GDPR: What impact does it have on my website?

  • News

  • Services

01/10/2023

Elodie

Elodie

Lead Frontend Developer

The GDPR came into effect on May 25, 2018. This European regulation governing the use of personal data is now essential, but it remains largely misunderstood in terms of its substance. What exactly is the GDPR, and what does it mean for both the user and the company that owns a website? These are the points we will explore together.

What is the GDPR?

GDPR stands for “General Data Protection Regulation.” You might also hear the equivalent term in French, RGPD (Règlement Général sur la Protection des Données).

The GDPR regulates the processing of personal data within the European Union and applies to any organization, whether based in Europe or targeting European residents, that processes users’ personal data.

  • Personal data refers to direct information about a user (name, first name, etc.) as well as indirect information (phone number, email address, etc.) and more broadly, a set of personal data (purchase behavior, location, age, etc.).
  • Processing of personal data refers to any processing that has a legitimate purpose for your business activity: collection, storage, recording, consultation, organization, adaptation, modification, extraction, use, transmission, etc.

The GDPR aims to ensure transparency for the user, who must know what personal data is being collected about them and for what purpose.

The user must be able to give their consent or, conversely, object to the processing of their data, and must be able to adjust this consent at any time.

They must also be able to access the collected information, modify their data, or request its deletion.

Does the GDPR apply to my website?

A website may contain users’ personal information. In fact, it is rare for a website not to collect any personal data. The GDPR, therefore, applies to this communication tool as well.

Here are some examples of user information subject to the GDPR that a website may collect:

  • Tracking information via monitoring tools: Google Analytics, Facebook Pixel, …
  • Tracking information via marketing tools: Google Ads, TrustPulse, …
  • Tracking information via CRM tools: Hubspot, Hotjar, …
  • Registration data added to a database: brochure download forms, contest sign-ups, …
  • Data sent via API to an external tool: online quote requests, newsletter sign-ups, …

How do I make my website GDPR-compliant?

To make your website GDPR-compliant, you need to provide the user with the ability to make choices for each element/action that collects information about them.

Certainly, this isn’t ideal for marketing departments, as user data available for analysis or marketing purposes is reduced, but the user’s explicit choice takes precedence.

There are three main functionalities to implement to give users this choice: the cookie banner, opt-in checkboxes on forms, and the cookie policy page.

Cookie Banner

Cookies are files that store data to be reused later. This is done to facilitate navigation on your site, but also for analysis or marketing purposes. A large amount of user data is thus stored and used through cookies.

These cookies are listed in a tool like a cookie banner, which categorizes the cookies into different categories (functional, statistical, marketing) with an explanation of each cookie’s nature.

Depending on the tool chosen, the user may authorize each category of cookie independently, or even each individual cookie in some tools.

There are many solutions on the market: Axeptio, Cookiebot, Tarte au Citron, … Some web agencies have even created their own cookie banners. Feel free to compare several tools to choose the one that best meets your site’s needs.

Implementing the cookie banner requires intervention from your developer, who must ensure that each cookie is triggered or not based on the user’s consent.

Opt-in Checkboxes on Forms

The other part involves obtaining the user’s consent for the data entered through the various forms on the site.

Whether it’s a newsletter sign-up form, a contest form, a brochure download form, etc., it is imperative that a checkbox is present to authorize the processing of the user’s data who fills out the form.

This checkbox must be opt-in, meaning the user must take the action to check the box, as opposed to opt-out, where the box is checked by default, and the user must uncheck it if they oppose the processing of their data.

The label must also clearly state the purpose of processing their data.

Example: “I wish to receive the monthly newsletter from XXX,” “I agree to be contacted regarding the quote request.”

Cookie Policy

The cookie policy page will gather all the useful information regarding the explanation of the cookies on the site.

On this page, you can find various information such as:

  • An explanation of internal and third-party cookies
  • The purpose of data processing
  • Explanation of cookie management
  • The contact point for accessing, correcting, and deleting personal data.

Any company that does not comply with the GDPR is exposed to sanctions.

Need an analysis or GDPR compliance review of your website? Contact us!

Any questions?

Our team is here to support you in your development projects.

Let's talk about
your project!

Contact us to discuss your needs over a coffee!