How To Ensure Your Website Is GDPR Compliant


Data privacy and protection regulation has been a trending topic in the digital world for quite some time. Making the biggest wave in the topic pool has been the recent passing of the GDPR from the EU. And while many non-EU publishers don’t believe this affects them, that notion is far from true. Whether you belong to the EU or not, any publisher serving EU traffic must follow these regulations. 

Publishers in direct violation not only face fines and risk ruining the revenue streams they’ve managed to create with their websites. Luckily for you, the steps to ensure your website is GDPR compliant are very straightforward. We’ll dive right into the different aspects of your site you should access and rework. 

While this post was created to provide general information, it should not be relied upon as legal advice. 

What is GDPR?

The General Data Protection Regulation (GDPR) is a data privacy and protection law in place by the EU to strengthen the rights of EU citizens when it comes to the collection and use of their personal data. Some of the biggest takeaways are EU citizen’s right to access data, request to be forgotten, and the requirement of consent for organizations to collect, store, or use data. 

How This Impacts Publishers

With so much of GDPR focusing on transparency and obtaining consent, many elements within a website will face impact. If you exchange sensitive data through your website—credit card numbers, addresses, social security numbers, etc.—use third-party plug-ins and widgets or deal with newsletters, you’ve got to reevaluate your website. Consequently, publishers will see a ripple effect play into all the aspects of digital marketing they choose to integrate into their website. GDPR will directly affect how you integrate everything from email marketing to plugins. 

Best Practices 

Perfect your privacy policy

Though this isn’t necessarily a fun task in any publisher’s to-do list, it’s an essential task to ensure your website is GDPR compliant. Therefore, you should be taking the necessary steps to update your privacy policy to be transparent about how you collect and use data. GDPR specifies websites being clear about how they store or track users, how they process data, and how long the data will be stored on the website. Whether you update or create a new policy, be sure it’s easily accessible on your website. Additionally, to save yourself from future troubles, keep the language and message clear, simple, and transparent. 

Obtain consent for cookie usage

Since cookies are capable of identifying an individual, they constitute personal data. As a result, publishers need to obtain explicit consent to use cookies on a user’s browser. Regardless of whether you create a popup or some other notification, just be sure to give users the option to accept or decline. Explicit consent means you need confirmation to place cookies on a webpage, so don’t attempt to have a default answer deployed. Luckily for publishers, declined cookies won’t affect your website from being viewed, as it impacts advertisers more. 

Review your opt-in options

Opt-in forms or pages are another risky area you should be reviewing. They cannot default a user to be opted-in or signed up for notifications from you, third parties, etc. For example, having a box automatically checked that reads “please untick the box if you do not want to receive these…” is not GDPR compliant. Instead, your boxes should be blank or default to ‘no,’ in terms of user consent. 

Similarly, opt-ins cannot be bundled. Meaning you can’t have “agree to the terms and conditions” and “agree to be contacted by,” all as one option. They are two different requests of the user, and you should be treating them as such. Luckily for you, this is a straightforward fix! 

Square away your mailing list 

If you’ve ever purchased mailing lists or signed up subscribers without consent–you guessed it, probable violation! Therefore, it’s recommended that you clean up your mailing list and include proper unsubscribe/opt-out links to anything you send out. 

Double opt-in is standard practice, and though not required under GDPR, it could help keep your lists in check. It works by sending a follow-up confirmation link that users must click on to be subscribed (following them supplying their email, of course).

Identify third-parties

The days of a simple ‘and other third-party organizations’ category are gone. When collecting data, it’s no longer enough to sum up any sponsored or affiliate companies into the grouping of third parties. To ensure your website is GDPR compliant, web forms must identify each party a user is consenting to. Along with identifying them, users must be given the option to withdraw from being contacted by other third-party organizations. 

Clean up your plugins

Plugins are not uncommon additions to add to a blog. In fact, with all the great benefits they can bring to publishers, you should be taking advantage of them! But, because many do utilize user information, they must be reviewed. You should access any plugins for whether they collect data and what they do with it. Any plugins that fall into that category should make it into the list of things you note in your privacy policy. For publishers using WordPress, they have available resources to help. 

Give yourself less to do

More data will mean more worries. Empty your plate by collecting and storing as little as possible. One of the biggest things many bloggers do is collect information via forms. While you may find it nice to have, it just creates more details for you to concern yourself with. You should be limiting the data you collect from your users. Sure ask them for their email, but do you really need their phone number or address? Tidy up any forms you have, and take advantage of any plugins offering a “do not store data” option. 

Have a plan 

Individuals not only have a right to request access to the information you’re storing on them, but they also have the right to be forgotten. Consider using a CSV or a plugin if you’re using a CMS to export data when needed. 

Likewise, you’ll want to have a plan for deleting data when users request it. Offering users the ability to delete their accounts is an easy way to take care of the issue. Otherwise, just be sure to delete whatever a user requests of you–few exceptions aside. 

Deploy header bidding

We know you have a lot on your plate; you’re crafting a website, building a brand, and trying to balance quality with monetization. But, if you don’t ensure your website is GDPR compliant, your revenue streams quickly become at risk. For example, failing to adhere to privacy laws can make advertisers hesitant to bid for your units (goodbye money!).  

Here at Newor Media, a premium header bidding provider, we offer a fully up-to-date Consent Management Platform to make your site compliant with privacy laws and regulations. Everything is packaged in with your units and header script, and there’s absolutely no work that has to be taken on your end to make sure you’re good to go! We’ll worry about the back-end of things, so you don’t have to. It’s an easy solution to keep your site credible and revenue-generating! 

Despite GDPR being a regional regulation, its impact and enforcement are global. In short, you should be taking the necessary steps to ensure your website is GDPR compliant. There are plenty of resources and platforms ready to assist you. Contact one of our dedicated account reps today to get started with Newor Media.  

Dario Osowski

Senior Account Manager, Publisher Development: Newor Media

Dario is an ad tech superhero who is innovative and has solved complex technical and business matters that have generated high revenue growth for publishers. He has a strong technical background, provides technical concierge support, is highly analytical and solution-oriented. Dario currently works at Newor Media, where he provides technical and business support and solutions to publishers to generate the best revenue growth outcome in yield optimization management in the programmatic universe.