5 steps to a GDPR compliant website

roivitopeleg Uncategorized Leave a Comment

5 steps to a GDPR compliant website

If you run a website, and you’re collecting data on citizens of the EU, this video is for you. I’m going to break it down – how to make your WordPress website or basically any website compliant to the new GDPR laws.

Gentle disclaimer: Just bear in mind that I am not a lawyer and this is not legal advice. These are just a few steps that you can take in order to make your website compliant, but there are a few other things that you have to make sure you are still doing within your business to make sure you are totally GDPR compliant, but I’m going to tackle the website side.


Let’s understand why do we need the GDPR laws. The General Data Protection Regulation will come into effect on the 28th of May 2018. It’s actually a very positive thing – the privacy laws haven’t been updated since the 90s while technology has grown massively since then. We are using the Internet in a very different way than we did back then. Especially in the last few years with the rise of social media, a lot of us feel that our personal information might be exploited or might not be used in a way that benefits us. That’s why the regulators came up with a new set of laws while as website owners, we need to comply with them or risk getting fined up to 20 million EUR(!) I know it sounds crazy but they seem pretty adamant at enforcing this so we should take action – you should take action – within your business.

Security Certificate

The first thing we need is an SSL on the website. An SSL is a security certificate that encrypts your website. You can purchase this on a yearly basis from your hosting company at about £50 per year – Even though there are quite a few hosting companies who offer free certificated like Let’s Encrypt which is more than enough for most websites. To install you need to contact a professional as there a few steps that they will need to do to makes sure the site is completely secure. If it’s done correctly you’re going to see Google’s green padlock on for browsing on Chrome. It is basically a notice to the visitor that the website is secure and also it is a kind of reassurance that we actually take notice and take care of their privacy.

Legal Documents

The second thing we need to take care of is updating our terms and conditions, privacy policy and cookies policy. We need to have these documents on every website. Adding these will help you with Google’s ranking as when they’ll scan the website they’ll find these pages and rank you a little higher; the SSL as well. You can generate these documents online. We recommend using TermsFeed. They will ask you a few questions and generate the legal document for you and it’s GDPR compliant. This is a much cheaper solution than going to a proper lawyer for this, but if you have a complex website, maybe you should have a look at specializing lawyer to create these pages for you.

Terms Feed – a quick and affordable way of creating your legal documents

Online Forms

Forms are the way we’re collecting personal data online. Whether someone is subscribing to your newsletter or requesting some information for a quote or making a purchase online – we collect their information through forms.

It’s very important that we ask for consent to use this information and now it’s actually mandatory. You need to make sure that at the end of every form, you have a little checkbox that is clearly telling people how you are going to use this information and why you need this form. Make sure that this checkbox is ticked off by default. The consent needs to be an ‘active consent’ – Visitors need to click on it to opt-in.

We also need to have a way of delivering the information we gathered back to our users if they ask for it. We need to be ready to deliver the information from where it’s stored along with everything that is included in it.

To do this, we are using Gravity Form, which is a great forms system for WordPress, it’s not that expensive, and it collects your information in a very nice and organized way that you can always export it and you can always know where these people came from, and it will allow you to do all of these things including the checkbox for the consent.

Gravity Forms is the Easiest Tool to Create Advanced Forms for Your WordPress-Powered Website.

One last thing about forms and it’s important that we think about this now before the law comes into effect. We need to remove any information that we are not actively using. Part of the rules is making sure that we do not keep information “just in case” you know, so if you have these kinds of people stored from a few years ago that you are thinking, “Yeah, maybe someday I’m going to get in touch with them and send them some kind of a promotion or something,” then you cannot do that past the 20th of this month, so make sure you delete all of their information.

Re-ask for concent

So we are already at point number four: we need to re-ask everyone for their consent. If you haven’t done this while they opted in or you cannot prove that you can deliver information to a certain contact, you need to re-ask them for consent. You can easily do that with free tools like MailChimp or any kind of a newsletter software that will resend them an email asking for consent where they will tick it on and then you can continue communicating with this person

A free tool to send bulk emails to your list.

Maintaining your website

Last point, point number five: maintaining your website.  As a website owner, we have a responsibility to keep updating the website and making sure that no one can actually break in and steal other people’s information. If you have a brick and mortar shop or office, you would probably have insurance, as well as some kind of a security measure – an alarm system or CCTV. It’s pretty much the same way with websites right now. The legislator is looking at a website as an actual office or an actual shop, and we should look at this in the same way. The same responsibility is now being rolled onto the digital world – that includes maintaining our website, if it’s within WordPress, we need to update WordPress, the theme and the plugins. We need to make sure that we have a proper security system in place, sort of an antivirus for websites. We need to deter hackers and spammers that wish to steal information from our website’s users.

Someone needs to take care of this on a monthly basis – if it comes to this, and you are being questioned about how you maintain people’s information, you need to be able to prove that you are taking actual measures to ensure people’s privacy on your website.

Ready to get wise with your site maintenance?

Click here to check out our care plans with round the clock site security, clean-up services and support all-in-one

Our Care Plans

Alright, we did it!

We went through the five points to make sure your website is compliant with the new GDPR laws. Just so you know, we can take care of almost all of these things for you whether it be maintaining the website on a regular basis which you should find someone to do for your website, installing an SSL – a security certificate, making sure your terms and conditions and cookie policies are up to date, and of course checking your forms and making sure that everything there is up to speed with the new regulations.

I hope this was informative – Feel free to get in touch below if you need any help with these things and good luck!



Leave a Reply

Your email address will not be published. Required fields are marked *