Practical Steps to make your site GDPR compliant


1. Make sure you privacy policy is super clear on how you collect data and what you do with it. Do not use boiler plate wording you need make sure it applies to your site in plain, simple and easy to understand for the user wording.

2. Give them a way to opt out of your data collection. Most people are putting a “right to be forgotten form” if someone submits to it then you remove them from all of your data collection systems and log it somewhere as a record. If you are using cookies also force the consent popup.

3. Providing data breach notifications and handling the transfer of data across borders (divisions) safely. If you are using a CMS (and you are) need to pay attention to any exports you do from plugins on the backend. This is users data.

4. Need to appoint a data protection officer to oversee GDPR compliance and have that displayed somewhere on the site.

5. Make sure all your forms have a separate tick box that explain you collecting their information, and a separate tick for email marketing. As a general note make sure to force the forms to HTTPS.