How can I get my website GDPR compliant?

The General Data Protection Regulation (GDPR) came into effect on 25th May 2018. Despite the onslaught of emails sent to customers giving them the option to renew or withdraw consent to have information held – many websites are still not GDPR compliant – not even the ICO.

But don’t think you can get away with it! Those who are found to be breaking the rules of GDPR can be subject to warnings,  temporary or permanent bans on data processing, and even fines. It also undermines the trust between you and your customers if your website doesn’t follow the accepted protocols. 

Here are some key actions points in making sure your website is GDPR compliant:


Online contact forms

Any online contact forms you have will need a tick box for users to confirm that they accept your website terms and agree to be contacted via the details they’ve given. If you wish to send further marketing communications to your customer then this must be indicated with another tick box.


Privacy policy

This would have been an important feature, already included on your website before launch, but GDPR makes this compulsory. You should also include information on how you intend to use the customer’s data you collect. If your website sends enquiries to other companies or partners then this should be clearly stated with the names of the partners displayed.


Handling data

Customers have a right to ask for their details to be removed from your website and database if requested. You’ll need to ensure you can facilitate this and inform customers, in your privacy policy or elsewhere on your site, that they have the right to do so. 

Website owners are also required to keep all data in a secure encrypted environment. Adding a https protocol will help you do this. 


Obtain clear consent to use cookies

GDPR states cookies constitute personal data, as they can be used to identify an individual. You must obtain clear, specific consent from users to place cookies and track them. This is usually done with a pop up that appears on a user’s first visit that allows them to consent or decline. The options must be stated clearly for explicit consent, without setting a default answer (ie.accept).


Make sure your plugins comply too!

GDPR compliance can come down to the smallest detail, so don’t be caught out by forgetting to check your plugins. Many plugins also use cookies, so you’ll need to make sure this is expressed in your privacy policy and subject to user consent. 


Online payments

If your website enables financial transactions via a payment gateway you’ll need to modify your process to remove any personal information that has been held after a reasonable period. There is no explicit length of time given in GDPR regulations, but try to keep them only as long as is necessary. 


For more tips on improvements, you can make to your website take a look at our blog or get in touch with us at

Posted: September 2019

Author: Slate Team Member



Share this post:

Our Commitment To You During COVID-19

Due to the recent developments relating to COVID-19 (Coronavirus), we have decided to take the advised precautionary measures given by the Government to work remotely.

What does this mean for my site?
We are totally committed to our clients despite the temporary physical changes. All of our employees are equipped to seamlessly connect with our colleagues and our clients in a secure and productive environment, while working remotely at any time. We feel confident in our continued ability to serve your business, regardless of our physical work locations. This circumstance will not compromise the security of your site.

How can I reach you?
We are not physically based in our usual office until further notice, so if you’d like a meeting pertaining to the maintenance of your site or any new work, we can arrange a remote video chat meeting through Zoom or Skype at a suitable mutually agreed scheduled time.

Call & Email
If you’d like to contact us about your site our lines are still open from 9AM-5:30PM on 02077 395 918 and we’re constantly active through our email.

Thank you and be safe from the Slate team.