Skip to main content

GDPR: 3 simple steps for your web site

Last updated: 4.16pm, Wednesday 9th May 2018 by

From May 25, 2018, GDPR will be introduced across Europe, with new rights for people to access the information companies hold about them, obligations for better data management for businesses - and new fines. So, simply, if you have a web site what do you need to do?

What do I need to do to make my website GDPR compliant?

Here are 3 basic steps:

1. You must only keep data that is necessary for your business and only for as long as you need it. This should be backed up with a clear Privacy Policy. For example, most online stores will need to keep customers names and contact details - but probably not their date of birth, unless selling alcohol.

2. Ability to easily remove customers' data on request or after it is legitimately needed.

3. Opt-ins - not opt-outs. Forms that invite users to subscribe to newsletters or indicate contact preferences must default to “no”.

Of course, GDPR covers much more than web sites, such as appointing a Data Protection Officer in your company, so read the full ICO guide here: