{"id":3727,"date":"2024-08-30T08:17:29","date_gmt":"2024-08-30T08:17:29","guid":{"rendered":"https:\/\/avacysolution.com\/?p=3727"},"modified":"2025-03-07T13:58:45","modified_gmt":"2025-03-07T13:58:45","slug":"come-avere-un-sito-a-norma-gdpr-la-checklist-essenziale","status":"publish","type":"post","link":"https:\/\/avacysolution.com\/en\/blog\/gdpr\/how-to-have-a-gdpr-compliant-website-the-essential-checklist\/","title":{"rendered":"How to have a GDPR-compliant website: the essential checklist"},"content":{"rendered":"<p class=\"translation-block\">The <strong>General Data Protection Regulation<\/strong> (<strong>GDPR<\/strong>) has revolutionized the way companies handle and protect personal data of European Union citizens. For websites, it has become mandatory to be GDPR compliant.<\/p>\n\n\n\n<p class=\"translation-block\">In this article, we will explore the <strong>fundamental steps to make a website GDPR compliant<\/strong>, ensuring that data collection and processing practices comply with the provisions of this regulation.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What does it mean to be GDPR compliant?<\/h2>\n\n\n\n<p class=\"translation-block\">Being compliant with GDPR regulations means <strong>respecting a set of specific requirements<\/strong> regarding the <strong>collection<\/strong>, <strong>use<\/strong>, <strong>storage<\/strong> and <strong>protection of personal data<\/strong>.<\/p>\n\n\n\n<p>These requirements include:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"translation-block\">Obtaining <strong>explicit consent<\/strong> from users before collecting their data.<\/li>\n\n\n\n<li class=\"translation-block\"><strong>Informing users<\/strong> about how their data will be used.<\/li>\n\n\n\n<li class=\"translation-block\">Allowing users to <strong>access<\/strong>, <strong>modify<\/strong> or <strong>delete<\/strong> their data.<\/li>\n\n\n\n<li class=\"translation-block\"><strong>Protecting data<\/strong> from unauthorized access or breaches.<\/li>\n<\/ul>\n\n\n\n<p>So how do you make your website compliant with these regulations? Here's the checklist of essential elements you should absolutely have:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Cookie banner<\/li>\n\n\n\n<li>Privacy policy<\/li>\n\n\n\n<li>Cookie policy<\/li>\n\n\n\n<li>Data request forms and modules<\/li>\n\n\n\n<li>The choice of providers<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\">1. Cookie banner<\/h2>\n\n\n\n<figure class=\"wp-block-image aligncenter size-large\"><img fetchpriority=\"high\" decoding=\"async\" width=\"1024\" height=\"549\" src=\"https:\/\/media.jumpgroup.it\/avacy-website\/uploads\/2024\/06\/cookie-banner-robinson-1024x549.jpg\" alt=\"Cookie banner su Robinson Pet Shop\" class=\"wp-image-3549\" srcset=\"https:\/\/media.avacysolution.com\/avacywebsite\/uploads\/2024\/06\/cookie-banner-robinson-1024x549.jpg 1024w, https:\/\/media.avacysolution.com\/avacywebsite\/uploads\/2024\/06\/cookie-banner-robinson-300x161.jpg 300w, https:\/\/media.avacysolution.com\/avacywebsite\/uploads\/2024\/06\/cookie-banner-robinson-768x412.jpg 768w, https:\/\/media.avacysolution.com\/avacywebsite\/uploads\/2024\/06\/cookie-banner-robinson-1536x824.jpg 1536w, https:\/\/media.avacysolution.com\/avacywebsite\/uploads\/2024\/06\/cookie-banner-robinson-18x10.jpg 18w, https:\/\/media.avacysolution.com\/avacywebsite\/uploads\/2024\/06\/cookie-banner-robinson.jpg 1754w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"translation-block\">The <strong>cookie banner<\/strong> is that rectangular window that opens as soon as we enter a new site. This banner is an important element because it <strong>informs the user<\/strong> that <strong>cookies are present<\/strong> on the site, their <strong>type<\/strong> (technical, statistical, marketing, etc.) and gives the user the option to <strong>accept or refuse<\/strong> their use.<\/p>\n\n\n\n<p class=\"translation-block\">Essentially, the cookie banner is a <strong>technical tool<\/strong> that performs the main function of <strong>informing the user<\/strong> and <strong>preventively blocking all cookies<\/strong> that are not technical. Therefore, if the user closes the banner window or decides not to accept cookies, the site must not release statistical, marketing, or profiling cookies, i.e., anything that is not strictly technical.