Skip to content

The Complete WordPress GDPR Guide: What Does the New Data Regulation Mean for Your Website, Business and Data?

TL;DR: The GDPR is a new regulation by the EU. It changes a lot regarding how each and every WordPress site goes about doing their business. Even non EU-based sites and businesses are affected. You have less than a year to make your WordPress GDPR compliant. Else you’re facing serious fines – up to € 20 million, or more, believe it or not.

On 25th May 2018, the GDPR (General Data Protection Regulation) enacted by the EU will come into effect. Is your website running on WordPress GDPR compliant? What are the steps that you must take when making your WordPress website to ensure that you follow the guidelines? What if you neglect this?

This post will help you in your endeavor to be ready when the regulation kicks in.

  • First, we’re going to talk in detail about the GDPR guidelines, the specific areas of your business that the guidelines affect, and why you should be concerned about WordPress GDPR compliance.
  • Next, we will cover the basics of making a WordPress site complaint with the guidelines.
  • Finally, we will discuss the implications of the use of plugins on your WordPress site and how your GDPR compliance might be affected.

What is GDPR?

Disclaimer. This post is not legal advice. We’re not lawyers.

GDPR stands for General Data Protection Regulation and it is a new data protection law in the EU, which comes into force in May 2018.

The aim of the GDPR is to give citizens of the EU control over their personal data and change the approach of organizations across the world towards data privacy.

The GDPR provides much stronger rules than existing laws and is much more restrictive than the “EU cookie law.”

For instance, users must confirm that their data can be collected, there must a clear privacy policy showing what data is going to be stored, how it is going to be used, and provide the user a right to withdraw the consent to the use of personal data (consequently deleting the data), if required.

The GDPR applies to data collected about EU citizens from anywhere in the world. As a consequence, a website with any EU visitors or customers must comply with the GDPR, which means virtually all businesses that want to sell products or services to the European market.

To better understand the regulation, take a look at the publication of the regulations in the Official Journal of the European Union, which defines all terms related to the law. There are two main aspects of the GDPR: “personal data” and “processing of personal data.”

Here’s how GDPR relates to running a WordPress site

  • personal data pertains to “any information relating to an identified or identifiable natural person” – like name, email, address or even an IP address; it is better to think that any piece of data can be considered personal data,
  • whereas processing of personal data refers to “any operation or set of operations which is performed on personal data”. Therefore, a simple operation of storing an IP address on your web server logs constitutes processing of personal data of a user.

Should GDPR be taken seriously?

Webmasters have time until May 2018 to comply with the regulations set by the GDPR. The penalty for non compliance can be up to € 20 million, or in the case of an undertaking, up to 4% of the total worldwide annual turnover of the preceding financial year, whichever is higher.

There are various slabs of penalties according to the seriousness of the breach, which have been described in the FAQ section of the GDPR portal.

Such a high amount in penalties has been proposed to increase compliance. However, one may wonder what steps for the supervision of websites are in place. Supervisory Authorities (SA) of different member states are going to be set up, with the full support of the law. Each member state may have multiple SAs, depending on the constitutional, administrative and organizational structures. There are various powers that SAs will have:

  • carry out audits on websites,
  • issue warnings for non-compliance,
  • issue corrective measures to be followed with deadlines.

SAs have both investigative and corrective powers to check compliance with the law and suggest changes to be compliant.

It is too early to speculate how SAs of various member states would interlink and work together, but one aspect is clear; SAs would enjoy considerable power to enforce the GDPR guidelines.

Six months after the guidelines were released, PwC surveyed 200 CXOs of large US firms to assess the impact of the GDPR guidelines. The results revealed that a majority of the firms had taken up the GDPR guidelines as their top data protection priority, with 76% of them prepared to spend in excess of $1 million on GDPR. This shows that owing to a substantial presence in the EU, large corporations are taking up the GDPR compliance seriously.

(Charts by Visualizer Lite.)

The details of your WordPress GDPR compliance

Okay, so with all the official information out of the way, let’s take a moment to talk about how to make sure that your website is compliant and that you won’t experience any WordPress GDPR problems.

