Business Miscellaneous

A Guide to GDPR: Making your Website GDPR Compliant

Image courtesy of Pixabay

What is GDPR?

GDPR in its essence are rules designed by the EU and aims to help EU citizens have more control over their own data by setting a higher standard for data policies for all companies. The higher standard secures better transparency by simplifying the process and provides a standard of what data can be accessed and held.

All organizations who operate within the EU and that provide their services in the EU are GDPR compliant and must follow the legislation made by the EU. This means that most large-scale companies in the world must be GDPR compliant because of the services they provide to the EU.

A quick checklist for GDPR

To make sure that your website is GDPR compliant we have written a quick checklist to ensure that your website is following GDPR rules.

1. A personal Privacy Policy

Your privacy policy must be unique information that describes you, your company and what kind of work you do. Besides that, it must describe what types of information the website stores and how exactly the website collects these kinds of information. 

All third-party services such as Google Analytics, Facebook pixel, retargeting and tracking tools must be disclosed. This also means the website’s CMS (Content management system), plugins, applications, request forms and such.

Overall, the website must have a privacy policy that is unique to the website and describes all the necessary steps to be GDPR compliant.

2. List of cookies

You must have a list of all the cookies that are collected on your website from users/customers. Besides that, you must create a cookie notification on your website that offers users the ability to read your privacy policy and agree with it. 

The list of cookies helps create transparency and makes it easier for users/customers to know more precisely what data is collected from them.

3. Request forms for users

Your website must contain a user request form that allows the user to either delete or change their data. Before the GDPR, a lot of websites were not very transparent with data management and did not allow users to manage, change or see their own data.

4. Other forms

All forms on your website must be GDPR compliant. On every form there should be a checkbox that allows users to give their consent of having read and accepted the privacy policy page. You should also add a link to the privacy policy of your mail service provider.

5. Third party plugins and applications

You must make sure that all the used plugins and applications on your website are GDPR compliant. If any of your used plugins and applications are not GDPR compliant then the website is not compliant as well. Therefore, you would have to find an alternative that is GDPR compliant. 

6. GDPR compliant CMS

Almost every website uses a CMS (Content Management System) unless it is totally hard-coded, which is only a small percent of all websites. The CMS of your website is essential in the way that your website works and therefore it is very important that you make sure the CMS is updated and GDPR compliant as well. The CMS is often closely bound to the way data is stored and therefor you must either find a compliant CMS or make it compliant manually with custom code, third-party plugins or with custom code.

7. Checkout page

Checkout pages often look different from the rest of your website and often have a different functionality, which is allowing people to checkout. On those pages it is very important that you make a use consent checkbox and refer to your privacy policy before checkout.

8. Email notifications

Whenever users are added to your email list it is very important that the person has given their consent to store their personal data as well as allowing the company to send emails. Besides that, you must give them the ability to unsubscribe themselves from your email marketing list.

9. Data backup

Most websites have an auto data backup system that makes sure nothing is lost in case they must roll back in time. This could be due to a virus infection, accidental deletion or edits to the website and so forth. Most of these backups also contain user data and therefore it is very important that you do not have more than 3 customer data backups. As website owner you must make sure that the user data is secure and that you are the only one who can download them.

10. Opt-ins 

On most forms there are opt-ins that allow users to give their consent to the asked request. To fully follow all legislation regarding data management and storage you must remove all automatic opt-ins on your website. If users want to give their data, then they should choose that themselves instead of you making the choice beforehand.

On your sent newsletters you should allow users to opt-in or out with ease. Therefore, you should disable all double opt-ins on your newsletter.

11. Data Access Requests

Your website should have a process in place that allows users to request a copy of their own data. This allows users to make sure precisely what data your website is storing about them and allows for full transparency.

About the author


Mathias Minh Nguyen

Mathias Minh Nguyen is a SEO and SEM expert who helps companies of all sizes get more recognition in the digital world by creating more awareness. He shares his thoughts and tips on different medias that concerns the digital world. He currently works for the Danish company Morningtrain and has based some of this informative article on Cookiebot’s information about CCPA compliance.