<\/p>\n\n\n\n<p class=\"translation-block\">How do I get a cookie banner? There are many services that offer this opportunity. Among these is <strong>Avacy<\/strong>, a <strong>consent management platform<\/strong> that allows you to create a <strong>customizable cookie banner<\/strong> that perfectly adapts to your website's design and reflects your brand image. You just need to follow <a href=\"https:\/\/avacysolution.com\/en\/blog\/guide\/how-to-configure-the-cookie-banner\/\">this guide<\/a>.<\/p>\n\n\n\n<button><a href=\"https:\/\/avacy.eu\/registration\">Try Avacy for free<\/a><\/button>\n\n\n\n<h2 class=\"wp-block-heading\">2. Privacy policy<\/h2>\n\n\n\n<p class=\"translation-block\">The <strong>privacy policy<\/strong>, on the other hand, is part of what are called \"<strong>legal documents<\/strong>\" and is a text that reports in a <strong>comprehensive<\/strong>, <strong>clear<\/strong> and <strong>transparent<\/strong> manner all the necessary information on how we manage and use the data collected on the website.<\/p>\n\n\n\n<p class=\"translation-block\">The <strong>privacy policy<\/strong> must therefore contain:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li class=\"translation-block\">Who is the <strong>data controller<\/strong>, i.e., the owner of the website (usually they are the data controller);<\/li>\n\n\n\n<li class=\"translation-block\"><strong>What data is collected<\/strong> on the website;<\/li>\n\n\n\n<li class=\"translation-block\"><strong>How this data is used<\/strong>;<\/li>\n\n\n\n<li class=\"translation-block\"><strong>How long<\/strong> the data remains saved;<\/li>\n\n\n\n<li class=\"translation-block\">For what <strong>purposes<\/strong> the data is collected;<\/li>\n\n\n\n<li>Who can have access to the data;<\/li>\n\n\n\n<li class=\"translation-block\">How the user can request to be <strong>deleted<\/strong>.<\/li>\n<\/ol>\n\n\n\n<p class=\"translation-block\">The privacy notice is one of the <strong>most important documents<\/strong> for a website because it explains exactly what we do with users' data, both for those who simply visit the website and for those who interact more, such as online buyers or those who subscribe to services like the newsletter.<\/p>\n\n\n\n<p class=\"translation-block\">Moreover, it is important that this document is <strong>clearly visible and accessible from every page<\/strong> of the website and in all forms where the user is asked to enter their personal data. Often, within sites, the privacy policy is hidden among the pages, relegated to a small invisible link because \"<em>...anyway no one reads it and it only takes up space!<\/em>\". It's clear that privacy is not the main content of the site but, for those who want to consult it, it must be found without difficulty by everyone, especially by the privacy authority during verification.<\/p>\n\n\n\n<p class=\"translation-block\">The advice is to create a <strong>dedicated page for the privacy policy<\/strong> and insert the link in the footer or directly in the cookie banner, and in all data request forms.<\/p>\n\n\n\n<p class=\"translation-block\">How do I get these legal documents? As with the cookie banner, there are services that offer us the possibility to generate these documents. For example, Avacy creates the privacy policy <strong>automatically,<\/strong> simply by answering a series of questions. Alternatively, you can manually insert the text of the privacy policy in the dedicated space.<\/p>\n\n\n\n<button><a href=\"https:\/\/avacy.eu\/registration\">Try Avacy for free<\/a><\/button>\n\n\n\n<h2 class=\"wp-block-heading\">3. Cookie policy<\/h2>\n\n\n\n<p class=\"translation-block\">The <strong>cookie policy<\/strong> is a document that describes <strong>how a website uses cookies<\/strong> and other tracking technologies to collect information about users.<\/p>\n\n\n\n<p>Cookies are small text files that are saved on the user's device while browsing a website. These files contain data that can be used for various purposes, such as remembering user preferences, collecting statistical data, or providing personalized content.<\/p>\n\n\n\n<p>It is important that the cookie policy contains:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li class=\"translation-block\">A general explanation of <strong>what cookies are and how they work<\/strong>. This includes a description of similar tracking technologies, such as tracking pixels or monitoring scripts.