PrivacyProof · WooCommerce

GDPR privacy & cookie consent for WooCommerce sellers: do the rules apply to you?

GDPR + the cookie rules require a clear privacy policy, lawful opt-in for non-essential cookies, and a way for people to exercise their data rights. Check yours in 60 seconds.

In force EU rules WooCommerce

How GDPR privacy & cookie consent works on WooCommerce

WooCommerce is self-hosted, so almost nothing is handled for you — you own the stack, the data, and therefore the compliance. That's more control and more responsibility than a hosted marketplace.

📦 On WooCommerce: Because you self-host, every EU obligation that touches data, checkout or disclosures sits with you; no marketplace is absorbing any of it. What WooCommerce handles: Plugins can add a cookie banner and data tools, but installing and configuring them correctly is on you — WooCommerce ships nothing compliant by default.

Does this apply to you?

This rule applies to WooCommerce sellers who collect personal data from visitors in the EU or UK. Collect data from EU/UK visitors? Check your privacy policy, cookie consent, and data-rights handling. Not sure? The free checker tells you in about a minute — no signup.

The WooCommerce checklist

Whatever the platform handles, you still need to be able to answer "yes" to each of these — these are the points WooCommerce sellers most often get caught on:

Do you have a published privacy policy?
Non-essential cookies (analytics/ads) load…
Can visitors reject cookies as easily as accept?
Is there a route to access/delete/correct data?
Do you state a lawful basis for processing?
Do you disclose third parties / processors?
Is there a privacy contact (and EU/UK rep if needed)?

What's at stake

⚠️ Exposure: up to €20M or 4% of global turnover (Art. 83) · Status: In force. On WooCommerce, that's on top of any account suspension for breaking platform policy.

Compare the penalty for every rule →

Common questions

Do I have to handle gDPR privacy & cookie consent myself on WooCommerce, or does WooCommerce cover it?

Plugins can add a cookie banner and data tools, but installing and configuring them correctly is on you — WooCommerce ships nothing compliant by default.

Do I need a cookie consent banner?

If you serve EU/UK visitors and use any non-essential cookies (analytics, advertising), yes — they must load only after the visitor opts in, with a Reject option as easy as Accept.

What must a GDPR privacy policy include?

What data you collect, why, the lawful basis, who you share it with, how long you keep it, international transfers, and how to exercise data rights — in plain language, available at collection.

What are the GDPR fines?

Up to €20 million or 4% of global annual turnover, whichever is higher — plus regulator orders and reputational damage.

The source

RuleGoose checks this against the EU GDPR (Reg. (EU) 2016/679), UK GDPR + ePrivacy/cookie rules. Read it yourself: EUR-Lex — Regulation (EU) 2016/679 →

Check your WooCommerce store against GDPR privacy & cookie consent — free.
Answer a few questions, see exactly where you're exposed, and draft the fix. No signup, runs in your browser. Run the PrivacyProof checker →

or get one RuleGoose Score across every rule your WooCommerce store has to meet.

The full WooCommerce picture

GDPR privacy & cookie consent is one of several rules a WooCommerce store has to meet. See the full WooCommerce compliance checklist →, or read the platform-neutral GDPR privacy & cookie consent guide.

Same rule, other platforms

GDPR privacy & cookie consent on Shopify → GDPR privacy & cookie consent on Etsy → GDPR privacy & cookie consent on Amazon → GDPR privacy & cookie consent on eBay → GDPR privacy & cookie consent on TikTok Shop →

Informational only, not legal advice, and not affiliated with the EU or WooCommerce. Last reviewed 2026-06-30.