly recommend using WPConsent because it makes adding a cookie popup or banner to your site incredibly simple.
WPConsent is a privacy compliance plugin designed to help you meet many different privacy standards, including the CCPA.
We actually use WPConsent to display cookie banners and manage user consent across all our own websites, including WPBeginner. This firsthand experience has shown us just how effective and user-friendly WPConsent is.
💡 Want to learn more about our direct experience with WPConsent? Be sure to check out our in-depth WPConsent review.
In addition to a popup or banner, it’s also a good idea to create a cookie policy with specific details about how your site uses cookies. This helps visitors better understand how you collect and use their personal information.
In your cookie policy, you should clearly list the different types of cookies your site uses, like essential, analytics, or marketing cookies. You can also explain their purpose, such as tracking website visitors or delivering targeted advertisements.
I also recommend explaining what personal information these cookies collect, like IP addresses or browsing history.
To encourage visitor trust, you should keep your cookie policy easy to understand. This means avoiding technical terms or legal jargon. Instead, use clear and straightforward language that anyone can follow.
Visitors should be able to find your cookie policy easily. I recommend adding a link to it within your main privacy policy and also inside your cookie banner.
Thankfully, a tool like WPConsent can handle all this for you. As I’ve already shown, WPConsent can scan your site and identify all active cookies.
But WPConsent can also use this information to generate a cookie policy. You can find this setting by going to WPConsent » Settings.
Within the plugin’s settings, simply select the page where you want to display the cookie policy.
WPConsent will then go ahead and add this policy to your chosen page. It’s as easy as that!
Are you using WPConsent to display a cookie popup? Then visitors can easily access this cookie policy directly.
They simply have to click on the ‘Preferences’ button.
Then, they’ll need to select the ‘Cookie Policy’ link.
And that’s it! WPConsent will take them straight to the right page.
Block Third-Party Scripts
One of the trickiest things about CCPA compliance is that it also applies to any external tracking tools you’re using on your site. This includes things like Google Analytics and Facebook Pixel.
That’s because these tracking tools often collect data from your visitors. According to CCPA, you’re responsible for managing how these third-party tools collect, store, and use this data. You also need to let visitors opt out of these third-party tools, if they choose.
So, how do you control external tracking tools? I recommend using automatic script blocking.
This feature stops tracking scripts from loading until the visitor clearly gives their consent. This helps you meet the CCPA’s Right to Know requirement, as visitors clearly understand what they’re agreeing to.
Here, you’re also making third-party tracking opt-in rather than just opt-out. This approach goes beyond the basic standards set by the CCPA.
By taking things one step further, you’re demonstrating a strong commitment to protecting visitor privacy. It shows that your priority is user data protection, rather than simply meeting the minimum standards outlined by the CCPA.
Thankfully, WPConsent has an automatic script blocking feature that works out of the box. Behind the scenes, it automatically detects and blocks common tracking scripts like Google Analytics, Google Ads, and Facebook Pixel, without causing your site to break.
As soon as the visitor gives their consent, WPConsent executes the script instantly. This means it provides a truly seamless user experience because it doesn’t need to reload the page.
Track and Log Visitor Consent
Even if you’re following CCPA regulations perfectly, there’s always a chance your data handling practices might be questioned. You could even get audited by regulators.
If that happens, you’ll need to prove that you’re respecting your visitors’ choices. With that in mind, it’s super important to track and log user consent.
By keeping a comprehensive log, you’ll always have concrete proof that you’re complying with all the CCPA’s requirements.
Once again, WPConsent does the hard work for you by automatically logging user consent. It records all essential details, including the user’s IP address, their specific consent choices, and the date and time when those choices were registered.
WPConsent then displays all this information directly within your WordPress dashboard. You can find it by going to WPConsent » Consent Logs.
Do you need to share this log with someone else, such as an auditor? You can simply export it from your WordPress dashboard, making it easy to provide proof of your compliance.
Build Trust with Opt-Outs
Under the CCPA, you must give visitors a way to opt out of the sale or sharing of their personal information.
The easiest way to do this is by using WPConsent’s Do Not Track add-on. This lets you add a dedicated ‘Do Not Track’ page to your site with just a few clicks.
You can find it by going to WPConsent » Do Not Track »Configuration in your dashboard.
Visitors can simply head over to this page and opt out of selling or sharing their personal data.
This straightforward approach enables visitors to exercise their rights without confusion or delay, providing a fantastic user experience.
Even better, WPConsent stores all these requests locally in a custom table directly on your site.
In this way, you maintain full control over this sensitive data, and you’re not relying on external services to store crucial compliance records.
