How to Ensure Your Website is GDPR Compliant: A Comprehensive Guide
Before we begin, a quick disclaimer: I am not a lawyer, so I can not give you legal advice, but I gathered information from a lot of resources and used those practices on my own website as well as my clients’.
I know that GDPR is a very unsexy topic, but it is one of the most important things you must follow.
So what is GDPR?
The General Data Protection Regulation (GDPR) is a European law that regulates how organizations and individuals collect and process data of other individuals.
You might think that if you are based outside the European Union, you don’t have to follow that law. But my friend you can not be further from the truth. You have basically very little power to restrict visitors to your site.
And even if you are restricting European citizens you are already collecting their personal data - their location.
So we just have to accept the fact that we need to take measures for our websites to be GDPR compliant.
Compliance with GDPR is crucial not only to avoid hefty fines but also to build trust with your users.
What actionable steps can you take to make sure that your website is GDPR compliant?
How to Set Up Legal Documents on Your Squarespace Website
Step One: Create or purchase all the necessary legal documents
Creating or purchasing the necessary legal documents for your wellness website is a critical step in establishing a professional and trustworthy online presence.
Whether you choose to draft these documents yourself using templates and generators or purchase them from legal services, ensuring that your Terms and Conditions, Privacy Policy, and Cookies Policy are in place will protect your business and provide clarity to your clients.
Remember, a well-prepared legal framework not only safeguards your interests but also builds confidence and trust with your audience.
Why You Need Legal Documents?
Legal documents help establish trust with your visitors and clients by clearly outlining your practices, policies, and their rights. They also protect your business from potential legal issues. Here’s what each document covers:
Terms and Conditions: This document sets the rules for using your website and services. It outlines user responsibilities, payment terms, disclaimers, and governing laws.
Privacy Policy: This explains how you collect, use, and protect personal data from your website visitors and clients.
Cookies Policy: This details your use of cookies, how they enhance user experience, and how users can manage their cookie preferences.
How to Get Legal Documents?
One of the ways of obtaining legal documents is hiring a lawyer to create those documents tailored to your business. Keep in mind that you need to find a lawyer who is familiar with your particular industry. As those services can and probably will be quite pricey, you need to make sure you get the best result for your money.
Another way is using online legal templates. One such platform is Termageddon. It is an innovative online template service designed to help you generate essential legal documents such as Privacy Policies, Terms and Conditions, Cookies Policies, Disclaimers, and more.
Termageddon is an automated policy generator service that aims to simplify the creation and maintenance of legal documents for websites and applications.
It’s specifically designed for small to medium-sized businesses, bloggers, and freelancers who need to ensure their sites are legally compliant without breaking the bank on legal fees.
One of the standout features of Termageddon is its commitment to keeping your policies up-to-date. As privacy laws and regulations change, Termageddon updates your documents automatically, helping you stay compliant without any extra effort.
YOU ONLY SET IT UP ONCE AND TEMAGEDDON WILL DO THE REST OF THE WORK FOR YOU.
Which Legal Documents Do You Need?
Now let’s figure out which legal document you actually need and if there are some that you can skip.
#1 Privacy policy
A Privacy Policy is a legal document that explains how a website collects, uses, manages, and protects visitors' personal information. It is essential for building trust with your users and complying with data protection laws.
For someone who is not familiar with legal technicalities, think of a Privacy Policy as a straightforward explanation of what data your website gathers, why it collects this data, and what it does with it.
Imagine you run a wellness blog where users can subscribe to your newsletter, book consultations, or buy wellness products. When users interact with your website, you might collect their names, email addresses, and payment information.
Your Privacy Policy would inform users about how this data is collected, used (e.g., to send newsletters, process orders), and protected.
Non-compliance with privacy laws can lead to significant fines and legal action, damaging your business's reputation and finances.
Key Elements of a Privacy Policy
A Privacy Policy must be comprehensive and clear. Here is a list of essential items that should be included:
Purpose of the Privacy Policy
Effective Date: State when the Privacy Policy was last updated
Types of data that is collected and the methods of data collection (forms, cookies etc.)
Purpose of Data Collection: Explain why you collect the data (e.g., to provide services, send newsletters, improve website functionality).
Details about how you use the data (e.g., for marketing, customer service, transaction processing).
Third-Party Sharing: Specify if and when data is shared with third parties (e.g., payment processors, marketing services).
#2 Terms and Conditions
A Terms and Conditions (T&C) document, also known as Terms of Service or Terms of Use, is a legal agreement between you (the website owner) and your users.
It outlines the rules, guidelines, and expectations for using your website. This document sets the groundwork for how users can interact with your site, what they can and cannot do, and what rights and responsibilities both parties have.
If you are not that legally savvy, think of T&Cs as the "house rules" of your website.
Just like any house or business has rules to ensure smooth operation and mutual respect, your website needs rules to protect both you and your users.
Why do you need Terms and Conditions?
