GDPR Summary: Website GDPR Compliance Guide


17 min read
Table of contents

    The GDPR is a new regulation by the EU. It changes a lot regarding how every website goes about doing their business. Even non EU-based sites and businesses are affected. You have to make your website GDPR compliant. Or you’re facing serious fines – up to € 20 million, or more, believe it or not.

    What is GDPR?

    The GDPR lays out specific requirements for businesses and organizations who are established in Europe or who serve users in Europe. It:

    • Regulates how businesses can collect, use, and store personal data
    • Builds upon current documentation and reporting requirements to increase accountability
    • Authorizes fines on businesses who fail to meet its requirements

    Who is impacted by GDPR?

    Individuals, organisations, and companies that are either 'controllers' or 'processors' of personal data will be covered by the GDPR.

    Who would be liable for GDPR compliance?

    Normally the website owner and the publisher. But as an agency, you might have a responsibility to your clients to make their websites GDPR compliant.

    GDPR is real, everyone is accountable:

    Google hit with £44m GDPR fine over ads - BBC News
    Google fined £44m for breaching EU privacy laws - The Independent
    Bounty UK fined £400,000 for sharing personal data unlawfully - ICO UK
    "Facebook recently transferred 1.5 billion of its international users from the jurisdiction of its European headquarters, in Ireland, to that of its US headquarters, with some speculating this was to avoid costly legal action resulting from breaches of the EU's General Data Protection Regulation (GDPR)." - BBC

    To be fully compliant with the GDPR law, a website has to fulfil three requirements:

    It must present visitors with information about the cookies the site uses, and their purpose.

    It must obtain consent to use those cookies. In most cases, consent can be implied, but sometimes it must be explicit.

    It should provide a mechanism for visitors to withdraw consent, and then respond to withdrawal by preventing further use of cookies.

    Cookie compliance for GDPR is provided by UniConsent CMP cookie discovery feature, always keeping your website in check, even if you add or remove cookies as your business grows.

    The impact on online advertising

    There are two types of online advertising: contextual targeting, which doesn’t require personal data and personalised targeting, which requires and is based on personal data collection from users.

    GDPR will not just have an impact on how marketers can collect data but how they use it to create personalised and targeted online advertising.

    Some think online targeting advertising will shift away from the use of personal data almost entirely as a result of GDPR.

    Using UniConsent CMP, marketers are able to collect consent from users about how to use personal data

    UniConsent CMP integrates with common ad servers like Google Doubleclick for Publishers and header bidding technologies.

    Publishers are able to keep their website GDPR compliance by providing users with the choices about if serving personalised ads and collecting personal data automatically.

    The impact on email marketing

    You need user's consent before sending marketing Email.

    Marketers cannot send emails without an unambiguous consent given by your users.

    Marketers must define the purpose for collecting the data and then ask the users to opt-in (given by choice) for each segment of the service you wish to offer an opt-out which should be mandatory.

    Simple General statements like "by signing up you agree to the basic rules, Terms of service and privacy policy" is not EU GDPR compliant.

    GDPR custom purpose

    Website hosting and services

    In order to enable your compliance with the GDPR, your hosting provider should include specific measures such as:

    • Encryption of personal data
    • Ability to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services & Ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident
    • Processes for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of processing

    AWS gives the best set of tools to become compliant.

    "Today, I’m very pleased to announce that AWS services comply with the General Data Protection Regulation (GDPR). This means that, in addition to benefiting from all of the measures that AWS already takes to maintain services security, customers can deploy AWS services as a key part of their GDPR compliance plans." - AWS

    This means moving or migrate your website onto AWS can be a key part of your GDPR compliance plan.

    Looking for migrating your website to AWS? Check Managed Cloud and servers service.

    The common issues about GDPR Consent implementation are:

    • No GDPR CMP installed, no consent process at all.
    • Simply put a GDPR CMP tag on website, recording user's choice, but not implement features like "blocking cookies" desired by a user.
    • Doesn't support Google DFP, Google Ads. Even if a user disables personalised ads at a consent manager. Because Google DFP is not supported by the consent manager, personalised ads are delivered to the user, thus user's personal data is collected, therefore violating the GDPR and potentially causing hefty financial loss.

    Does GDPR apply to your Ads campaigns?

    GDPR affects advanced Ads users who are running campaigns targeting EEA countries.

    How UniConsent CMP works for GDPR

    IAB Europe certified CMP

    UniConsent is certified by IAB EU with CMP #68.

    It is built based on IAB Europe Transparency & Consent Framework.

    IAB Europe Transparency & Consent Framework (Framework) has a simple objective to help all parties in the digital advertising chain ensure that they comply with the EU’s General Data Protection Regulation and ePrivacy Directive when processing personal data or accessing and/or storing information on a user’s device, such as cookies, advertising identifiers, device identifiers and other tracking technologies.

    GDPR google policy

    Google DFP is used by major online digital publishers, but Google has not joined IAB Europe Transparency & Consent Framework.

    Google EU user consent policy is not supported by most of IAB CMP.

    UniConsent CMP provides the features to disclose Google vendors and opt-in/opt-out Google personalised ads based on Google EU user consent policy for Ad Manager and Ad Exchange.

    UniConsent has the feature to make GDPR compliance easy.

    Cookie blocking

    A publisher is able to block all cookies based on consent given by the user.

    Analytics and insight

    A publisher is able to see the analytics about consent rate, the whole process of consent from users.

    GDPR custom purpose

    A publisher is able to display the information about all the cookies on the website to users.

    FeaturesUniConsent CMPOther Free CMPOther Paid CMP

    First Party Data Collection Consent

    Programmatic 1st Layer UI

    IAB Europe Transparency & Consent Framework v1

    IAB Europe Transparency & Consent Framework v2

    U.S. CCPA California Consumer Privacy Act

    Custom IAB TCF Vendors List

    Cookies Scanning and Disclosing

    On demand Cookies Scanning

    Scheduling Cookies Scanning

    Multiple URLs Cookies Scanning

    Cookies Classification

    Cookies Pause ™ and Automated Compliance

    Realtime Consent Analytics and Insight

    Manage Multiple Websites in One Account

    Consent History and Logs

    Customisable Multiple Stages CMP UI

    One-tag Implementation

    Wordpress Plugin

    Multiple Languages Support

    Build-in Tag Manager and Loader

    Google Tag Manager Integration

    Consent Analytics and Insight

    Google DFP (GAM) Support

    Programmatic Header Bidding Support

    Custom Data Purpose

    Custom Vendors

    Minimum Performance Impact

    Content Security Policy (SRI, CSP)

    ADA Compliance

    Google Consent Mode

    Technical Support

    Get started to make your website and application compliant for EU GDPR, US CPRA, CA PIPEDA etc

    Sign up

    Get started to make your website and application compliant for EU GDPR, US CPRA, CA PIPEDA etc

    Sign up