Make Your Website GDPR Compliant in Less Than 1 week
How It Works
How do I make a website
GDPR compliant?
Is your website affected by GDPR?
If your organization/business interacts or does business with EU citizens, such as selling products/services or monitor individual behavior online, then you may fall under GDPR jurisdiction.
If you use third-party tools such as Google Analytics, which collect personal data, then you need to obtain valid GDPR cookie consent before placing cookies or any other form of tracking technology on the visitors’ computer. One of the ways you can accomplish this is through a cookie consent tools/cookie consent plugin such as our Privacy Scanner.
If you have contact forms or newsletters collecting data from EU citizens then you need to be compliant with GDPR and need to ensure you do lawful processing of their personal data.
What are GDPR cookie consent?
GDPR forbids collection and processing of personal data unless the user consents. This means that the business must not use cookies and other tracking technologies unless the user allows them to do so.
Therefore, GDPR requires businesses to obtain an explicit consent from users before using cookies.
Moreover, not every obtained consent is lawful according to the GDPR. You have to obtain it as the GDPR requires. The consent must be:
- Given freely. The user should be free to choose between accepting and rejecting cookies. Providing consent as a condition to access the website or bundling it to the Terms and Conditions is against the law.
- Informed. You need to inform users about what you would do with their data before collecting it. You can provide such information in the cookie banner text, or by providing a link to your privacy policy.
- Specific. A general consent for the processing of personal data is useless. You need to obtain a separate consent for each specific purpose of processing. If you want to use cookies to remember a user's website preferences, you need consent for that. If you want to use cookies for marketing purposes, you need a specific consent for that as well.
- Unambiguous. The user must provide consent with affirmative action, such as clicking an ACCEPT COOKIES button. Assuming that the user consents to the use of cookies just by browsing the website is not affirmative action, therefore it is against the GDPR. Such consent is not valid.
- Easily withdrawn. You must provide the user with the opportunity to withdraw their consent as easily as it was to give it. If it was as easy as clicking an ACCEPT COOKIES button, it has to be as easy as WITHDRAW CONSENT button to withdraw the previously given consent. If you require users to submit a form via email to withdraw it, you violate the GDPR.
If you are interested you can read in length about cookie consent according to GDPR.
Are you aware of what trackers you have on your website?
Many websites use tracking technologies, including cookies, pixels, and tags, to advertise, collect statistics and perform marketing campaigns. To ensure your website is GDPR compliant, you are required to provide a cookie notice/GDPR cookie consent banner and obtain user consent for each one of these technologies. Make sure to do a web audit of your website and see what trackers you have enabled and are running.
If you are unsure what trackers you have on your website, then use our GDPR Privacy Scanner. It is free and will provide you a result within 5 minutes or less. Our tool identifies the cookies and trackers that operate on your website, and our cookie script blocks them into groups determined by their function.
Are you gathering consent the right way?
There are specific requirements for how to obtain valid consent when it comes to GDPR and cookies. Primarily, GDPR cookie consent must be informed, unambiguous, explicit, freely given, specific, and have the right to withdraw written in plain language that is visible in your cookie banner. For consent to be informed, both the GDPR and ePrivacy Directive, state that an individual must receive at least the following information from your cookie consent notice:
- the identity of the organization processing data;
- the purposes for which the data is being processed;
- the type of data that will be processed;
- the possibility to withdraw the given consent (for example, an unsubscribe link at the end of an email)
- if the consent is related to an international transfer, the possible risks of data transfer to third countries.
Make sure your cookie banners include the following information:
- Consent should be affirmative, specific and unambiguous
- Details of recipients and data controller
- Purpose of processing and notification of profiling is included
- Include duration of tracking
- Possible to withdraw consent
- Link to complain, correct and transfer data
Are your privacy banners affirmative?
The standard text phrase that is included in most cookie consent banners, “by using this site, you accept cookies,” will not be sufficient under GDPR cookie compliance requirements, as it only suggests implied consent, which is ambiguous and generic. You will now need granular levels of control with separate consents for tracking, analytics, and other cookie categories, as well as mechanisms to signal customer consent. They need to make an affirmative action to guarantee GDPR compliant cookie consent.
Have you made it easy to withdraw consent?
It should be as easy to withdraw as to give consent. Furthermore, to be compliant with GDPR your cookie banner must inform your users how they can exercise this choice. If user consent is withdrawn your company/organization can no longer process the data. Once consent has been withdrawn, your company/organization needs to ensure that the data is deleted unless it can be processed based on legal grounds (for example storage requirements or as far as it is a necessity to fulfill the contract).
If the data was being processed for several purposes your company/organization can’t use the personal data for the part of the processing for which consent has been withdrawn or for any of the purposes, depending on the nature of the withdrawal of consent.
Example: You’re providing an online newsletter. Your client gives their consent to subscribe to the online newsletter that allows you to process all the data on their interests to build a profile of what articles they consult. One year on, they inform you that they no longer wish to receive the online newsletter. You must delete all personal data relating to that person collected in the context of the newsletter subscription from your database, including the profile(s) related to that person.
Benefits with the
Secure Privacy GDPR module
Easy to install. Highly Automated GDPR Solution.
Reduce Legal Risks and Avoid Future Costs.
Build Trust with Customers, Employees and Partners.
Frequently Asked Questions
Do I need to block all cookies?
To learn about cookie blocking , please see this guide.
Do you offer training and consultancy services?
Yes, we offer GDPR readiness tests, website audits, training and more. Please schedule a call here.
Do you support CCPA, LGPD and other privacy laws?
Yes, we offer full support for a wide range of privacy laws including CCPA and LGPD.
We have many websites and/or subdomains. Do you offer a discount?
Yes, we offer volume discounts. Please schedule a call here.
Can I try the product for free?
Yes, you can. We offer a FREE trial. You can cancel anytime.
Can I cancel my account?
You sure can. Go to your administration panel at any time, and you will find cancel in the account section.
