Is your website GDPR compliant? To ensure website legal requirements here are some of the documents and legal elements you need:
- Collect email marketing consent
- Consider links to third party websites
- A Terms & Conditions document
1. A checklist for cookie consent
To ensure cookie compliance you need to:
- Know what cookies you are using and why
- Have a cookie banner on your website
- Be aware of the difference between necessary and non-necessary cookies
- Block non-necessary cookies until your user has given consent
- Ensure your users can easily access and change their cookie settings and that the information you provide is easy to understand
- Remember to log and store the cookie consents for the lawful duration required in your country, e.g., in some countries up to 5 years
- Your company details, e.g., name, registration number, full company address, contact information
- A definition of what a cookie is
- A description of the different types of cookies on your website: Their purpose, provider, duration and how you use them, including but not limited to: - Necessary or essential cookies - Non-necessary cookies, such as - Analytical cookies - Marketing cookies
- How users can control their cookie settings and whether this will impact their use of the website.
- Information about the possibility of opting-out of being tracked (and how they can do it).
- You should also think about the design of your policy. Many authorities recommend that policies be split up into sections so that they can be “unfolded” making it easier for the user to read and understand the content of the policy
- Make sure it is available on on your website
- Make sure it is available in all the places where you collect personal data, e.g., sign-up forms, newsletter pop-ups, etc.
- What personal data is collected from your users (the purposes) and what you are using this data for
- Who you are sharing the data with
- Your security measures and if data is transferred to other countries
- The data retention periods for the specific data collected
- How to file a complaint and to whom
- How the user can exercise their right to request:
- Data access
- Data deletion
- Data edits
4. Email marketing
In relation to email marketing, you need to consider the following:
- Do you collect consent to email marketing?
- Do you make it possible for your users to object to direct marketing, opting-out or unsubscribing?
- Make sure that you mention in the email marketing consent copy;
- your company name and information as the sender,
- what you will be sending email marketing about, and
- through what channels.
5. Links to third-party websites
In relation to third party websites, you need to think about the following:
- Do you link to third-party websites?
- Do you have a statement notifying your user that third-party website content is neither under your control nor the responsibility of your company
6. Terms & Conditions
In relation to Terms & Conditions (T&C), you need to think about the following:
- Is the T&Cs document accepted by the customer?
- Can the T&Cs be downloaded?
- Can you prove that the T&Cs have been accepted?
- Do you give instructions on how to cancel the subscription / correct errors?
- Remember to use a good payment provider
- Do your T&C's state the minimum duration of the contract?
- There also needs to be information about price, cancellation, return policy, law and venue, delivery, information about the product/service, how to complain etc.,
Disclaimer: Depending on your line of business, country, industry and customer type (e.g. children, consumers etc.) you might need other documents and information so please note that this list is not exhaustive.
To sum it up, these are the main website legal requirements, which will make your online project GDPR compliant.
We also compiled an in-depth article about website compliance, where you can find out more about the compliance elements and legislation you need to comply with as a website owner.