English

Français

Find out how to adopt artificial intelligence without GDPR risks in 2025

Support
Solutions
- Offloading compliance
  Automate your GDPR obligations and free up time for your core business
  
  Managing compliance
  Stay in control of your compliance with intuitive dashboards
  
  Proving compliance
  Easily demonstrate your compliance during audits and controls
  
  Anticipating regulations
  Identify and prevent data protection risks
  
  Enhancing compliance
  Make your GDPR compliance a trusted asset and a growth lever
  
  Explore our features in detail
  
  Intuitive tools accompanied by legal support to help you achieve GDPR compliance.
  
  Read more
For whom?
- Health
  Secure your sensitive data in full compliance
  
  Human resources
  Ensure the compliance of your HR data
  
  Tech
  Develop GDPR products
  
  Finance
  Strengthen confidence through exemplary compliance
  
  Group
  Manage your multinational compliance with excellence
  
  ETI
  Your group-wide GDPR compliance
  
  SMES
  An expert external DPO at the right price
  
  Startups
  Scaling serenely with your GDPR compliance
  
  Discover other sectors
  
  Dipeeo stands out for its ability to offer comprehensive GDPR solutions tailored to the specific needs of each business sector.
  
  Read more
Rates
Resources
- Practical guides
  GDPR expertise simplified into actionable guides
  
  Models
  Ready-to-use templates to save time
  
  Case clients
  Concrete success stories that inspire compliance
  
  Webinars
  Expert sessions to deepen your knowledge
  
  Videos
  GDPR compliance explained quickly
  
  Discover GDPR news
  
  Keep up to date with the latest regulatory developments and their impact on your business.
  
  See the blog
About us
- Our history
  Genesis and development of Dipeeo
  
  Our Talents
  Meet the team that makes Dipeeo your partner of choice
  
  Press area
  In the news
  
  Join our team
  
  Your talent, our adventure: write the next chapter with us. Join a multidisciplinary team where lawyers, developers, strategists and innovators work together to build tomorrow's solutions.
  
  View positions

English

Français

How do I make my website GDPR compliant?

GDPR Fundamentals

GDPR website compliance: key points

I prefer a video format : How to make my website GDPR compliant? - YouTube

The website is a key point of GDPR compliance. It is the only point visible to the general public and the only point that can be checked without needing to consult you. Indeed, some sites will collect personal data via contact forms or even cookies that require prior consent.⚠️

However, an organization's compliance is not limited to its website alone. Other aspects are also important:

HR ;
processors and data flows outside the EU;
Data retention period ;
employee awareness ;
register of processing categories ;
commercial prospecting ;
the appointment of a DPO ;
...

🎯 Here we present the key points for a compliant website. Our website www.dipeeo.com is used as an example.

Two documents required for website compliance

All documents are listed at the bottom of each page of a website. This area is commonly referred to as the "footer".

GDPR compliance website

There are 3 page links that must at least be present:

Legal notice: not a rule stemming from the General Data Protection Regulation
Privacy policy
Cookie policy

Caution! Several mistakes are frequently made:

Privacy policy

The aim of the privacy policy is to inform people about the processing of their personal data. In short, the person whose personal data is processed needs to know what data is processed on the website, for what purpose, for how long it is kept, what his or her rights are with regard to the data, etc. This document must be separate from the legal notice and the cookie policy.

By the way, legal notices are mandatory and have nothing to do with the General Data Protection Regulation. It is important to know that the regulation does not govern all the rules on a website.

In application with the GDPR, informing people is one of the most important pillars. As a result, the privacy policy must inform users how personal data is collected.

In this privacy policy, you must include the type of data collected, how it is used, and the Data retention periods.

We must also inform you of your rights regarding your data: access to data, processing of personal data, and all cases, including the death of the user.

The drafting of a privacy policy is often carried out by a law firm or a data protection officer, who will be appointed by the CNIL (National Commission for Information Technology and Civil Liberties) ).

In addition, this document must be regularly updated in line with the structure's development and growth.

Dipeeo has produced a video presenting the privacy policy in greater detail. Here it is below:

Cookie policy

The Cookies policy must also be separated from the Privacy policy. It should be located on an independent page. An independent link should be dedicated to it.

Page names remain flexible. The following terms are frequently used: Confidentiality policy, privacy, ... And Cookies and or cookies policy for information on cookies.

What's important is that visitors to the site are able to understand what it's all about.

The Cookies policy provides information on the categories of cookies present on the site, their nature and how to control them using the cookies banner. These documents are the basis for a compliant website.

This document must also be updated on a regular basis, as must the privacy policy. That's why it's so important to have a data protection officer, who will be the data controller for your organization.

If you've implemented the documents listed so far, you've done 95% of the work. BRAVO!

Information for contact forms and newsletters

However, there are still a number of "must-have" items of information to be provided.

📝 If you have a newsletter, and a fortiori a form for subscribing to it, as on our site :

It is mandatory to mention below the form, that by "clicking, you agree to receive our newsletter. For more information, please consult our privacy policy.

You must include a link to your privacy policy.

The same applies if you have a contact form:

People need to be informed of the personal data processing that will be carried out, and therefore directed to the privacy policy.

Turn the GDPR
into a business asset Request a demo

The cookies banner 🍪

The cookies banner is intended to inform you about the categories of cookies present on the site and to give you the ability to deactivate them.

The aim is to summarize the cookies policy.

Please note that technical cookies, which are necessary to display the site, and statistical cookies do not require the visitor's consent. They do not handle personal data.

Advertising cookies, on the other hand, require consent and must be deactivated by the visitor.

Example of a cookies banner :

GDPR compliance website

Tip: if you don't have any cookies requiring consent, i.e. only technical and statistical cookies, the Axeptio Cookies banner is free!

Website compliance: conclusion

Website compliance isn't as complicated as it seems, and boils down to setting up a cookies banner and 2 legal documents: Privacy Policy and Cookies Policy.

Please note! Website compliance is only part of a structure's overall compliance. Each structure handles data differently. Which makes it all the more difficult when you don't have the necessary knowledge.

If you have a question, please let us know and we'll answer it and add it to our FAQ page. It will surely help others.

Dipeeo

Useful links

Resources

Other

2025 Dipeeo, all rights reserved

Designed by Escale Communication