Before you move on to each of the aspects and how to comply with them, a security audit on your WordPress site should, in general, reveal how data is being processed and stored on your servers, and steps that are required to comply with the GDPR. The Security Audit Log plugin can help you perform a security audit on your website.

Some usual ways in which a standard WordPress site might collect user data:

  • user registrations,
  • comments,
  • contact form entries,
  • analytics and traffic log solutions,
  • any other logging tools and plugins,
  • security tools and plugins.

Here are some key aspects of the WordPress GDPR that users need to take care of:

(a) Breach notification

Under the GDPR compliance, if your website is experiencing a data breach of any kind, that breach needs to be communicated to your users.

A data breach may result in a risk for the rights and freedoms of individuals, due to which notifying users in a timely manner becomes necessary. Under the GDPR, a notification must be sent within 72 hours of first becoming aware of a breach. Data processors are also required to notify users as well as the data controllers, immediately after first becoming aware of a data breach.

In a WordPress scenario, if you notice a data breach, you would need to notify all those affected by the breach within this designated time frame. However, the complexity here is the definition of the term “user” – it may constitute regular website users, contact form entries, and potentially even commenters.

This clause of the GDPR thus creates a legal requirement to assess and monitor the security of your website. The ideal way is to monitor web traffic and web server logs, but a practical option is to use the Wordfence plugin with notifications turned on. In general, this clause encourages one to use the best security practices available to ensure data breaches do not occur.

(b) Data collection, processing and storage

Three elements of this: Right to Access, Right to Be Forgotten and Data Portability.

  • The right to access provides users with complete transparency in data processing and storage – what data points are being collected, where are these data points being processed and stored, and the reason behind the collection, processing, and storage of the data. Users will also have to be provided a copy of their data.
  • The right to be forgotten gives users an option to erase personal data, and stop further collection and processing of the data. This process involves the user withdrawing consent for their personal data to be used.
  • The data portability clause of the GDPR provides users a right to download their personal data, for which they have previously given consent, and further transmit that data to a different controller.

Privacy by design encourages controllers to enforce data policies which enable the processing and storage of only that data which is absolutely necessary. This encourages site owners and controllers to adopt potentially safer policies for data, by limiting the access to a number of data points.

As a WordPress site owner, you first need to publish a detailed policy on which personal data points you’re using, how they are being processed and stored.

Next, you need to have a setup to provide users with a copy of their data. This is perhaps the most difficult part of the process. However, we can assume that when the time comes, most plugin developers or tool developers – for the tools and plugins that you have on your site – will have already come forward with their own solutions to this.

It is still advised, however, to have a system in place to derive the required data out of your database.

Further, it may be wise to avoid data storage altogether in certain cases. For instance, contact forms could be set up to directly forward all communication to your email address instead of storing them anywhere on the web server.

(c) Use of plugins – implications of WordPress GDPR compliance

Any plugins that you use will also need to comply with the GDPR rules. As a site owner, it is still your responsibility, though, to make sure that every plugin can export/provide/erase user data it collects in compliance with the GDPR rules.

This can still mean some tough times for some of the most popular plugins out there. For instance, solutions like Gravity Forms or Jetpack have a lot of modules that collect user data by nature. How are those tools going to comply with the GDPR exactly?

For plugins too, the same rules apply, although they must be approached from the point of view of the WordPress site owner. Each plugin needs to establish a data flow and inform about the processing of personal data. If you are the developer of a plugin, consider providing users of your plugin an addendum that they may add to their website’s terms in order to make them GDPR compliant. Gravity Forms, for instance, needs to let the user know how personal data being filled in a contact form is going to be published, and an option to get it removed, if necessary.


Although there has been no official communication from the popular WordPress plugin developers, Jetpack’s Twitter handle has confirmed that they are preparing for the GDPR, and further updates would appear in their new privacy-related features.

No other plugin seems to have released any statements related to this yet.

Also, here’s a short comment from our own Ionut Neagu – CEO of Themeisle and the person in charge of all the plugins available under ThemeIsle’s and Revive.Social’s brands:

Ionut Neagu

Ionut Neagu
GDPR looks like a really big change that we should all treat very seriously and look for solutions. If there’s one thing we learned from VAT, it’s that the EU is quite serious about those things. They keep introducing more and more regulations and then put new mechanisms in place to enforce them. Those 4% fines aren’t looking good.

