Glossary
security

GDPR

Definition

The General Data Protection Regulation – EU law governing how businesses collect, store, and use personal data of EU residents.

What is GDPR?

The General Data Protection Regulation is EU legislation that governs how organisations handle personal data of EU residents. It applies to any business that collects data from EU citizens, regardless of where the business is located.

For UK businesses post-Brexit, similar rules continue under the UK GDPR and Data Protection Act 2018.

Why GDPR Matters

Legal Requirement

Non-compliance can result in fines up to 20 million euros or 4% of global annual turnover – whichever is higher.

Customer Trust

GDPR compliance demonstrates respect for customer privacy, building trust.

Better Data Practices

GDPR forces organisations to think carefully about what data they collect and why.

Competitive Advantage

Strong privacy practices can differentiate you from competitors who treat data carelessly.

Key GDPR Principles

Lawfulness and Transparency

You must have a legal basis for processing data and be transparent about how you use it.

Purpose Limitation

Only collect data for specified, explicit purposes. Don't repurpose it without consent.

Data Minimisation

Only collect data you actually need. Don't gather information "just in case."

Accuracy

Keep personal data accurate and up to date.

Storage Limitation

Don't keep data longer than necessary. Define retention periods.

Security

Protect data against unauthorised access, loss, or destruction.

Website GDPR Requirements

Privacy Policy

Clear explanation of what data you collect, why, and how it's used.

Cookie Consent

Obtain consent before setting non-essential cookies. Cookie banners must offer real choice.

Contact Forms

Explain what you'll do with submitted information. Consider consent checkboxes.

Email Marketing

Only send marketing to people who explicitly consented. Easy unsubscribe required.

Analytics

Configure tools like Google Analytics for GDPR compliance. Consider anonymising IP addresses.

Data Subject Rights

Provide ways for people to access, correct, or delete their data.

Individual Rights Under GDPR

People have the right to:

  • Access their data
  • Correct inaccurate data
  • Have data deleted (right to be forgotten)
  • Object to processing
  • Data portability
  • Not be subject to automated decisions

Practical Steps for Websites

  1. Audit what data you collect
  2. Document your legal basis for each type
  3. Write a clear privacy policy
  4. Implement proper cookie consent
  5. Secure your data appropriately
  6. Have a process for handling data requests
  7. Know what to do if there's a breach

Beyond Compliance

GDPR compliance isn't a one-time task. It requires ongoing attention as your website evolves and new features are added.

Related Terms

Cookie Consent

The process of informing visitors about cookies and obtaining their permission before storing non-essential cookies on their devices.

Data Encryption

Converting data into code that can only be read with the correct key, protecting information during transmission and storage.

Privacy Policy

A legal document explaining what personal data your website collects, how it's used, stored, and protected.

Website Security

Protecting your website from hackers, malware, and data breaches through technical measures and good practices.

Explore More Terms

301 RedirectDashboardLazy LoadingScreen ReaderZero-Click Search

Previous

Fulfilment

All Terms

Next

Goal Tracking

Want to Learn More?

Check out our in-depth guides on web design, SEO, and digital marketing.

Browse All GuidesAsk a Question