GDPR and your website

Your website may collect personal data (including IP Address) in the form of cookies, contact forms, opt-in forms and eCommerce. Whatever way you collect personal information, you must make the user aware of why and how their data is being collected and processed, for what purpose, for how long it will be kept, and if it will be shared with third parties or transferred outside of the EU.

You will need to do this in clear language and without ambiguity. You will need to provide prominent links to your Privacy Policy. You will also need to seek cookie consent and provide details of any other tools that may use a visitor’s personal data (including IP Address) such as Google Analytics, Facebook pixels etc. with an option to change their browser and cookie settings.

GDPR disclosure

Whether you have a membership site, sell products, or gather opt-in information, you must let your contacts (data subjects) know exactly what, why and how their data is being used:

  1. Who is managing their data (contact information)?
  2. What do you intend to do with their data?
  3. How will you protect their data?
  4. Why do you need their data?
  5. How long will you store their data?
  6. What are their rights to their data?
  7. Who else will get their data?

Furthermore, you must be transparent at the point of obtaining the data.

Obtaining the data directly

When collecting personal data directly from data subjects, the controller has to provide the following information to data subjects at the moment of the obtaining the data:

  • The controller’s identity and contact details
  • The contact details of the data protection officer (if applicable)
  • The purposes and legal basis for data processing
  • The recipients of the personal data
  • The fact that the controller intends to transfer personal data outside the EU (if applicable).

The role of the Data Protection Officer is covered in further detail in the Guide.

Obtaining the data indirectly

This is not generally relevant to the average small business but is covered in detail in my comprehensive Guide to GDPR.

If you would like further in-depth information on the GDPR please feel free to download my comprehensive Guide to GDPR. You will also receive limited follow-up support and gain access to a DATA AUDIT WORKBOOK, a CONSENT CHECKLIST and a GDPR CHECKLIST.

Next up is GDPR Part 6 – Data Protection Principles
Previous GDPR Part 4 – The people involved in compliance


Please note: The GDPR series of articles on this blog do not promise to be either a full synopsis or full interpretation of the GDPR. Indeed I have simply taken the most important aspects of the GDPR I feel are relevant to the small business owner. Everything you read online about the GDPR will be some kind of an interpretation, synopsis or summary of the GDPR. Unless, of course, you read the full text in itself.

Pin It on Pinterest