Preparing Your Wix Site for GDPR

6 min read

About GDPR

The General Data Protection Regulation (GDPR) - which came into force on May 25th, 2018 - aims to protect the fundamental right to privacy and the protection of the personal data of European Union (EU) citizens. 
This regulation affects any entity (including websites) that processes EU citizens' personal data. Whether or not you, or your business, is located in the EU; if you have EU site visitors or, if your marketing campaigns target EU citizens, this affects you. 
As stated in our Terms of Use, it is your responsibility to ensure that Wix services are permitted and abiding by local laws. Any information contained herein is not legal advice and you should not rely upon it as such. GDPR can require several actions from site-owners, depending on how you plan to use site-visitors’ data. If you are uncertain about your responsibilities, it is always wise to get legal advice from an expert. 

Building a GDPR-Compliant Website with Wix

You can build a GDPR-compliant website at Wix. Be aware that there are steps you must take to ensure your site is GDPR-compliant. 
Wix is a DIY (do-it-yourself) platform. We aim to make it easy to use our platform to comply with privacy and data protection laws like the GDPR. Wix provides you with specific tools to help you give your site visitors control over their personal data. These tools implement technical and security measures to ensure that your customers’ personal data is protected as it crosses borders.

Helping Your Wix Site Meet GDPR Requirements

Use the following information and recommendations to prepare your site for GDPR:

Create a Privacy Policy

Transparency and communication with your site-visitors are key elements of the GDPR. As part of the regulation, you must let your site-visitors know how you collect, store and use their data - in a clear and transparent way. In addition, you must comply with your site-visitors' requests to receive a copy of their data that is processed on your site.
A privacy policy is a statement that discloses the ways in which your website gathers, uses, discloses and manages your site-visitors' data. Wix cannot provide you with legal advice on how to write a privacy policy. However, we do recommend that you maintain a clear and comprehensive privacy policy for your website, in accordance with both GDPR and local privacy regulations. Learn how to create a Privacy Policy.
For information on how Wix handles your site-visitors' data, please review sections 4, 12, and 13 of Wix's Privacy Policy

About Data Storage and Data Transfers

Wix can store your site-visitors' data in a number of locations.
Your site-visitors ́ personal information may be stored in data centers located in the United States of America, Ireland, South Korea, Taiwan and Israel. We may use other jurisdictions as necessary for the proper delivery of our services and/or as may be required by law.
Wix is a global company that respects the laws of the jurisdictions it operates within. The processing of the User Customer Data may take place within the territory of the European Union, Israel or a third country, territory, or one or more specified sectors within that third country, of which, the European Commission has decided that it ensures an adequate level of protection (transfer on the basis of an adequacy decision). 
Any transfer to a third country outside the European Union - which does not ensure an adequate level of protection according to the European Commission - will be undertaken in accordance with the current and updated set of Standard Contractual Clauses, as approved by the European Commission. These terms are set out in the Wix Data Processing Agreement (DPA).
The security of sensitive data is of extreme importance to Wix and we are 100% committed to data protection. See all the security certifications received by

GDPR requires that you get affirmative consent from site visitors before placing non-essential cookies (and similar technologies) on their device.
In general, the cookies which are initially placed on your Wix website may be categorized as essential cookies: security, anti-fraud, and other purposes related to the specific functionality of your service. 
However, our platform gives you the ability to add multiple components, codes, third-party applications...and so on. These apps and integrations make it possible that your website will include other types of cookies which might require affirmative GDPR consent. Learn more about which cookies are placed on your site-visitors' browsers.
You can use the Wix Privacy Center to add a cookie banner to your site. With a cookie banner, your visitors can give their consent to non-essential cookies to be placed on their device. Learn more about Privacy and Cookies.
Recently, the French data authority (CNIL) revised their guidelines on cookies and similar technologies. They state that visitors should be able to refuse non-essential cookies as easily they can give consent. If your site is based in France, or has French site visitors, we recommend that you add a 'Decline All' button to your cookie banner. Learn more.

GDPR establishes ways in which you can lawfully process your site-visitors’ data. Requesting your site-visitors’ consent is just one of the ways to lawfully process data. Sometimes consent will not be the best method for your business.
Choose the best and most appropriate data processing method for your business. If you want to receive 'affirmative consent' from your site-visitors before processing their data, you can do so by:
To ensure regulatory compliance, we recommend reviewing details of the regulation, as well as seeking legal advice.

Email marketing campaigns require consent from your site-visitors. If you're using Wix Email Marketing, MailChimp, or any other email marketing tools, this applies to you.
Consent to receive marketing campaigns can be interpreted and applied in different ways on your site. For example, you can add a disclaimer next to your 'Subscribe' button informing your site-visitors that clicking the button will subscribe them to your marketing campaigns. This is called 'implied consent'. Learn more about GDPR and email marketing.
While it is not obligatory under GDPR when sending marketing emails to your existing customers, you may request 'explicit consent' from your site-visitors before sending them any marketing material. In many cases, this can be accomplished by adding a checkbox next to your 'Subscribe' button, obliging your site-visitors to check-the-box to confirm consent before subscribing. This can be implemented by using any of the following tools:

Ensure Your Third-Party Apps are GDPR-Compliant

As part of the GDPR, you are responsible for any third-party apps or services implemented on your site. These services can include data analytics tools (e.g. Google Analytics, Facebook cetera). 
While reviewing your Wix site for GDPR compliance, make sure that these apps and services are also GDPR compliant. If you're not sure, contact them directly with your questions or concerns. 
Use a cookie banner to inform visitors about the use of non-essential cookies on your site.

Use Wix Tools to Access and Delete Your Site Visitors' Data

In accordance with GDPR, site-visitors have the right to access their data or ‘be forgotten’ (be permanently deleted from your databases). Wix has developed tools to assist you in becoming GDPR compliant:

Did this help?