Does GDPR Apply to My Website?
GDPR (General Data Protection Regulation) applies to any organisation that processes personal data of people in the EU/EEA — regardless of where the organisation is based. If your website has EU visitors and you collect any personal data (contact forms, analytics, email signups), GDPR applies to you.
What Counts as Personal Data?
Personal data is any information that can identify a natural person. This includes: names, email addresses, IP addresses, location data, cookie identifiers and device fingerprints. Even if you only collect IP addresses for analytics, that counts as personal data under GDPR.
GDPR Compliance Checklist for Websites
1. Privacy Policy
You must have a clear, accessible privacy policy explaining what data you collect, why you collect it, how long you keep it, who you share it with and users' rights.
2. Cookie Consent
Non-essential cookies (analytics, advertising) require explicit consent before being set. The consent mechanism must be as easy to decline as to accept.
3. Contact Information
You must provide clear contact details (including a data protection contact for larger organisations) so users can exercise their rights.
4. HTTPS
All data transmission must be encrypted. Operating a website over HTTP is considered inadequate security under GDPR.
5. Data Subject Rights
Users have the right to access their data, correct it, delete it ("right to be forgotten"), restrict processing and receive it in a portable format.
What Are the GDPR Fines?
For serious infringements, fines can reach €20 million or 4% of global annual turnover — whichever is higher. For less serious violations, up to €10 million or 2% of turnover.
Check Your Website Now
Our GDPR Compliance Checker scans any website for 8 key compliance signals and gives you an instant score. Note: this is a surface-level automated check, not a legal audit.
