Practical Steps to make your site GDPR compliant
2. Give them a way to opt out of your data collection. Most people are putting a “right to be forgotten form” if someone submits to it then you remove them from all of your data collection systems and log it somewhere as a record. If you are using cookies also force the consent popup.
3. Providing data breach notifications and handling the transfer of data across borders (divisions) safely. If you are using a CMS (and you are) need to pay attention to any exports you do from plugins on the backend. This is users data.
4. Need to appoint a data protection officer to oversee GDPR compliance and have that displayed somewhere on the site.
5. Make sure all your forms have a separate tick box that explain you collecting their information, and a separate tick for email marketing. As a general note make sure to force the forms to HTTPS.