GDPR or General Data Protection Regulation is an attempt by the European Union to tidy up privacy laws as they relate the storage of personal information and the way in which that information is gathered by websites. Although primarily designed to bring to heel those companies that harvest huge amounts of information, it also affects anyone who has a website. Whether the authorities will actually come after those small websites which don't comply or not, is another matter - but if you want to take steps to comply with the letter of the law there are several simple things you should think about.

SSL Certificate

First, make sure your site has an SSL certificate. In simple terms, that it has an address that starts with HTTPS rather than HTTP - for example, This certificate ensures that any traffic between the site and the people who visit it is encrypted. In addition, from July, Google Chrome will mark all non-SSL sites as 'insecure'.

Opt-in checkbox on Contact Forms
If you have a contact form it should include a checkbox that visitors must tick to say they understand that by sending the contact form they're also sending their name and email address. If they don't tick the box, the form shouldn't be sent. This opt-in checkbox should also include a link to your Privacy Policy.

Privacy Policy
Every website should include a privacy policy that explains what data the site collects and how it's stored. There are also some specific GDPR requirements - for example, that anyone is allowed to see the data you store about them, can ask you to correct mistakes, or request you remove their data from wherever it's stored. This is also an opportunity to explain that your website uses cookies - small text files - which are placed on visitors' devices to improve the way the website works.

Pop-up notice
The front page of your website should also include a short pop-up message which explains that the site may gather information about visitors, together with a link to your Privacy Policy, where they can read about it how this works in more detail.

GDPR came into effect at the end of last month.