GDPR Compliance Checklist – 7 Easy Tips

Before I go into the easiest GDPR compliance Checklist, Let me define GDPR. It will help you to understand this GDPR compliance checklist better.

What is GDPR and How it Affects My Website?

There are so many websites define GDPR but most of them are really confusing and hard to understand. So let me define GDPR in layman’s terms. GDPR “General Data Protection Regulation” is a privacy policy drafted and passed by the European Union (EU) in 2016.

If we simply define GDPR, You (the website/organization) cannot collect personal data from the users from European countries without their permission. If you want to store your visitors’ personal data, they have to give you their clear consent. So if your website targets European traffic, you must comply with GDPR law. They made this law to protect user privacy, privacy data breaches and prevent companies from selling or using personal data without users’ clear acknowledgement.

You must remember, this affects you even if you are not a European citizen or if you are not even targeting European countries. Unless you block all European countries from accessing your website you are obligated to follow GDPR rule.

This is just the simple definition of this EU privacy policy law. So checkout their official article about Define GDPR to learn more about the law and to find out the full definition of GDPR law.

define GDPR

GDPR Compliance Checklist

Now you know what GDPR is. So let’s see what we can do to make sure that our website is comply with GDPR law. European Union expect you to follow some guidelines and make changes in order to have GDPR Compliance in your website. This law is not only affect websites, if an organization or a company collection and store personal data from any European citizen digitally or otherwise, they are obliged to follow the law.

So follow these 7 easy steps to make sure GDPR Compliance on your website.

1. Cookie Notification
2. Cookie Policy
3. Up to date Privacy Policy Page
4. Secure Sockets Layer (SSL)
5. Lead Capture
6. Payment Gateway
7. Chat Service

1. Cookie Notification

You must have a cookie notification on your website. Since GDPR consider cookie data as personal data you must add a notification for users where they can accept or deny your request to use their personal data for cookies. Earlier if users closed or ignored that notification you could considered it as an acceptance of the request. But now you cannot do that. Visitors must actively opt-in the notification in order for you to use their data for cookies.

2. Cookie Policy

Have a separate cookie policy page on your website. You can no longer add cookie policy as a part of privacy policy. You have to have a specific cookie policy page. In that page you need to define the following.

  • What are the data you are collecting of your visitors and why are you collecting these data?
  • If you are using 3rd party cookies, you must include the privacy policy page of their organization. For an example: if you are using Google AdSense you must include a link to their privacy policy.
7 Easy Tips for GDPR Compliance Checklist

3. Up to date Privacy Policy Page

Your privacy policy must be up to date with latest details of your website functionality including;

  • How are you collecting user data and how are you storing them
  • How a user can contact you to find what the data you have of them are
  • Specify the process of getting removed and deleted all the personal data you have on them. Contact information to contact you if a visitor wants to remove his data from your website

4. Secure Sockets Layer (SSL)

You should have SSL certificate on your website. So visitor can know that your website is secure and their data is protected with SSL. Even if your website doesn’t handle any money transaction having SSL helps you with GDPR Compliance.

5. Lead Capture

If your website has forms, inquires, etc.. to communicate with your visitors you should avoid the following from doing.

  • Don’t store data if it isn’t necessary. Don’t keep any personal data just because it might come handy in the future. Always try to avoid storing data.

  • If you are using any email provider to communicate with your visitors, make sure that they have GDPR clarifications as well. Your privacy policy won’t work unless your email provider has GDPR Compliance.

  • If you printout website inquires on a paper, make sure that you dispose those papers properly after you done with that inquiry. Don’t keep those papers lying around in your office unless you need it again.

  • Don’t have any pre-ticked boxes on your forms. Your visitors always have to opt-in to those options. You don’t have the right to choose it for them. So double check your website for pre-ticked boxes, pre-selected dropdowns or anything similar to that.

  • Don’t bundle options. Don’t have a single tick boxes for multiple choices. If you want user to agree on let’s say 3 things, you must put 3 tick boxes for that. Don’t use the single tick box for all three.
GDPR Compliance Checklist

6. Payment Gateway

If you are using any payment gateway on your website. Make sure that your payment gateway provider has GDPR Compliance. Also you must add a link to their privacy policy on your privacy policy page.

7.  Chat Service

If you have a chat service running on your website, make sure that their privacy policy comply with GDRP law. Because most of the time chats save visitors names, email, phone number and other details. So if your chat service provider doesn’t comply with GDRP, your whole website in the jeopardy. Even if you don’t store data, the service you are using does. So indirectly you are storing data from your users.

These are the easiest 7 tips for GDPR Compliance Checklist. Follow this checklist and your website will be ready to receive traffic from European countries without any problem with GDPR.

Disclaimer: I’m not a legal professional, so if you want to know more about GDPR law, please seek legal advice from a professional. I’m just briefly define GDPR and give you some pointers from my personal experience to GDPR Compliance on your website.

Leave a Reply

Your email address will not be published.