And WPConsent records all user requests. This means you can provide clear proof of compliance if you’re ever audited or a user asks about their opt-out status.
Support the ‘Right to Delete’
As I’ve already mentioned, the CCPA clearly states that users can request that you delete their personal data.
There are several ways to do this, but I recommend adding a data deletion form to your site. You can easily do this using a powerful form builder plugin like WPForms.
In fact, WPForms has a dedicated Right to Erasure Request Form template that provides a great starting point, helping you set up this important compliance feature quickly and easily.
🌟 At WPBeginner, we use lots of different forms – and we created them all using WPForms! We have extensive, hands-on experience with this tool, which is why we feel confident recommending it to our readers.
Want to learn more about this powerful form builder plugin? Just check out our detailed WPForms review.
After adding this form to your site, I recommend linking to it from your privacy policy page. Alternatively, you can embed it directly on the page. Whatever approach you take, the key is to ensure that visitors can easily find the form.
WPForms also has a powerful entry management system. This means you can easily filter all the submissions from your various forms and identify any data deletion requests that need to be actioned quickly.
To review your entries, simply head over to WPForms » Entries. Here, you’ll see a list of all the forms across your WordPress website.
Simply find your data erasure form and click it.
You’ll now see all your ‘delete data’ requests.
So, what happens when you receive a data deletion request?
The good news is that WordPress has a built-in Erase Personal Data tool. Just head over to Tools » Erase Personal Data to access it.
In the ‘Username or email address’ field, type in the user’s information you want to remove.
This tool even includes a ‘Send personal data erasure confirmation email’ setting, which lets the user know when you have completed their request.
Handle Data Access Requests Efficiently
Users should be able to request a copy of all the personal information you’ve collected about them. Thankfully, you can handle this in much the same way as the data deletion requests we just covered.
To start, you can add a dedicated form to your site using WPForms. Once again, WPForms makes things very straightforward by offering a ready-made Data Request template.
This template is designed to gather all the information you need to fulfill the user’s request efficiently.
After adding this form to your site, WPForms will automatically log and display all these requests directly in your WordPress dashboard. This makes it easy to identify data access requests as they come in, so you can act on them quickly.
Once again, to see these submissions, go to WPForms » Entries. Here, select your data request form.
You’ll now see all the entries for this form.
You’ll also be happy to learn that WordPress has a built-in Export Personal Data tool. You can use this tool to export all the known data for any user, conveniently packaged as a .zip file.
To create this .zip, simply head over to Tools » Export Personal Data.
You can now type in the person’s username or email address to find the correct record.
Then, simply share the .zip file with the person who made the request.
WordPress and CCPA Compliance: FAQs
Online privacy is a serious topic, so I’m not surprised if you still have some questions about CCPA compliance and how it affects your WordPress website.
In this section, I’ll cover the most frequently asked questions WPBeginner gets on this topic and offer some straightforward, practical advice.
How does CCPA affect how I use cookies on my WordPress website?
To comply with CCPA, you must clearly tell visitors how your site uses cookies for tracking.
It’s also important to remember that the CCPA generally takes an opt-out approach to cookies, rather than an opt-in one. This means you can still use cookies by default, but you must allow visitors to opt out if they choose.
The CCPA also gives users the right to opt out of their personal information being sold and shared.
The issue is that the definition of ‘sale or sharing’ is very broad, and may include data your website makes available to other companies via cookies. Targeted ads are a perfect example of this.
So, if your cookies might lead to the ‘sale or sharing’ of data, then it’s even more important to offer a clear and easy way for visitors to opt out.
What happens if I fail to comply with CCPA?
Non-compliance can lead to serious consequences for your WordPress site and business. You might face big financial penalties, with fines going up to $7,500 for each intentional violation.
Even if you breach the CCPA by mistake, you can still be fined up to $2,500 per incident. These fines can add up very quickly, especially if the violation affects many users.
In addition to fines, breaching the CCPA can damage your reputation.
In today’s digital world, users care deeply about their privacy. If your audience thinks you don’t care about their privacy, then they’ll lose trust in your brand, and you’ll struggle to grow your online business.
How often should I review my CCPA compliance?
Every website is different, but I generally recommend reviewing your CCPA compliance at least once per year.
It’s also really important to review your compliance every time you make big changes to how you handle user data.
Additional Resources
Staying informed and proactive is essential for maintaining CCPA compliance on your WordPress site.
The following resources offer valuable insights and practical tools to help you keep up with evolving privacy regulations and best practices:
Official CCPA Website – Get the latest documentation and updates about the CCPA directly from the California Attorney General’s office.
Login