<\/li>\n\n\n\n<li class=\"translation-block\">The <strong>types of cookies used<\/strong>: technical and necessary cookies (essential for the functioning of the website), performance cookies (collect information on site usage to improve performance and user experience), functionality cookies, targeting or advertising cookies, etc.<\/li>\n\n\n\n<li class=\"translation-block\"><strong>Purpose of using cookies<\/strong>, i.e., an explanation of why the site uses cookies, for example to improve user experience, analyze site traffic, or provide personalized advertising.<\/li>\n\n\n\n<li class=\"translation-block\">Information on <strong>third-party cookies<\/strong>: details on cookies inserted by third parties, such as advertisers or analytics providers, and how these cookies are used.<\/li>\n\n\n\n<li class=\"translation-block\">Instructions on <strong>how users can manage cookie settings<\/strong>, for example by changing preferences in the browser or using tools provided by the site itself, such as a consent banner.<\/li>\n\n\n\n<li class=\"translation-block\">Information on the <strong>duration of cookie storage<\/strong>, i.e., how long cookies remain active on users' devices, differentiating between temporary (session) and permanent cookies.<\/li>\n\n\n\n<li class=\"translation-block\">Description of how data collected through cookies is processed in <strong>compliance with privacy laws<\/strong> and whether it is shared with third parties.<\/li>\n<\/ol>\n\n\n\n<p class=\"translation-block\">Presenting the cookie policy on the website is fundamental as according to the GDPR it is <strong>mandatory to inform users about the use of cookies<\/strong> and <strong>obtain their consent<\/strong> before storing or accessing cookies on their devices.<\/p>\n\n\n\n<p class=\"translation-block\">Among its features, <strong>Avacy generates a cookie policy<\/strong> compliant with regulations. By scanning the website, Avacy is able to analyze active cookies on the site and, in an automated manner, inserts them into the cookie policy, adapting the website to GDPR regulations.<\/p>\n\n\n\n<button><a href=\"https:\/\/avacy.eu\/registration\">Try Avacy for free<\/a><\/button>\n\n\n\n<h2 class=\"wp-block-heading\">4. Data request forms and modules<\/h2>\n\n\n\n<figure class=\"wp-block-image aligncenter size-large\"><img decoding=\"async\" width=\"1024\" height=\"897\" src=\"https:\/\/media.jumpgroup.it\/avacy-website\/uploads\/2024\/08\/privacy-policy-form-tagliapietra-1024x897.png\" alt=\"Privacy policy form dati\" class=\"wp-image-3733\" srcset=\"https:\/\/media.avacysolution.com\/avacywebsite\/uploads\/2024\/08\/privacy-policy-form-tagliapietra-1024x897.png 1024w, https:\/\/media.avacysolution.com\/avacywebsite\/uploads\/2024\/08\/privacy-policy-form-tagliapietra-300x263.png 300w, https:\/\/media.avacysolution.com\/avacywebsite\/uploads\/2024\/08\/privacy-policy-form-tagliapietra-768x673.png 768w, https:\/\/media.avacysolution.com\/avacywebsite\/uploads\/2024\/08\/privacy-policy-form-tagliapietra-1536x1346.png 1536w, https:\/\/media.avacysolution.com\/avacywebsite\/uploads\/2024\/08\/privacy-policy-form-tagliapietra-14x12.png 14w, https:\/\/media.avacysolution.com\/avacywebsite\/uploads\/2024\/08\/privacy-policy-form-tagliapietra.png 2022w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"translation-block\">If your website contains sections that require personal data, such as <strong>contact forms<\/strong>, <strong>newsletter subscription<\/strong> forms or <strong>checkout forms<\/strong> in case of e-commerce, it is important to pay attention to these 4 points indicated in the GDPR.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li class=\"translation-block\">Request <strong>only the data strictly necessary<\/strong> to achieve the intended <strong>purpose<\/strong>. For example, requesting a phone number in a newsletter subscription form would be inappropriate as it is not necessary for achieving that specific purpose (sending marketing communications).<\/li>\n\n\n\n<li class=\"translation-block\">Always include a checkbox with a <strong>link to the privacy policy<\/strong> and a message such as \"I have read and accept the data processing methods described in the Privacy Policy\".<\/li>\n\n\n\n<li class=\"translation-block\">Provide a <strong>separate consent checkbox for each specific purpose<\/strong>, for example: one for sending marketing communications, another for consent to profiling, and perhaps a third for transferring data to other controllers.<\/li>\n\n\n\n<li class=\"translation-block\">The checkboxes <strong>must not be pre-selected<\/strong>.