Guide

GDPR and Your Website: A Simple Guide

A plain-English guide to the website basics every business should have right.

GDPR (and UK data protection law) affects every business website that collects any personal data — which is almost all of them. It can sound daunting, but the basics are manageable. Here’s a simple, practical overview.

This is general guidance, not legal advice — but it’ll help you understand the essentials.

Privacy policy and transparency

If your website collects any personal data — through forms, analytics or cookies — you need a clear privacy policy explaining what you collect, why, and how it’s handled. Being transparent with visitors is both a legal requirement and good practice.

A proper privacy policy is the foundation of compliance.

Cookie consent

Non-essential cookies (like analytics and marketing tracking) generally require visitors’ consent before they load. A proper cookie banner that genuinely lets people accept or reject — rather than just informing them — is what’s expected.

A real consent choice, not just a notice, is the standard now.

Handle data responsibly

Collect only the data you need, keep it secure, and don’t use it for things people didn’t agree to. Forms should make clear what people are signing up for. Sensible, respectful data handling keeps you on the right side of the rules.

We build sites with privacy policies and proper cookie consent built in.

Ongoing GDPR compliance after your initial audit

GDPR compliance is not a one-time project. Every new form you add, every new tool you install (analytics, chat widgets, email capture) and every new supplier who may handle customer data extends your compliance obligations. Build a habit of reviewing your data practices whenever you make a significant change to your website or customer management processes.

Your privacy policy should be reviewed annually at minimum and updated whenever you change how you collect or use data. Cookie consent banners must accurately reflect the cookies your site actually sets. Using a consent platform that automatically scans for new cookies keeps you compliant as your tech stack evolves. We include privacy policy and cookie consent setup with every new website build.

FAQs

Common questions.

Do I really need a cookie banner?
If you use analytics or marketing cookies, generally yes — and it needs to offer a genuine choice. We build compliant consent into the sites we make.
Can you set up the privacy basics for me?
Yes — we include a privacy policy framework and proper cookie consent as standard (final legal wording is yours to confirm).
What personal data does a typical small business website collect without the owner even realising?
Most sites collect more than people think — contact form submissions, analytics data tied to IP addresses, and information stored by third-party tools like live chat or email marketing plugins all count as personal data under GDPR. We carry out a brief data audit so you know exactly what your site collects and can handle it correctly.
How we can help

Turn this into action.

The services behind this guide.

Related guides

More on website care & tech.

Want a hand putting this into practice?

Book a free, no-obligation consultation with a Norwich-based specialist.

Book a free consultation
Get started

Let's put your business in a better light.

Book a free, no-pressure consultation. We'll talk through your goals and tell you honestly what we'd do — whether you work with us or not.

  1. 01
    Tell us a bitFill in the form — two minutes, tops.
  2. 02
    We'll call you backWithin one working day, no pressure.
  3. 03
    Get a clear planHonest advice and a fixed quote.

Free · No obligation · We reply within one working day

Book a free consultation