Get your website compliant
With new regulations coming into play, it can be difficult to define the basic steps your business should take in order to be compliant. Our GDPR Checklist can guide you through the process and show what you must look for and have on your website.
The General Data Protection Regulation (GDPR) was enforced on May 25th, 2018 with the goal to regulate the way personal data is collected. According to the regulation, any website offering services to EU-citizens must inform its users about personal data that is being collected.
Prior consent must be given by the user before any tracking technologies (e.g. cookies) are used. The user should have the ability to choose which personal information is gathered, with a simple opt-in function, and have an option to adjust their preferences at any point.
|Common Cookie Type||What does it do?||Need consent?|
|Strictly necessary cookies||Required for the proper operation of a website.||No|
|Marketing cookies||Track user’s online activity.||Yes|
|Statistics/Performance cookies||Collect information on how the users interact with a website (e.g. which pages they have visited, or which links they have clicked) to improve the website’s functions.||Yes|
|Preference/Functionality cookies||Preferences can be used to make a user profile (e.g. preferred language or region)||Yes|
8 steps to make sure your website is compliant
Provide the identity and contact details of your data controller.
State the purposes for collecting personal data and the types of cookies being used.
For example, when you collect any data to communicate with existing or potential customers, you need to inform the person that “communication” is the purpose, even if it seems obvious. This practice is to prevent companies from collecting any type of personal data without legitimate reasons.
Provide the legal bases for collecting personal data.
Consent must be freely given, specific, informed and unambiguous. Scrolling or continued browsing, pre-ticked checkboxes and cookies walls (making consent conditional) do not constitute by any means valid consent.
State the retention time of personal data.
Inform your users of their legal rights and provide them with the necessary contact details to exercise their rights.
Make sure you can fulfill the following upon request:
Data protection by design and by default for websites.
Transfers to third parties.
Social media embeds or log in options from services such as Google, Facebook, Twitter might lead to information being sent to third party services in order to see the content.
Provide easy-to-read information.