There are four steps to make your website GDPR compliant: Privacy Policy, Cookies Compliance, Data Subject Rights, and a System of Record
Whilst your website only forms a small part of your overall GDPR compliance approach, it is an important one, usually serving as the first point of contact with your users.
It is important therefore that you establish a strong foundation of compliance on your website, making it easier to build your overall compliance program.
This robust foundation should be formed of four key parts:
1. Privacy Policy: publish a comprehensive privacy policy on your website which outlines your company’s data practices.
2. Cookies Compliance: this should be formed of a cookies policy and a cookies consent tool.
3. Data Subject Rights: ensure you have mechanisms in place for your users to exercise their data privacy rights.
4. System of Record: you must ensure you keep a record of each individual data access request you receive.