top of page


6 steps to create a GDPR compliant website

How to create a GDPR compliant website

Think of the moment when your potential customers are shopping online and it’s time to share their personal data, like their address, credit card information or phone number on either your eCommerce site or business website. For first-time visitors, they’ll probably look for indicators that your site is reputable, with standard protocols for security and privacy. In fact, 75% of consumers will not buy products from a company if they can’t trust them to protect their data.

These expectations have been reinforced by the General Data Protection Regulation (GDPR) and the ePrivacy Directive, intended to strengthen and unify data protection for European Union (EU) citizens, whether or not your business is located in the EU.

If you're looking into making a website targeting consumers in the EU, you'll need to understand more about making sure its GDPR compliant. Understanding how to plan your website is a step not to be missed here.

GDPR/ePrivacy compliant website checklist

01. Fine-tune privacy policies

With GDPR, your site privacy policies must disclose the ways your website gathers, uses, and manages visitor data. They must be explicit, stated clearly and available in an easy-to-find document that says how you process data and the legal basis for it. You’ll want to state what data is being saved and how visitors can retrieve their data or delete it. If you're building a website from scratch its worth starting with your privacy policies.

02. Obtain clear consent to use tracking technologies

Complementary to GDPR is ePrivacy Directive, which addresses tracking technologies, like cookies. If you’re going to use tracking technologies on your site, you must ask for consent from the visitor before such tracking technologies are placed on the visitor’s browser. Consider adding a cookie banner, which alerts site visitors of cookies prior to them being placed on their browsers. The data collected can only be used under the legal basis that consent was given. Keep in mind that the ePrivacy directive also requires a Cookie Policy which includes the name, type, purpose and duration of each tracking technology placed on the visitor’s browser.

03. Make sure plugins are GDPR compliant

The more plugins you have, the more work you’ll have managing updates, changes in business models and so on. Many plugins are offered as GDPR compliant, but you’ll still need to check. Installing plugins according to the vendor’s guidelines won’t be enough to meet GDPR compliance requirements. However, website platforms like Wix are already GDPR compliant and use web apps that update automatically instead of plugins.

04. Remove data that’s no longer needed

GDPR requires that all personal data related to a single individual must be accessible by that person and in a complete, accurate and portable form. The site owner needs to understand what personal data is stored, where it came from, who it’s shared with and why. You should review data you're collecting to better understand why you need it. For example, analyzing purchasing trends is good, but storing complete credit card numbers for this purpose is not. So, you should limit the data you collect and store via form submissions.

05. Clean up mailing lists

Are you using mailing lists with correct consent? Under GDPR, receiving contact information from a public source, like Linkedin or a business card, doesn’t imply a legal basis. However, If someone has engaged with your business after using a product or service, they’ve indicated a desire to connect with you. In this case, you may have a legitimate reason to email them. Cleaning up mailing lists to follow GDPR compliance is also a smarter way to run targeted email marketing campaigns that will help you reach the right people.

06. Use GDPR compliance to help build brand trust

Look at GDPR compliance requirements as a way to protect customer data, build trust and create long-term customer relationships when creating specific types of websites. GDPR also levels the playing field by giving small businesses the ability to process data on their customers when used in the right way. This opens a rich source of insight for innovation with creating a professional website or starting a business.

You can browse all the Wix support articles on GDPR compliance to get a more full scope on the topic.

*Any information contained herein is not legal advice and you should not rely upon it as such. The GDPR is a complex regulation and require multiple actions from site owners. We recommend that you seek legal advice to understand and to prepare for possible additional requirements stated in such regulations.

Was this article helpful?

bottom of page