Imagine you run an online wellness store on Squarespace where users can buy products, read blogs, and book consultations. Your T&Cs will lay out the guidelines for how customers can use your site, purchase items, and what they can expect in terms of refunds, cancellations, and privacy.
Another example would be if you allow the booking of yoga classes or wellness treatments on your website. You would also want to provide information on booking changes or cancellation policies.
Key Elements of Terms and Conditions
Introduction: A brief introduction explaining the purpose of the document and stating that by using your website, users agree to these terms.
Use of the Website: Guidelines on how users can and cannot use your website. This can include restrictions on certain behaviors, like posting offensive content or using the site for unlawful activities.
Product and Service Information: Information on the products and services you offer, including descriptions, pricing, and availability.
Purchases and Payments: Terms regarding the purchase of products or services, including payment methods, billing, and any relevant fees.
Shipping and Delivery: Information on how products are shipped, delivery times, and any associated costs.
Returns and Refunds: Policies regarding returns, exchanges, and refunds, including any conditions that must be met.
Contact Information: How users can contact you with questions or concerns regarding the T&Cs.
I know that it seems like a lot, but if you use an online template, they basically take care of all of this for you. You just need to fill in the blanks.
#3 Cookies policy
Well, this is the type of legal document you heard about the most. Or at least cookies themselves. Cookies are everywhere nowadays, am I right? Every website that you come across shows a cookie banner.
BUT THERE IS A DIFFERENCE BETWEEN COOKIE BANNER AND COOKIE POLICY. IT IS NOT THE SAME THING.
Let’s talk about Cookies Policy first.
A Cookies Policy is a legal document that informs users about the cookies your website uses, why they are used, and how users can manage their cookie preferences.
Cookies are small data files stored on users' devices when they visit a website, which helps enhance the user experience by remembering preferences and collecting information for analytics and advertising.
For someone who isn't familiar with legal technicalities, think of a Cookies Policy as a guide that explains how your website remembers things about the user to improve their experience.
For example, it might remember their login details so they don’t have to log in every time, or it might track which pages they visit to help you understand what content is popular.
What is the Difference Between Cookies Policy and Cookies Banner?
Cookies Policy: A detailed document that provides comprehensive information about the cookies used on your website. It covers types of cookies, their purposes, how they are used, and how users can manage or disable them.
Cookies Banner: A brief message or banner that appears when users first visit your website, informing them that cookies are being used. It typically includes a link to the full Cookies Policy and asks for user consent to use cookies.
Imagine you run a wellness website where visitors can read articles, purchase products, and book consultations. Your website uses cookies to:
Remember user login details for easy access.
Track visitor behavior to see which articles are most popular.
Store items in a user's shopping cart as they browse your store.
Your Cookies Policy would explain these uses in detail, while the Cookies Banner would briefly inform visitors of cookie use and direct them to the policy for more information.
Elements that Cookie Banner needs to include:
Clear and Concise Message
Buttons or links for users to accept or reject cookies.
Link to Full Cookies Policy
A button that lets users manage their cookie preferences, such as choosing which types of cookies to allow.
Step Two: Turn your legal documents into Squarespace pages
Once you have all your legal documents in order, you need to add them to our Squarespace website.
I advise you to create a “folder” with all your legal documents there. You can do so by clicking: Pages > + sign > dropdown. I named mine “Legal”. This way I know right away what is there.
Then create separate pages for all of your legal documents. You should have as many pages as you have those documents.
Put all of your pages under your dropdown. And then copy and paste the text of each document to the website page that you’ve prepared for that particular document.
On top of the text create a heading with the name of the document, e.g. Privacy Policy.
I strongly recommend you toggle on the Hide Page from Search Results option in the page SEO settings. This way your legal pages won’t appear in search engine results and Google won’t crawl them.
You want to do so because the content of the legal pages is pretty generic and don’t want Google to think that you have unoriginal content on your website. This can hurt your SEO appearance.
Step Three: Add links to your legal documents to your website
Links to your legal document should be visible on every page of your website. So the best place to put them is the footer of the website.
Use clear and concise names for the links, such as "Terms and Conditions," "Privacy Policy," and "Cookies Policy."
Why Place Legal Document Links in the Footer?
Visibility: The footer is a consistent element on every page of your website, making it an ideal location for links to important documents.
Accessibility: Users can easily find and access your legal documents from any page they are on.
Compliance: Ensures compliance with legal regulations that require these documents to be easily accessible.
Step Four: Set up Cookie banner
Last but not least. You want to set up a cookie banner on your website in order for it to be GDPR compliant. To do so go to your website settings, there you will see the Cookies and Data Privacy tile.
Toggle on the Manage cookies button and Decline button options. This way your website users will be able to accept or decline cookies. Manage cookies button will let them change their cookies preferences.
If you want to know how to use custom CSS on Squarespace cookie banner, I have a blog post that can help with that task. It includes 10 CSS code snippets that are ready to implement!
What’s next?
Creating legal pages tends to be one of the last things you are doing when creating a new website. If you wonder what other steps you can take in order to have the smoothest launch, go through my Squarespace Launch Checklist.
