Data Privacy Compliance Checklist for Website Building Platforms

Technology and data privacy regulations are both evolving rapidly. Move to a data privacy-first approach for a fully dependable, futureproof customer acquisition strategy that centers around user consent.

Privacy regulations and enforcement bring complexity to the digital business landscape. Platforms, agencies and business professionals alike are navigating it while continually learning. Usercentrics helps manage the complexity for you. Website builders and agencies, CMS platforms and customers need high quality data, and user consent is critical.

Our Data Privacy Compliance Checklist for Website Building Platforms will help you to:

• enable your customers to collect consent from website visitors
• achieve compliance with data privacy regulations
• run remarketing and re-engagement campaigns
• activate data to drive growth
• decrease user acquisition costs

This Data Privacy Compliance Checklist provides a step-by-step guide to help bring your Website Building Platform and marketing strategy into alignment with the GDPR and ePrivacy Directive and the CCPA/CPRA. Don’t risk losing customers and putting your partners at risk.

Step 1: Have a comprehensive Privacy Policy and a cookie banner as part of your platform offering

• Enable customers to provide a Privacy Policy that is easy to find, read, and understand for the average user. 
• Clearly inform about cookie usage on the website, e.g. cookie lifespan, and all parties that can access data from them, especially third parties. 
• Make privacy and cookie use information available via a banner when users arrive at your customers’ websites. 
• Partner with a Consent Management Platform to enable scalable implementation across thousands of websites at once.

Step 2: Enable agency partners and customers to disclose their website users that they are using cookies and other tracking technologies

• Ensure that website visitors are informed of cookie usage and provided with consent options (if relevant) at or before the point of data collection. 
• Include cookie use information in the Privacy Policy and cookie banner.

Step 3: Explain what cookies and other tracking technologies are used for on the website(s)

• Enable agency partners and customers to inform website visitors about the purpose of each cookie individually to ensure specific, granular consent can be obtained. 
• Include information about cookie use in the Privacy Policy. 
• Check with relevant data protection authorities and regulations for further details and regional or regulation-specific requirements, e.g. for contents of the Privacy Policy or cookie banner.

Step 4: Enable collection of valid consent to store the cookies and trackers in the user’s browser or device

• Explicit: Active acceptance, e.g. ticking a box or clicking a link. 
• Informed: Who, what, why, for how long? 
• Documented: The website operator has the burden of proof in the case of an audit. Ensure consents are securely documented and stored. 
• In advance: No data is collected before the user has consented, i.e. cookies cannot be set on the website before the user has consented to them or if the user declines. 
• Granular: Individual consent for each individual purpose, i.e. consent cannot be bundled with other purposes or activities. 
• Freely given: Provide “Accept” and “Reject” options, e.g. buttons, that are equally displayed and accessible. 
• Easy to withdraw: Enable opt out on the same layer as opt in.

Step 5: Ensure access to the website or service even if end users do not consent to use of cookies and tracking technologies

• If the website visitor does not consent to cookie use or access to their personal data, no unessential cookies can be set. Essential cookies are the exception and do not require consent. 
• Ensure website visitors can still access the website even if they refuse to allow the use of all or some cookies or tracking technologies.

Step 6: Collect and process data only after obtaining valid user consent, only for the stated purpose(s)

• Cookies and tracking technologies are not loaded until end-user consent has been obtained. 
• Once valid consent has been recorded, website tracking can be initiated for the services the user has consented to and can collect and process relevant personal data for the purposes for which the user has been informed.

Step 7: Enable agency partners and customers to securely document and store consent received from website visitors

• Ensure that consents from website visitors, that are compliant with relevant regulations, can be verified in case of an audit by data protection authorities (DPA).

Step 8: Opt out must be as simple and easy to access and complete as opt in

• Ensure that declining or withdrawing consent or otherwise changing consent preferences later on is easily accessible for end-user visitors and customers of agency partners and their customers to demonstrate respect for user privacy. External links to a separate page for opt out are not sufficient or equal. 
• Ensure that accept and reject options are similarly designed and displayed, e.g. on the same layer, in the same format, with the same degree of simplicity.

Step 9: Stop all data collection and use immediately after opt out

• Ensure that from the moment consent is declined or withdrawn, no further data is collected, forwarded, or shared.

Step 10: Provide a customizable banner to help increase interaction and acceptance rates

• Enable pre-approved templates and configuration options for consent banners. To help agency partners and customers improve consent rates.