<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">Consent archive<\/h3>\n\n\n\n<p class=\"translation-block\">Attention! If you use user data collected through forms for profiling and marketing activities, it is very likely that you need a <strong>consent archive<\/strong>!<\/p>\n\n\n\n<p class=\"translation-block\">A consent archive is a tool that allows you to <strong>record and store<\/strong> the \"proof\" that the user has effectively <strong>consented to the processing of personal data<\/strong>. Keeping track of the consent provided by users is extremely important to <strong>ensure transparency and compliance<\/strong> with regulations.<\/p>\n\n\n\n<p class=\"translation-block\">A useful tool to <strong>easily and centrally manage consents<\/strong> for your data collection forms on the site is <strong>Avacy<\/strong>. With Avacy's consent archive, you can customize and integrate your modules and forms to collect and document consent in compliance with GDPR.<\/p>\n\n\n\n<button><a href=\"https:\/\/avacy.eu\/registration\">Try Avacy for free<\/a><\/button>\n\n\n\n<h2 class=\"wp-block-heading\">5. The choice of providers<\/h2>\n\n\n\n<p>Website providers are entities that provide services or technologies that generate and manage cookies used by the site. These providers can be both internal and external to the website and may include:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"translation-block\"><strong>Analytics and tracking<\/strong> providers, such as Google Analytics, Tag Manager, Hotjar and others.<\/li>\n\n\n\n<li class=\"translation-block\"><strong>Advertising and marketing<\/strong> providers: Google Ads, Facebook Ads, LinkedIn Ads, etc.<\/li>\n\n\n\n<li class=\"translation-block\"><strong>Social media<\/strong> providers: Facebook, Twitter, Instagram and others.<\/li>\n\n\n\n<li class=\"translation-block\">Site <strong>functionality<\/strong> providers: such as plugins and widgets.<\/li>\n\n\n\n<li class=\"translation-block\"><strong>Hosting service<\/strong> providers.<\/li>\n<\/ul>\n\n\n\n<p class=\"translation-block\">These providers manage cookies for various purposes, such as monitoring visits, personalized advertising, improving user experience or security. It is important that, in the <strong>cookie notice<\/strong>, the website specifies <strong>the providers involved<\/strong> and their <strong>purposes<\/strong>.<\/p>\n\n\n\n<p class=\"translation-block\">In fact, <strong>users<\/strong> must be <strong>clearly informed<\/strong> about the providers to whom their data is sent if they decide to accept cookies.<\/p>\n\n\n\n<p class=\"translation-block\">The <strong>site's providers must also be GDPR compliant<\/strong>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Site hosting<\/h3>\n\n\n\n<p class=\"translation-block\">Where the site's data resides is a crucial aspect in terms of privacy. Articles 44-46 of the GDPR clearly establish that the transfer of personal data of EU residents to third countries that do not offer adequate <strong>guarantees of data security and protection<\/strong> always requires the <strong>explicit consent of the data subjects<\/strong>. In the absence of this consent, the data processing is considered <strong>illegal<\/strong>.<\/p>\n\n\n\n<p class=\"translation-block\">Today, many websites use hosting services based on <strong>servers<\/strong> located in cloud data centers distributed<strong> all over the world<\/strong>. It is therefore essential to know where this data is actually stored, especially if personal data is stored in third countries that do not have clear regulations on data protection, such as Russia, China and India.<\/p>\n\n\n\n<p>It is therefore advisable to rely on cloud service providers that offer hosting in data centers located within the EU or in the United States, where the Privacy Shield exists, and that openly declare this information in their policies.<\/p>\n\n\n\n<p class=\"translation-block\">In any case, if you decide to use a <strong>non-EU hosting service<\/strong>, you must clearly inform your users in your <strong>privacy notice<\/strong>, indicating where the data is stored and whether the country offers adequate guarantees in terms of data protection. If such guarantees are not present, it is necessary to obtain <strong>the explicit consent of users<\/strong> for the transfer of data to non-EU countries.<\/p>\n\n\n\n<button><a href=\"https:\/\/avacy.eu\/registration\">Make your site compliant now!