​Simple ​GDPR website checklist

Checklist - GDPR website checklist

GDPR ​key points...

1.  General Data Protection Regulation = GDPR.

​2. Enforced from 25th May 2018.  

​3.  GDPR is about ​respecting people's privacy and keeping their personal ​data safe.
​4.  Personal data is any data that could identify a living person who has a right to privacy. ​e.g. Name, Address, Email, Bank Details, Health information, Online behaviour, IP Address.

Websites collect visitors personal data.  

The GDPR.eu checklist states that ​"you need to tell people that you're collecting their data and why ​. You should explain how the data is processed, who has access to it, and how you're keeping it safe. This information should be included in your privacy policy and provided to data subjects at the time you collect their data." ​

These are the steps I took to ensure our website was GDPR compliant.​...


Step 1 - Create a Privacy Policy

A privacy and cookies policy is required for GDPR. Have a look at our website privacy policy.

GDPR Privacy Policy Example from the Target the Market website

Step 2 - Make contact forms GDPR compliant

You need to tell website visitors that you're collecting their personal data on a contact form , give reasons why and explain how it is managed.

gdpr compliant contact form

What you need to do...

1. Add a line of text below your Contact Form "Send enquiry" button. 

2. This should explain that by submitting the contact form, the visitor consents to getting an email reply.  Add a clickable link to your privacy policy so that visitors can find out more about how the contact form personal data is managed.  

3. A checkbox on your contact form is not required for GDPR compliance.  A simple line of text is sufficient.

4. Have a look at an example of a contact form on our website.

Step 3 - Make sure visitors consent to the use of Cookies.

What are Cookies?

Cookies are stored by websites so they can recognise you and keep track of your preferences. You need to tell visitors if your website uses cookies and link to the Privacy Policy to give more information on cookies and how visitors can opt out.

What you need to do...

1. Install the "Cookie ​notice for GDPR" as shown below.  This will display on your website, the cookie consent message shown above.

2. Document in the cookies section of your privacy policy, what cookies are, which cookies your websites uses, why they are used and how users can opt out.

Step 4 - Make sure Google Analytics does not collect any personally identifiable information (PII)

Google Analytics (GA) is used to understand how visitors use websites e.g. most popular pages, user location, number of visitors. 

What you need to do...

1.  Avoid any collection of PII (e.g. email, name)

Watch the start of this video to find out if GA is storing any personal data.

2.  Stop GA storing a visitor's IP address - this is personal data

Get round this by anonymizing the IP address. In WordPress , add the following to the GA tracking tag:

-> If using gtag.js, add: gtag('config', '<GA_TRACKING_ID>', { 'anonymize_ip' : true });

e.g.  gtag('config', 'UA-199616244-1', { 'anonymize_ip' : true });

-> If using analytics.js, add:  ga("set", "anonymize_ip", true);

Watch this video to find out how to anonymize the IP address in Google Tag Manager. This is a fab video on Google Analytics GDPR compliance.

3. Stop GA collecting personal data ​for Advertising purposes.

GA collects personal information such as Demographics (e.g. age, gender) for the purpose of remarketing - this can be turned off.

To do this in GA,  select Admin, Property, Tracking Info, Data Collection (as shown in picture below).  Set "Remarketing" and "Advertising Reporting Features" to "OFF".

If you have an older version of GA or you are using Google Tag Manager, then watch this video.

​Conclusion: ​ GDPR website checklist

​This GDPR website checklist should be ​appropriate for small business websites.  This checklist is not a legally binding ​- if you need that seek GDPR legal advice.  

Please  comment below and let me know if this has been useful. ​  It really does help me to provide content that website owners actually want.  

Feel free to share.

Comments are closed