The 5 things your site says about your GDPR compliance

Did you know that in terms of RGPD, your website is the visible part of the iceberg? Indeed, an informed observer such as the CNIL can discern a few elements that speak volumes about your RGPD compliance... (or on your NON-CONFORMITY).

From our experience, there are at least 5 points that send positive signals (or less) to an outside observer. Here they are:

Today, there are still many sites that are not properly secured. This means that data sent and received can be more easily intercepted.

To remedy this, and it is highly recommended, especially if you have a sales or transactional activity on the site, you must apply a security protocol that will encrypt your data. Your provider or host is the right person for this. We usually activate an SSL certificate (Secure Sockets Layer) which secures the exchanges between the different parties.

On your browser, you can easily see if a website is secure. For example, on Chrome, just click on the padlock on the left of the address bar. A closed padlock indicates that the site is secure. Or you will see that the address of the site starts with https.

Since one of the objectives of the RGPD is to secure personal data, not securing one's site sends a rather negative message in this regard.

The legal mentions are the information that allow the Internet user to identify your site, it is a little its "identity card". They are mandatory on any professional website and must be easily accessible. There are many models available on the internet. It would be a pity to do without it because a fine can be particularly high (up to 375 000 € fine).

For more information:

• For France, here is the file made by Service-public.fr
• For Belgium here is the form

Cookies or tracers are small files deposited by your site on the computers of your visitors in order to monitor the proper functioning of the site, the behavior of visitors and sometimes store more sensitive information on their habits ...

This topic is widely discussed and many tools exist to manage cookies, collect visitors' consent etc. You must easily offer the choice to your visitors: accept or refuse cookies or set them (the possibility to accept only certain cookies). We therefore strongly advise you to equip yourself. Again, you can ask your provider or host.

Once this is done, it is still important to tell your visitors, for example in your Data Policy, what data you collect and why... (see next point).

So be careful if you don't do any of this, you are putting yourself at risk from an RGPD point of view.

This is the heart of the RGPD! There are several denominations such as Personal Data Policy, Privacy Policy, Privacy Policy... 

This document must be clearly visible on your site, accessible, easily understandable and specific. GDPR FOLDER offers a standard, lawyer-approved version for building your own Personal Data Policy.

Essentially, it is a matter of explaining to your visitors, customers and prospects in a simple and transparent manner:

• The data you collect on them
• For what reasons / business interest?
• On what basis do you rely on RGPD?
• What you do with it
• How long do you keep them?
• How do I get there?

You can find more information on our website about this subject which is covered by Article 13 of the GDPR.

Again, if you don't have anything about this (about 50% of the sites) or if what you have is just a standard "copy and paste" (30% of the sites), it is insufficient and you are taking risks in terms of RGPD.

It is very standard to have these kinds of collection points on a website... and there is no problem with that. You just have to make sure that you inform the people who are about to entrust you with their data about the elements mentioned above (#4). You also need to be able to collect their consent and be able to prove it (e.g. with a timestamp). Most of the website creation tools allow you to manage this well, but you must take the time to set them up.

Again, this small hint can be important and gives an idea to the Internet users, your customers, partners but also to the regulator of the importance you attach to this subject.

The above mentioned points are all easily and inexpensively manageable. It will take you a little time but will contribute to secure your site and your personal data and give a positive image of your company in this respect. You can of course do this on your own but you can also save a lot of time with our advice and our tool GDPR FOLDER.