There are many General Data Protection Regulation (GDPR) modules for Drupal. Such modules control one or more of the following functions to meet GDPR requirements:
- How, when, and what cookies are stored within a user’s web browser
- Whether user IP addresses are stored in web analytics software
- Customized banners for opting in and out with tracking
- Install the EU Cookie Compliance Module
- Configure GDPR Compliance in Drupal
Install the EU Cookie Compliance Module
This is the easiest method to install the GDPR compliance Drupal module.
- Log into Drupal.
- Install the Drupal module using the EU Cookie Compliance (GDPR Compliance) download link.
- Click Enable newly added modules.
- Under User Interface, check the box beside EU Cookie Compliance.
- At the bottom, select Install.
Configure GDPR Compliance in Drupal
- At the top of the Drupal administrator dashboard, select Configuration.
- Under System, select EU Cookie Compliance.
- You’ll see two sections for the Drupal module: Settings and Categories.
Settings for GDPR Compliance in Drupal
Permissions: There are two checkboxes for you to select whether to display the banner for every Anonymous user and/or Authenticated user.
Consent for Processing of Personal Information: There are five consent methods for handling user activity:
- Consent by default with no option to opt out. This method is not GDPR compliant.
- Opt-in is the default option and GDPR compliant. Visitors aren’t tracked unless they select the Agree button.
- Opt-in with categories is the second of two GDPR compliant options. Selecting this allows users to opt-in to cookie categories configured in the module’s Categories section.
- Opt-out tracks visitors by default, unless they opt out. Keep in mind, many users assume they’re not being tracked unless they agree. Therefore, it would be beneficial to state you’re using this method in your consent banner.
- Automatic respects the Do Not Track (DNT) web browser setting if enabled. This combines opt-in when DNT is enabled with Consent by default when DNT is disabled.
Your selected consent option determines which sections show below.
Select the popup info template for ‘default by consent’ option: The first option shows a More info button beside the Accept button on the right. The second option shows a More info link on the left after other text.
Cookie categories: This option is specific to websites that opt users in with categories. Here you can change the labels for the Save preferences and Accept all categories buttons.
Cookie Handling: This option applies to opt-in or opt-out consent options. You can enable the automatic-removal (every few seconds) of certain cookies when consent isn’t given and list ones to allow.
Store Record of Consent: Decide whether to store data to remember which users consent to tracking.
Withdraw Consent: Show a privacy settings tab for a banner allowing you to withdraw consent. You can choose to show the tab after consent is withdrawn and edit the tab and withdraw buttons.
Appearance: Customize the position (top or bottom), color, height, and width.
EU Countries: This section explains how to only show the banner to visitors in Europe. Many businesses decide not to do this so all clients benefit from the new expectations for online privacy and cybersecurity.
Advanced: This last section includes various settings controlling how the banner works including when the banner doesn’t show and cookie lifetime.
Cookie Categories for GDPR Compliance in Drupal
If you selected the Opt-in with categories setting, this is where you’ll create cookie categories.
- Select Add cookie category.
- On the next page, type an easily understood label for the category with a sentence or two summarizing them.
- Afterwards, specify whether the category is checked or unchecked by default.
- After you save changes, you can drag and drop categories to your preferred order.
Learn more about Drupal security with our Drupal Education Channel.