Also, some tools that sit seemingly outside of your WordPress website will see the impact of this too. Take, email marketing tools, for example. It’s a common practice to have those integrated with your WordPress website and to send promotional emails based on a list of email addresses. Depending on how you run your newsletters/lists, those addresses might not have been obtained by getting explicit consent from users.

For instance, a checkbox that’s selected by default would count as a violation. Under the GDPR, everything that’s part of your online presence as a business will need to explicitly collect consent and have a privacy policy in place. There are other implications too – if you wish to buy a mailing list, you would be sending emails illegally to the recipients, since no one explicitly asked to receive emails from you.

Although the final responsibility lies with the site owner, WordPress itself may have to look into its processes to become compliant as well. As of May 2018, there is a privacy and maintenance release that introduced new tools to the core.

Sure, just updating your WordPress website solves only part of the problem. Being compliant is more than just fixing your site. You need to implement data protection policies for the entire organization. This regulation is not meant to be online-exclusive.

Here are the steps we consider essential for GDPR compliance:

  • Know the key concepts and articles regarding GDPR
  • What to do for GDPR compliance before May 25th
  • GDPR compliance steps to take after the deadline
  • Website adjustments
  • Other GDPR compliance issues to consider
  • Monitor and audit

Learn about them all here.

You may also be interested in:

Final thoughts

To sum up what it means to make WordPress GDPR compliant:

  • the law comes into effect in May 2018,
  • it applies to any website that deals with personal information of EU users,
  • it gives the user the right to control the flow of their personal information,
  • there are defined processes to monitor compliance and huge fines are in place for non-compliance.

In a nutshell, to make your WordPress GDPR compliant, you should (1) look into all the different ways in which you’re collecting visitor data. Next, (2) put mechanisms in place to make sure that users can control their data. Additionally, (3) it’s probably a good idea to avoid collecting user data where it’s not necessary (like the contact form example from above). And most importantly of all, (4) even if you’re using third-party tools and solutions, you still need to make sure that those are GDPR compliant as well.

If you don’t have all of the above taken care of by May 2018, trouble.


Nonetheless, the GDPR regulation is the right step in ensuring transparency in handling of data. Although this post has covered the basics of GDPR, you may want to go through the regulation in detail if you have a profitable business running behind your WordPress website. Remember, not complying can result in administrative fines up to € 20 million, or in the case of an undertaking, up to 4% of the total worldwide annual turnover of the preceding financial year, whichever is higher.

Don’t forget to join our free crash course on speeding up your WordPress site. With some simple fixes, you can reduce your loading time by even 50-80%:

Layout and presentation by Karol K.

Yay! 🎉 You made it to the end of the article!
Shaumik Daityari

Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Karen Mas
May 14, 2018 9:54 am

I’ve only just found out about this new GDPR law. I only have a WordPress blog (cookery and handicrafts). It’s not a business, just a hobby. I have very few followers (around 45), even after having set up my blog 4-5yrs ago. Do I also have to advise my followers about this? I don’t think so, but – just in case!

May 8, 2018 10:09 am

Thanks for this article. One thing that’s missing though is this cookie compliance part. I’ve been reading a bit about that and basically shouldn’t we be allowing users to opt-in for cookies too? It seems bloody nuts, but there you have it. There’s a couple of paid plugins cashing in on this as well. I’m just wondering whether it’s really necessary to have big ugly confusing cookie opt-in’s everywhere just because I want to use Analytics.. any thoughts?

Arjun Chatterjee
May 8, 2018 7:27 am

One interesting thing about the GDPR is that it makes running a service using advertising illegal. If you go check article 29 working group, they have guidance on consent. A party is said to not give consent freely when the service they are signing up makes allowing personal advertising a pre-condition. I.e – Facebook now has to introduce a paid service in order to be able to continue with its ad supported free service. I feel that it is a gross intrusion of privacy by the EU and should be contested in court. Essentially, they are saying, a person cannot make a contract with another party to allow them to track their personal data (even if he/she chooses) to gain access to a service or product which is free. This is not about data protection at all, it is about the free availability of information hindering something.

