Getting your Website GDPR Ready

A website development agency

As we all know, the impending General Data Protection Regulation is enforced from this Friday, 25th May and is set to wholesale changes on the way companies protect, acquire and process data. The aim of this blog is to inform you as readers on how to ensure your Website and how you collect data upon your site, stays within the new European legislation, or you could face a fine of up to €20,000,000 or 4% of your annual turnover for your troubles.

Now we’ve all been called by an “international” number to be told we’ve been in a car accident that’s not our fault, the data obtained by said insurance companies was more than likely passed on via a third party such as a clothing brand, holiday company or supermarket, i.e. someone you’ve made a purchase from and given contact information too. The aim of GDPR is to alleviate such processes by ensuring that consent from consumers must be freely given, specific, informed and unambiguous which brings us on to our first point, opt ins.

Opting in and Opting Out

In the past and possibly until now, companies methods of obtaining data have been somewhat questionable. The changes that will now take place will enforce companies to actively opt in to marketing communications; eliminating tick box methods such as the following:

Tigerfish would like to send you information regarding our most recent offers, please tick this
box if you do not wish to receive these. □

Similar methods have shown organisations tie their marketing communications in with the acceptance of their Terms and Conditions, another big no no after 25th May.

Following the GDPR changes, opt in forms should be clear and concise with their wording and permissions:

“Please tick this box if you’d like to hear from us in future regarding promotions on our
offers and services”

– Mail □
– Text □
– Email □

As shown above, all businesses should provide boxes for the method of communication they wish to provide to the recipient, meaning that if they don’t tick the box for e-mail, under no circumstances should they receive any e-mail marketing promotions.


Have you ever tried to unsubscribe from a mailing list and get bombarded with so many questions, you end up forgetting the reason you’re answering the questions or just think its easier to delete the promotional e-mail when it inevitably arrives. GDPR will stop this. Under the new law, it should be as easy to remove consent as it was to grant it, meaning the once you click unsubscribe, it should do just that, or instead take you to a further screen where it asks the topics which you want to unsubscribe from, a reason for unsubscribing or to minimise the frequency of such e-mails.

Privacy Policy

In short, your privacy policy should cover your business on all GDPR related subjects. Subjects will now demand the right to know how and why their information was obtained, what its being used for and how long it is to be held for.

Subject Access Request

Where an individual wants to be informed on the information an organisation holds on them, they can demand a Subject Access Request, which has to be responded to within 40 days.

What information can be requested?

  • What personal data is being processed
  • The purposes of the data being process
  • Who it is being disclosed to
  • The extent to which the data is being used to make automated decisions related to the data subject

Online payments

If you’re running an eCommerce platform, correct measures should be in place to remove the personal data obtained from a purchase after a given ‘reasonable’ period.

Google Analytics

Most websites use Google Analytics to track their visitors; where they’ve come from, what parts of the website they visited, how long they spent on each page etc… Thankfully for users and digital marketers, by changing a few settings on the Google Analytics Dashboard you can make Google Analytics uses non identifiable cookies to track users, meaning the visitors tracked are anonymous to the the website owner.


Cookies on websites can be liked similarly to Google Analytics tools in reference to GDPR in that some cookies placed on websites can be non identifiable; this needs to be abundantly clear to the visitor when their data is being tracked on the site as consent will need to be given to track personal data.

How can Tigerfish help?

If you are struggling to get your website GDPR ready or if you would like our team to look into this for you Tigerfish can help. We have been working with a few clients on their GDPR issues which has given us the experience needed to help you with your GDPR issues.

For more information regarding this and how we can help you make your website GDPR compliant please contact Peter Brazier our Project Manager using the details below.

[email protected]

01242 507 550




For more information on GDPR from the ICO – visit their website here.