How to make your website GDPR compliant

How to make your website GDPR compliant

in Feb 11, 2019

Is your website compliant yet? If not, you can read through the following steps and begin your compliance procedure, always having in mind that its best to consult a legal expert on drafting your various policies.

1.Consent Forms

Consent forms should be clear and explain the data that is collected and how it is used in a clear and unambiguous language. Website users must be informed how long their personal data will be retained, and the classes of individuals with whom the information will be shared. The exact types of data that will be collected through use of the website must be clearly explained.

2.Privacy Policy

It is highly advised not to just copy and paste someone else’s privacy policy. It is unlikely to contain the proper information for your website. It is necessary to consult an expert and draft your policies in a way that users are not left scratching their heads and leave without actually understanding how their data are being handled. The whole point in making your website GDPR complaint is to be as transparent as possible to the users.


The use of cookies should also be outlined in your privacy policy and what the various personal data collected will be used for. Users need to be able to easily opt out of cookie tracking in their browser’s privacy settings.

If you are using third-party plugins such as Google Analytics to capture autonomous data, then you still need to make your users aware of this via your privacy policy.

4.Rights of the data subject

Website users have many rights based on Chapter IV of the GDPR. Amongst others they have a ‘right to be forgotten’ so that they can have their details removed from a website and the database if they request it. Websites should therefore have a process in place that enables this procedure and also facilitate a way that users can request this, whether mentioning it clearly in a privacy policy or elsewhere on the website.

It is important that website visitors can get in touch with a site owner to exercise their GDPR rights and freedoms, so all contact information needs to be up to date. It must be easy for visitors to make contact should they wish to exercise their right to be forgotten, request a copy of any data that is collected and processed, and check their personal data for accuracy.

5.Handling the data

Security of user or customer data is a matter of great importance. Website owners are required to keep all data secured in an encrypted environment. By adding an “https” protocol to your website, you are helping encrypt the data that users fill on your site.

6.Email Marketing

Email subscriptions are a very effective tool for a website, especially for digital marketing purposes. But for an email marketing campaign website owners will ask users for their email address, which comes under the category of personally identifiable personal data. Proper care should be taken when it comes to understanding how this data is handled. Users should not be getting any unwanted emails in their inbox without their consent or any other legal justification.

It is finally, the responsibility of all website owners to familiarize themselves with the GDPR rules and make their websites GDPR compliant the soonest. If you own or operate a website, get familiar with the GDPR requirements, check to make sure you obtain consent or establish any other legitimate purpose, before personal data are collected and processed, ensure data subjects’ rights and freedoms are protected, and make sure all personal data is stored securely. The best way to go about it if you are having trouble with GDPR compliance is to seek expert legal advice.