I am not a lawyer, so please note that the below observations should not be interpreted as legal advice. That said, I'm going to do my best to spell out some of the key GDPR issues facing Squarespace and Wix site owners below.
Business and website owners now have a lot of additional legal responsibilities as a result of the GDPR (General Data Protection Regulation) rules introduced by the EU last year.
There are many legal steps that the GDPR requires business owners to take to ensure compliance, and fairly serious penalties for not doing so (to the point where it's a good idea to consult a lawyer about precisely what to do!), but the key ones for prospective Squarespace and Wix users are probably as follows:
Display adequate privacy and cookie notices on your website
Process and store data securely
Get explicit consent from people signing up to mailing lists that it is okay to send them e-newsletters
Provide a means to opt in or revoke consent to use of non-essential cookies on a website (and to log that consent).
Now, meeting the first three requirements with either Squarespace or Wix is fairly straightforward (although you will have a bit of work to do in terms of creating GDPR-compliant privacy policies and data capture forms).
Meeting the fourth requirement however is much harder, and in my view Squarespace and Wix should be doing more to assist their customers to meet this GDPR obligation.
Basically, whenever you use non-essential cookies on your website — for example by adding a Facebook Ads pixel or a Google Analytics script to it — you are legally obliged to give EU visitors to your website the option to switch these off BEFORE they continue to browse your site (even if your site is based outside of the EU).
You are also obliged to log EU users' consent to cookies being used, and give them the option to revoke that consent at a later stage. Cookie banners are usually used to facilitate this, but the old 'By using this site you are consenting to cookie usage...' statement on a banner is not good enough anymore — you need something far more sophisticated.
Now, out of the box there is no way to facilitate this kind of GDPR cookie consent for third party scripts on either Wix or Squarespace, meaning that many (if not the vast majority of) Squarespace and Wix users end up breaking the law as soon as they add a non-essential cookie to their website.
To get around this problem, you will need to either:
code something yourself
make use of a third party solution.
It’s probably fair to say that most Wix and Squarespace users are likely to plump for the second option. There are a few of these available — we use OneTrust’s CookiePro product when creating Squarespace sites for our clients.
It’s a bit of a time-consuming thing to set up, and a slightly complex process is involved, but CookiePro works nicely — for a full overview of the steps involved with setting it up for Squarespace, check out our guide on how to add a GDPR-compliant cookie banner to a Squarespace site (we don’t have an equivalent guide available yet for Wix, but you can expect a similar process).
The bottom line on GDPR is this: you can make a Wix or Squarespace site GDPR-compliant, but it will involve some work (and ongoing fees, if you're using a third party cookie banner solution).