How to make your site GDPR compliant

The GDPR came into effect on May 25th, 2018 making the way information is collected and processed more transparent. This is a law that was put into effect in the European Union (EU), meaning if you collect or process the information of residents, citizens, or visitors of people in the EU you will need to make sure that your website is GDPR compliant. Read on to find out how to make your site GDPR compliant.

Follow our simple checklist to ensure that your business follows all of the rules and regulations under the new GDPR law:

  • Define: The first thing you will need to do is research the GDPR and find what they define as personal information.
  • Access & Identify: Next, go through all your websites, applications, and documents collecting and processing personal information. The next step is to document what personal information you are ordering and for what reason. Some information can be buried deep in various fields, meaning you may have to do some digging to get accurate information. Considering the sheer volume of data that needs to be extracted, this process probably won’t be able to be done manually, and you may have to invest in some online tools to get the job done.
  • Update: The next step is to go through your privacy policy and update it, so it tells visitors what information you are collecting and why you are collecting it. If you collect data but have no privacy policy you will need to publish one in order to be GDPR compliant. You will also need to have some kind of form that gets and records consent to obtain the personal information that you are collecting.
  • Exporting and Deleting: With the GDPR users can request a copy of their information or ask that their data be deleted. You need to have a plan in place where you can, within 30-days, export a person’s data to them in a well-known format, or remove their information if need be.
  • Protect: If you are collecting data of any kind you should already have security measures in place, but with the new regulations in place it’s a good idea to go over your security plan and see if anything needs updating. The GDPR requires that data collectors and processors have three levels of protection, encryption, anonymization, and pseudonymization. You should also look at data protection by design and see how these practices can improve the security of your site.

With the GDPR now in effect, it is essential to your business that you comply with all of its rules and regulations. If you have any questions about the GDPR, you can check out these articles in the HostPapa Knowledge Base:

If you need help with your HostPapa account, please open a support ticket from your dashboard.

Related Articles

This post is also available in: EspañolDeutsch
Get online with our affordable web hosting

Get online with our affordable web hosting

Learn more now
HostPapa Mustache