Does my website comply with GDPR standards?

normas RGPD para website

The subject is not new, since 2018 that the GDPR (General Data Protection Regulation) “torments” responsible companies that want to comply with the new data protection law, but there are still some doubts on how to do it, especially in their websites.

We will try to clarify this exactly, how to comply with the GDPR rules on your website, in a simple and clear way.

But first, let’s remember what GDPR means.

The General Data Protection Regulation corresponds to a legal document that covers all citizens of Europe, and is intended to regulate the protection of their personal data. Entities that collect or process the personal data of individuals are no longer able to use their personal information without their consent.

Please note that the penalty can be severe: non-compliance can result in fines ranging from 4% of revenues up to a limit of 20 million euros. Ouch!

But let’s avoid fines, shall we?

So, how to prepare a website according to GDPR standards?

There are some steps to consider, but easy to implement. We will detail 5 fundamental actions to comply with the GDPR on your website.

Action #1: Privacy Policy

You must have a page (usually located in the Footer Menu), which informs your visitors about your Privacy Policy. The text on this page aims to inform what data is collected on the website, what it is for, how it will be used, how long it will be held in a database, etc. All information and clarification are essential for the visitor be feel safe and confident in the navigation and use of the website, so, if there are still doubts, the text must also provide a contact (email address, for example) so that questions can be raised by the user, or even requested the elimination of their previously collected data.

Action #2: Cookies Policy

Oh but the Privacy Policy is not enough? No, it’s not enough!

And let me say more: the Cookie Policy must live on an isolated page of the Privacy Policy, however, there must be internal links that link both pages. Basically, the Cookies Policy could be an excerpt or a segment of the Privacy Policy, but given its extension, it is recommended to create an exclusive page for this purpose, also located in the Footer Menu. In the Cookies Policy, there should be complete clarification on the subject, remembering that most people are not even aware of the term “cookies”.

Thus, the text to be constructed should address topics such as:

  • What are Cookies
  • What are Cookies for
  • Types of Cookies
  • What Cookies are collected on my website
  • How to disable the collection of Cookies

But we don’t stop here … let’s move on to the next action.

Action #3: Cookies consent Banner

Many websites use a Disclaimer as soon as we enter the first page browsed, informing users that “This website uses Cookies [OK]”. But this is not enough …

To comply with the GDPR standards, this Disclaimer must appear in a Banner format, inform the user about the collection of Cookies, but also make a button directly available to select the Cookies that you want or do not want to be collected. In addition, the types of Cookies to be collected – Necessary and Optional – must be listed with a checkbox not selected, by deafult, for Optional Cookies (Necessary Cookies are essential, so there is no option to disable their collection, unless leaving the website).

Confused? We show some examples of how this Cookies banner should be or should not be.

Exemplo de como NÃO FAZER
BAD exemple of a Cookie Banner
  • GOOD example of a Cookies Banner #1
  • GOOD example of a Cookies Banner #2

Action #4: Data processing information in each data collection action

Contact forms, subscriptions to newsletters, registrations for entering a private area, registrations for online purchase, in short, all the functionalities of a website that require the request of a user’s personal data should now have separate Disclaimers of consent, to inform and request acceptance by the user.

For instance, some of these disclaimers include information on the Terms of Use and the Privacy Policy and explanation of the Treatment of the data collected (for example, to receive notifications of future offers).

  • Example #1 of a Contact Form complying with GDPR
  • Example #2 of a Contact Form complying with GDPR

Action #5: Information on any changes to the Privacy and / or Cookies Policies

Por último, deve ainda ficar claro de como os visitantes ou utilizadores do Finally, it should also be clear how visitors or users of your website may be informed about the possible update of your policies in force on the website. This information can be provided via email or only registered with an update of the content published online, always with the identification of the date of the last update.

It wasn’t that hard to comply with the GDPR on your website, was it?

Header photo credits: Tim Mossholder on Unsplash

Also check out:

UX rules for forms on websites