<\/a><\/button>\n\n\n\n<h2 class=\"wp-block-heading\">Is it possible to have a 100% compliant website?<\/h2>\n\n\n\n<p class=\"translation-block\">Making a website <strong>fully compliant with regulations<\/strong> is an ambitious but not impossible goal. However, it is important to note that 100% compliance can be <strong>difficult to guarantee<\/strong> in absolute terms, as regulations and guidelines can evolve over time.<\/p>\n\n\n\n<p>To achieve compliance, follow the guidelines in this article. Following these practices can help minimize risks and maintain a high level of compliance.<\/p>\n\n\n\n<p class=\"translation-block\">Remember that every site is different, and none can be completely invulnerable. The best solution is to consult a <strong>legal expert in digital matters<\/strong>.<\/p>\n\n\n\n<p class=\"translation-block\">Avacy is a platform designed with the help of a team of legal experts to make your website compliant in an easy and intuitive way.<\/p>\n\n\n\n<button><a href=\"https:\/\/avacy.eu\/registration\">Try Avacy for free<\/a><\/button>\n\n\n\n<h2 class=\"wp-block-heading\">Do all websites need to be GDPR compliant?<\/h2>\n\n\n\n<p class=\"translation-block\">The GDPR regulation applies mainly to <strong>websites<\/strong> that <strong>collect and process personal data<\/strong> of users.<\/p>\n\n\n\n<p>If a website is purely informative and does not collect personal data, it might not be subject to the same obligations. However, most websites, even those that seem simple, often collect some form of personal data and therefore must comply with the regulation.<\/p>\n\n\n\n<button><a href=\"https:\/\/avacy.eu\/registration\">Make your site compliant now!<\/a><\/button>\n\n\n\n<h2 class=\"wp-block-heading\">What happens if I don't comply with GDPR?<\/h2>\n\n\n\n<p class=\"translation-block\">Non-compliance can lead to <strong>significant penalties<\/strong>, up to 4% of the company's annual global turnover, or 20 million euros, whichever is greater.<\/p>\n\n\n\n<p class=\"translation-block\">In some cases, criminal sanctions may also be imposed, depending on the <strong>severity of the violation<\/strong> and national laws. Moreover, companies may be obliged to <strong>compensate for damages caused to data subjects<\/strong> due to the violation. Finally, a temporary ban on the processing of personal data may be imposed until a condition of compliance is restored.<\/p>\n\n\n\n<p class=\"translation-block\">These measures are designed to ensure that companies <strong>take personal data protection seriously<\/strong> and adopt the <strong>necessary measures to comply with regulations<\/strong>.<\/p>\n\n\n\n<button><a href=\"https:\/\/avacy.eu\/registration\">Make your site compliant now!<\/a><\/button>","protected":false},"excerpt":{"rendered":"<p>The General Data Protection Regulation (GDPR) has revolutionized the way companies handle and protect personal data of European Union citizens. For websites, it has become mandatory to be GDPR compliant.\n\nIn this article, we will explore the fundamental steps to make a website GDPR compliant, ensuring that...<\/p>","protected":false},"author":14,"featured_media":3732,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[17],"tags":[],"class_list":["post-3727","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-gdpr"],"acf":[],"_links":{"self":[{"href":"https:\/\/avacysolution.com\/en\/wp-json\/wp\/v2\/posts\/3727","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/avacysolution.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/avacysolution.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/avacysolution.com\/en\/wp-json\/wp\/v2\/users\/14"}],"replies":[{"embeddable":true,"href":"https:\/\/avacysolution.com\/en\/wp-json\/wp\/v2\/comments?post=3727"}],"version-history":[{"count":14,"href":"https:\/\/avacysolution.com\/en\/wp-json\/wp\/v2\/posts\/3727\/revisions"}],"predecessor-version":[{"id":3748,"href":"https:\/\/avacysolution.com\/en\/wp-json\/wp\/v2\/posts\/3727\/revisions\/3748"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/avacysolution.com\/en\/wp-json\/wp\/v2\/media\/3732"}],"wp:attachment":[{"href":"https:\/\/avacysolution.com\/en\/wp-json\/wp\/v2\/media?parent=3727"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/avacysolution.com\/en\/wp-json\/wp\/v2\/categories?post=3727"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/avacysolution.com\/en\/wp-json\/wp\/v2\/tags?post=3727"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}