GDPR: Basics, Principles, and Tips for Compliance

What is the GDPR and who needs to comply with it

Personal data and its processing

How to properly handle personal data

  • Lawfulness, fairness and transparency. A company must have a lawful basis to process personal data (e.g. consent of data subject, contract, vital interest etc.). Also, it should process the data fairly meaning that it must be processed in the way as it’s described in the privacy policies. And, finally, individuals should know what and how their personal data is processed.
  • Purpose limitations. Companies cannot use personal data for any other purpose than the purpose it was collected for.
  • Data minimization. Only the minimum sufficient amount of data required for a specific purpose should be processed by a company.
  • Accuracy. Companies should ensure that the processed data is accurate and up to date.
  • Storage limitations. The data should be processed for no longer than it’s required for a determined purpose.
  • Integrity and confidentiality. Companies should implement appropriate security measures and ensure the protection of personal data against unlawful processing, accidental loss, destruction or damage.

Privacy by design and how to achieve it

How to make your website GDPR-compliant

  • Review your contact forms. Such contact forms should not ask for any information besides the information you absolutely need for providing the services. The compulsory element is a check-box for users to express their consent with the terms and conditions. It’s essential that all the checkboxes are unticked, so users themselves can make a choice. If you want, you may also add some explanations of why you need particular data (e.g. “we need your phone number to have an opportunity to contact you”).
  • Make sure that users agreed to receive newsletters from you. As a website owner, you should not send any marketing materials to users who did not explicitly agree to receive them (e.g. by leaving their email addresses). Besides that, there you be an option to unsubscribe.
  • Place your privacy policy on your website. Users must have an opportunity to easily access the information about how a website uses their data. So make sure to have a visible reference to it.
  • Let the users be forgotten. One of the most important individual’s rights under the GDPR is the right to be forgotten. This means that users can request to remove their data from a website and as a website owner you should ensure that there is the relevant procedure in place.




Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store