GDPR checklist for your website

GDPR checklist for your website

Note: Currently this page has been machine translated. As soon as we have time we will make these translations the best they can be.

GDPR stands for General Data Protection Regulation. In short, it concerns the protection of personal data. With our GDPR checklist you will ensure that your website is GDPR compliant.

We have compiled a checklist that you can use as a guideline to make your website compliant GDPR. It's time to roll up your sleeves, because if you do not do this, then you'll be waiting high fines.

Logo iubenda, a professional solution for your privacy policy and cookies
Are you looking for a ready-made solution that automatically fixes many things for you? Then consider iubenda, the professional generator for your privacy policy and cookie notifications.
Receive 10% off on your first year at iubenda by registering via our link.

Short disclaimer: we are not lawyers, we are web experts. Always keep in mind that your specific situation may require additional measures. In this article you will find an affiliate link for iubenda. It is a win-win: no less than 10% discount for you and a small contribution for us. We only recommend software that has our approval.

Our GDPR checklist for your website looks like this:

SSL secure connection (https)

No more choice, put your website on a secure SSL connection.
No more choice, put your website on a secure SSL connection.

Your website must be developed with attention to privacy-enhancing measures. This is called in the GDPR Privacy by Design. An SSL certificate is a good example of this. Your website must be loaded via a secured https connection.

Do not forget the announcement from Google that from July 2018, with the release of Chrome 68, unsafe websites as such will be clearly indicated. Now it is not so obvious, but then there will probably be a clear red open lock next to the URL.

Do not wait any longer to put your website on a secure connection. You will not escape from it anyway.

Data minimization

The goal of data minimization is to collect as little data as possible. Do you need the date of birth of your customer to deliver the order? When registering for a newsletter, the only required field is actually the e-mail address. In the latter case you could optionally ask for the name. This name is often used to make your newsletters more customized and personal.

Prepare forms correctly

Privacy by default: the purpose of the form must be clear and you may ask permission for the use of the data.
Privacy by default: the purpose of the form must be clear and you may ask permission for the use of the data.

Here it is about the so-called Privacy by Default. You are obliged to clearly inform your users and to protect their data. Forms must now meet the following 4 conditions:

  • Clear goal
    It must be unambiguously clear what the purpose of the form is. You achieve this by placing a clear title on your form: 'Register for our newsletter', 'Contact support', ...
  • Link to the privacy policy
    With the form you must clearly refer to your privacy policy. This can be done, for example, by placing a phrase like 'Your details are processed in accordance with our Privacy Policy', where you link the word privacy policy to the actual page of your privacy policy.
  • User must give explicit permission
    Via a checkbox, for example, you can give the user explicit permission to process his personal data in function of the purpose of the form. This checkbox must be unchecked by default.
  • Opt-in
    This is often just the button that the user presses to send the data from the form.

These 4 form conditions are not exact science. They form the idea that your form must meet. The 'consent' and the 'opt-in' can also be combined if it is unambiguous. For example, instead of putting 'Submit' on your button, you put something like 'Register for the newsletter'. In this way you combine the explicit 'give consent' and the 'opt-in'.

Privacy policy statement

A privacy statement is a document in which you describe what you do with the details of customers and visitors: how do you collect the data, how do you use that data, how do you save it, etc ....

Every website needs a clear privacy statement and can not be missed in this GDPR checklist. From now on you must also take into account in your privacy policy the right of access and the right to forget:

  • Right of inspection
    The visitor has the right to request his data. You must clearly indicate in which way the visitor can request this data.
  • Right to forgetfulness
    The visitor can request that the collected data be adjusted and, if so desired, completely removed.

Cookie notice

For non-functional cookies you are obliged to give a notification on your website.
For non-functional cookies you are obliged to give a notification on your website.

A cookie notification on your website, you know, such a box with explanation and button with which you can agree with the cookie policy, is mandatory for cookies that are not functional and / or privacy infringing.

What is a non-functional cookie? I think that this is the easiest to understand on the basis of a few examples of cookies that are functional. A functional cookie, which does not require a cookie report, is a cookie that is necessary for the operation of your service and that is not privacy-infringing: eg. a cookie that remembers which items are in your shopping cart, a cookie that remembers the login, etc ...

Is your cookie not functional and / or your cookie is privacy infringing, then you must show a cookie notice.

Logo iubenda, a professional solution for your privacy policy and cookies

Receive a 10% discount on iubenda, the professional solution for your privacy policy and cookie notification!

Webmatic has been working with for years iubenda. Iubenda takes care of everything concerning your privacy policy and cookies. Implement something new on your website, just tick the right options and your privacy policy is automatically up-to-date. Subscribe via our link and receive a 10% discount on your first year at iubenda.

Register with 10% DISCOUNT!

Are your partners GDPR compliant?

For the proper functioning of your website you usually work with several external partners: following up, sending newsletters, showing optins, processing online payments etc ...

These partners will also have to comply with the new GDPR legislation. After all, they process the data of your visitors. Popular partners such as MailChimp (newsletters) and WooCommerce (webshop) do everything they can to bring themselves into line. So normally you're fine if you make the right choices.

Secure your website!

Keep your website safe for hackers. This means that you install a security system, that you always keep your website up-to-date, that you take care of backups and more. If you do not want a headache or just be sure of your case, then take a subscription to one of ours WordPress Maintenance plans.

Looking for a ready-made GDPR solution for your privacy policy and cookie notification? Get 10% off your first year via this link: To Tweet

Do you have questions? Is something not clear?

Let it be heard at the bottom of the comments! We are happy to help you.

Leave a Comment

Your email address will not be published. Required fields are marked *