May 7, 2018 3:54 pm

Question. You said that «if you wish to buy a mailing list, you would be sending emails illegally to the recipients, since no one explicitly asked to receive emails from you.» OK. But how we can ask for that permission if we cannot send emails?

May 21, 2018 2:05 pm
Reply to  dejudicibus

Im EU GDPR certified and was interested in the new regulation from BA point of view. You cannot send emails without an unambiguous consent given by your users. So firstly you must define the purpose for collecting the data and than ask the users to opt in (given by choice) for each segment of the service you wish to offer and opt out which should be mandatory. So the site should clearly state “would you like to receive our newsletter” for ex. You may have users who would be happy to visit the site to comment on it but not to receive newsletter…that’s how it should work. Another ex. the statement of this site “by signing up you agree to the basic rules, Terms of service and privacy policy….is not EU GDPR compliant.

Paranoid Privacy Campaigner
May 3, 2018 1:36 pm

Okay, I do not want to sell to European citizens, I just have a site that sells a product to anyone who wants to buy. It’s a problem of EU and its citizens to find and “obscure” it, isn’t it? How can they punish me with fines in any way? What for? For having a product and a site? I am shocked myself to tell this, but China looks more sane when blocking the “digital presence” of the West from their citizens because other countries owe nothing to China and and should not obey its laws.

jayremie diaz
May 2, 2018 11:02 am

I have wordpress site but I don’t collect data from visitors. They only subscribe in receiving emails containing my posts. Should I make my wordpress site (which runs on free mode) GDPR compliant?

Kristaps Horns
May 2, 2018 1:12 pm
Reply to  jayremie diaz

Yes. In a simple use case of using feeds etc. I think WordPress core team is already working on a built in solution. In terms of subscriptions and forms I can recommend Gravity forms which also has been working on the GDPR implementation in their product. If you use a third party subscription plugin they will most likely provide an update to support the new law.

May 4, 2018 4:07 pm
Reply to  jayremie diaz

You’ve answered your own question. “They […] subscribe in receiving emails […]”. By subscribing, your visitors are providing you with access to their personal data (email address), which you are consequently collecting. I would definitely call that procedure *collection of data*.

jayremie diaz
May 4, 2018 5:26 pm
Reply to  Dan

actually, wordpress does collect the email addresses and they already opted in to receive emails.

May 4, 2018 9:37 pm
Reply to  jayremie diaz

Nevertheless, the visitors are visiting *your* website. That makes *you* responsible for making sure the website is GDPR compliant. Besides, the fact that the visitors have already opted in to receive emails is hardly an excuse for you not to abide to the rule by offering them the capability of knowing exactly what kind of info you’re collecting, and exactly what you’re using it for. No offense, but instead of trying to find ways to avoid abiding to the regulations, ask yourself what can be done so that your website is offering the visitors the three rights: Right to Access, Right to Be Forgotten and Data Portability.

Michael Ligot
May 1, 2018 9:25 pm

We have a small online webstore in the US, and get maybe single digit EU customers a year. We just use their information for shipping customer purchases, no mailing lists, Google Ads or whatever (it’s a side business). Are we pretty much compliant with GDPR as long as we don’t do any marketing to the EU area?

Kristaps Horns
May 2, 2018 1:13 pm
Reply to  Michael Ligot

I would disable EU countries from the list of countries that can purchase (checkout form) just to be on the safe side.

May 4, 2018 4:46 pm
Reply to  Michael Ligot

You *are* collecting and processing personal data, regardless of what you’re using it for. That makes your ecommerce website non-compliant, unless, of course, you change that by adhering to the GDPR laws.

April 30, 2018 5:12 pm

no it’s not.

April 30, 2018 6:08 pm
Reply to  callmeisaac

Excuse me, there ARE bilateral agreements between the US and EU so there are going to be enforcements processes.
I am not referring to the US. How about Cambodia for example?

Barbarella Buchner
April 30, 2018 6:10 pm
Reply to  callmeisaac

Exactly my point, no misunderstanding. Why make a definite statement like this “They don’t have jurisdiction outside the EU unless there are bilateral agreements” when you don’t exactly know whether it is true?

April 30, 2018 6:12 pm

what’s true? I was speaking generally about any country, not one country in specific. And I am correct.

