Is Your Website GDPR Compliant? Find Out How To Become One

-The Terms and Conditions page of your website should clearly display the modus operandi of collecting data. It should describe as to how you intend to use the personal data and for how long will you retain the same in your systems. Moreover, the privacy norms should list out the applications the website uses to track user interaction and specify customer consent in doing so.

*Online payments:
-If you have an online store that collects personal information to be passed onto the payment gateway companies or banks for further processing, the information remains stored in your systems as well. According to GDPR, you cannot keep the personal data in your systems for an indefinite period unless they are needed for legitimate purposes. You should ensure the personal data collected for payment purposes by the online store are deleted within a reasonable period.

*Cookie policy:
-It is a page on your website that states what cookies are used on the site, both yours and from third parties, what data you capture with them and what you do with the data. The use of the website must not be limited to those who accept the use of cookies. The user must be given the option to use the site without the use of cookies or decline the use of cookies for their session as well. However, it must be explained to them through the cookie notice that if they decline the cookies the site may lose some functionality.

*SSL Certificate:
-The SSL certificate ensures the browser bar displays a secure notice and a padlock symbol. The purpose is to securely encrypt all the details that are entered into any of the forms or fields on a website. You can contact your hosting server provider to purchase and install the same.

*Encrypted Data storage:
-Store all passwords in an encrypted format to prevent their falling into wrong hands.

*Live Chats:
-If you have a live chat service on your website, you need to make sure that you refer to this third-party service in your cookie and privacy policy, besides reviewing the latter’s GDPR/Privacy Shield policy as well.

Other requirements:

-Ensure the storage of your email data in a secured manner. Use a robust anti-virus software and delete the unnecessary emails.
-If you have had a chat with a customer related to an enquiry by using the Facebook Messenger, make sure the chat history is deleted when it’s done. Get the person to email you so that you can hold a formal connection outside of the social media channel.
-If your website captures the customers’ data and then stores the same on a CRM platform such as Salesforce or Pardot, you need to ensure the data collection process is secure. Also, refer to the third-party service in your privacy policy.
-The data collected from data subjects should not be shared on social media channels.
-Google map should be mandatorily shown on the Contact page.


-GDPR is not to be feared, for it is an enabling legislation to bring in transparency in the way businesses deal with customer data. If the above mentioned steps are incorporated into your website preferably by an experienced web development company, you will stay clear of compliance issues and create a greater level of trust among your customers.