How to comply with the GDPR, Lopd and lssi on your website?

Websites and data protection GDPR

On this website we will give you all the keys to comply with the GDPR, Lopd and lssi data protection policy for web pages. Always taking into account the fact that legal texts may require consultation with a lawyer or data protection company.

Be sure not to miss out on anything you need and consult second opinions, third parties or anyone you need. We used to work with several privacy companies from the beginning of AppDesign. It is your sole responsibility to ensure that your site meets the requirements. It is not the responsibility on my part to ensure that your website is not adapted to your specific needs.

In this article you will find what you need to include or which parts to modify within your website. If you wish to comply with the GDPR data protection policy of a web in wordpress or prestashop, please ask us for help by submitting your website via our contact form:


If you have one custom website, you will need professional programmers to undertake the necessary modifications and comply with the GDPR.

What is the GDPR data protection policy?

The GDPR was issued and approved by the European Union Parliament in April 2016. The regulation will enter into force after a transition period of two years. Unlike a directive, it does not require the government to pass any enabling legislation. It means that it will be in effect on May 25, 2018.

The GDPR applies not only to companies established in the EU, but also to companies established outside the EU. Anyone offering goods or services that perform the behavior of EU data subjects. It applies to all companies that process and maintain the personal data of interested parties residing in the European Union, regardless of the location of the company.

What is necessary to comply with the GDPR on your website

This add-on will create a form where users can request access or deletion of their personal data, stored on their website. It is also possible:

  1. Cookies policy.
  2. Mount an SSL Certificate.
  3. Include pages of Privacy Policy and Legal Notice.
  4. Include the check box.
  5. Report on data collection.

Adapt the Cookies Policy on your website

It is necessary to adapt the Cookies Policy of your website. This must be mounted warning on all pages that your website uses both its own and third party cookies. We only need to add the accept button and a link to your privacy policy. Here would come the clauses on the Cookies Policy.

cookies policy on my website

If you have any doubts as to whether your website collects Cookies, i recommend that you implement them anyway since it is sometimes difficult to know what cookies your own website uses.

Once the notice is mounted to appear on all pages, we implement it in our main policy.

SSL certificate to comply with the GDPR

One of the most controversial points they have created has been to have to encrypt our entire website. This is done by assembling an SSL certificate to encrypt all the data collected on the website through the contact forms.

ssl certificate for your website

AppDesign are aware that this is the most important point, not only for the privacy and security that it adds to your website, but also for increasing in authority which rises in search engines. Although in most cases the increase is minimal, switching from http to https improves our positioning, which is something that Google itself has been saying since April 2015.

In our case, in just over 6 months after the changeover, we noted a 15% increase in organic visits. It is possible that there may be more opportunities for other companies, and without a doubt is that it has only increased with the speed of loading the web. A current design oriented to mobile devices, one of the main most influential factors in Google when positioning.

Set up the Privacy Policy, Legal Notice and Cookies page

This point is quite open and depends on each page. So the legal texts will be left to your choice.

As advisors, we evaluated the entire implementation for many of our clients. Most data protection companies choose to set up a generic privacy policy. In our case, our law firm sent us a generic data protection policy that will surely use a business template.

We chose to complete it by seeking information on the Internet. We will save you a few hours of searching leaving the most complete policies we have found. They are ordered from what seems best and most complete to the last, always leaving this point at your choice:


For a corporate website also include the policy of the company Ferrovial, which seems the simplest and easiest to understand. Both the Privacy Policy, Legal warning and the Cookies policy.

They are some of the quite complete examples that you can see.

Acceptance box on forms

One of the news about the GDPR data protection policy It is the change of the acceptance box that must take place on all forms. Previously it was enough to put this box, now the mandatory that is disabled by default so that the user has to accept before sending their data.

Acceptance box for GDPR

In our case we leave the 3 policies that we include in a single page and add the general contracting conditions.

Information on the collection of data to be included in the contact forms

The new one GDPR It also includes the obligation to inform some points of data collection to customers. You have to inform yourself before sending in the contact form.

Some examples can be found in the pages of previous examples. Although on this point there is not much difference.

- Responsible: Company or name of the person responsible for data collection.
- Purpose: For which data collection will be used, it can be commercial, advertising ... etc.
- Legitimation: Consent of the interested party.
- Recipients: Inform that no data will be transferred to third parties, except legal obligation.
- Rights: How to access, rectify, delete data and other rights, as explained in the additional information.
- Additional information: a link to the full data protection policy of your website is usually included here.

We sincerely hope to have dispelled your doubts about the new GDPR policy. If you need to deploy these systems on your website, please feel free to discuss them with our team, and don't forget to leave your website.

Websites and data protection GDPR
Scroll to Top
Copy link