Barbarella Buchner
April 21, 2018 12:14 am

I have 40+ websites I either run or maintain. I have 2 questions:
1. What if I got rid of all the contact forms and plugins and simply use an email address that people click on to contact someone? Would that qualify as not collecting data?
2. What about sites that are behind a “password protected” screen, i.e. private sites? Do they still need to be made compliant too?

Kristaps Horns
April 30, 2018 4:50 pm

1. No. It still would be collecting data. Email is personal data.
2. Yes.

Barbarella Buchner
April 30, 2018 5:51 pm
Reply to  Kristaps Horns

Thanks for your reply. Regarding point 2, but how would any authority be able to check if the site is hidden behind a password protect box? Or would they seriously be going to hack the site to see what’s behind it?

Kristaps Horns
April 30, 2018 5:58 pm

Eu nationals gain a right, under GDPR regime, to gain access to a copy of their personal data stored by any processor. It is essentially via this mechanism that a person can discover that company is not compliant with the GDPR, in which case they can notify their national personal data protection agency, which will initiate a process after which you might be held responsible. It is, therefore, not the agency itself that will proactively go and scout all the off-internet sites, but its private individuals under GDPR regime that have a right to “initiate” process against you.

Barbarella Buchner
April 30, 2018 6:03 pm
Reply to  Kristaps Horns

Maybe I need to ask my questions in a different way. We have 5 or so sites that are behind a password protected screen, because we have not made them “live”, and they have been that way for about a year and this is not likely to change any time soon. Basically, they are unfinished sites that need work, but when that work is being done (if at all) depends on my client. There are no user registrations or mailing lists or anything. Yes, there are contact forms, but not that anybody would use them because the sites are not visible to anyone to actually enter. Does this *still* mean that they have to be made compliant? Because if not, I could save myself a small chunk of work…

Kristaps Horns
May 1, 2018 1:13 am

No, if they do not collect data of any actual living EU citizens, then you should not have a problem.

Barbarella Buchner
May 1, 2018 11:38 am
Reply to  Kristaps Horns

Thanks. That’s a few sites down on my list then! 😉

Rising Goat
May 7, 2018 3:57 pm
Reply to  Kristaps Horns

“1. What if I got rid of all the contact forms and plugins and simply use an email address that people click on to contact someone? Would that qualify as not collecting data?” I don’t see how this can qualify as data collection in any manner, Kristaps. If I publish my own email address on my site and someone clicks on it or copy it and, then, they send me an email, I am NOT collecting personal information at all. Excuse me but it does nor make sense at all. On the other hand, if you use a contact form it would also be arguable it qualifies too. It totally depends. For example, if I use the contact form to save the information entered by the visitor, then it would qualify. However, if I just use the form to pass the data to a server side script that sends (but not saves) that information to the SMTP server, then there is not data collection at all, as you are simply acting as an email client. If for any reason this law understand this last case as data collection, then I strongly believe they are wrong. In any case, I miss… Read more »

Barbarella Buchner
May 7, 2018 4:24 pm
Reply to  Rising Goat

“1. What if I got rid of all the contact forms and plugins and simply use an email address that people click on to contact someone? Would that qualify as not collecting data?”
I don’t see how this can qualify as data collection in any manner, Kristaps. If I publish my own email address on my site and someone clicks on it or copy it and, then, they send me an email, I am NOT collecting personal information at all. Excuse me but it does nor make sense at all.”
That was exactly my thoughts!!!!! I mean, they are contacting ME, not me contacting THEM. Otherwise, hey, would the law not then need to also extend to your friends (or anyone for that matter) emailing you and you emailing them, if the above scenario is included in the new law?

Kristaps Horns
May 7, 2018 5:05 pm

While the use cases you both have described are reasonable, there are still a number of genuine reasons why they are not wholly excluded from the scope of the Regulation. At the end of the day you still perform processing of personal information. Please note that this only applies to individuals, and not legal personas or business representatives in their official capacity. There are 2 general exceptions that would apply, however, they would not completely exclude you from the applicability of GDPR, but would instead change the scope of its applicability. Under the “legitimate interest” consent exception you can assume that consent is given and that you can lawfully process the email address in order to return a question from your client. It is possible to put most everyday business interactions under the “legitimate interest” basis, but that does not really help you long term when it comes to other concepts under the GDPR. In terms of processing email with forms and other methods, it is not exactly true, that there is no personal data stored. Even when you forward the data from the form to an SMTP server, it is usually both the server logs (depending on the application,… Read more »

Kristaps Horns
May 7, 2018 5:08 pm
Reply to  Rising Goat

“I don’t see how this can qualify as data collection in any manner, Kristaps.”
GDPR art. 4 (1) – ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
GDPR art. 4 (2) – ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

Barbarella Buchner
May 7, 2018 5:59 pm
Reply to  Kristaps Horns

But what, for example, if someone had an email like That, in my view, is not something that could identify anyone as an “identifiable natural person”, or could it?

Matt Scheurich
April 2, 2018 12:08 pm

Woe is me to wade into a debate with someone whose name is “Teabagger Blaster”. I totally get where you’re coming from, but I feel you’re seeing it from a “top down” rather than “bottom up” perspective (maybe it’s natural being a teabagger that you’d only consider the “top down” important!). I’m more for individual rights than for corporate rights. I see the GDPR being a great protection of individual rights which also benefits more people in society than just the people that make money.
There are plenty free ways to get legal consent and to manage expectations and data with regards to security and privacy. You’re probably right to say there’s not a “single example of 100% compliance online anywhere” because GDPR doesn’t come into effect until May! Only after then will we find out how it works in practice and there will probably be plenty ways in which it will change and develop to cover all use cases.
As long as you’re not abusing people’s PII (i.e. spam), only collecting what you need, and being conscious, careful and secure of its storage, processing and distribution then you should have nothing to worry about as a small business.

Sean Owens
March 28, 2018 12:38 pm

There is an excellent plugin that looks after right to be forgotten and SAR’s automatically for your wordpress site, works with all plugins.

March 22, 2018 6:36 pm

Very nice article! A good free plugin is , it already creates a data register where your users can access, download , delete their personal data.

Lewis Cowles
March 15, 2018 10:30 am

What Alex means is that it’s not something that can be fixed turnkey. It will matter just as much the client-side technologies you use as the back-end server side solutions.

Lewis Cowles
March 15, 2018 10:29 am

It varies by how complex your website is. If you have a standard 5-page then they are taking the mick. If you have a CRM, e-commerce, use analytics they are probably insulating you from their full costs.

Jakub Blažej
January 10, 2018 9:58 pm

That seems quite too much to me, if you have only info website with no comments and such.

February 6, 2018 1:28 pm
Reply to  Jakub Blažej

That’s nothing, some devs are chargin thousands for this. Exp[ect to pay between £500 and £2000 depending on your setup. It’s not just 5 minutes work, there is a lot to put into making sure things are compliant and you don’t get fined.

Or start the conversation in our Facebook group for WordPress professionals. Find answers, share tips, and get help from other WordPress experts. Join now (it’s free)!

Would love your thoughts, please comment.x

Most Searched Articles

Best JavaScript Libraries and Frameworks: Try These 14 in 2024

In this post, we look at the best JavaScript libraries and frameworks to try out this year. Why? Well, with JavaScript being available in every web browser, this makes it the most accessible programming language of ...

20 Best Free WordPress Themes for 2024 (Responsive, Mobile-Ready, Beautiful)

If you're looking for only the best free WordPress themes in the market for this year, then you're in the right place. We have more than enough such themes for you right ...

12 Best WordPress Hosting Providers of 2024 Compared and Tested

Looking for the best WordPress hosting that you can actually afford? We did the testing for you. Here are 10+ best hosts on the market ...

Handpicked Articles

How to Make a WordPress Website: Ultimate Guide for All Users – Beginners, Intermediate, Advanced

Many people wonder how to make a WordPress website. They’ve heard about WordPress, its incredible popularity, excellent features and designs, and now they want to join the pack and build a WordPress website of their own. So, where does one get ...

How to Start an Ecommerce Business: Ultimate Guide for 2024

Is this going to be the year you learn how to start an eCommerce business from scratch? You’re certainly in the right place! This guide will give you a roadmap to getting from 0 to a fully functional eCommerce business. ...