GDPR & Cybersecurity: How Can I Make My Website Compliant?

Table of content

Written By:

In addition to the health crisis of which we are all aware, the year 2020 was marked by a 46% increase in the number of hours spent in front of screens, whether remote working, searching for activities, watching videos, creating content or even online shopping. Taking that all into account, an increase of 8.5% was seen in the e-commerce sector, or €112 billion thanks to the accelerated digitization of companies.

If this was a boon for commerce, it was also a fairground for sites created quickly, often in haste, sometimes without means and without taking into account the cyber risks and legal obligations involving publishers or editors of publications.

It seemed logical that 2020 would also be marked by a massive increase in cybercrime. It must be said that this activity was lucrative: it cost the global economy $1 trillion in 2020, this figure could be multiplied by 6 this year.

The ANSSI (National Agency for the Security of Information Systems), which published its figures, has made reference to an “explosion” of cybercrime, up 255% with phishing attacks accelerating up to 600%. In this context, the affected companies and organizations have sought as best they could help and assistance from the site cybermalveillance.gouv.fr.

The duality of this crisis for companies, whatever their size (mid-market company, SME, VSB, etc.) consists in the fact that they are victims but are also responsible; responsible in particular for not having engaged the compliance and security of their website.

It is in this context that the CNIL in its publication of February 4, 2021 encouraged ”private and public organizations to audit their websites and mobile applications” while recalling that since the publication of its amending guidelines and recommendation on the use of cookies (September 17, 2020), it had left 6 months for interested parties to comply, that is until March 31, 2021.

How to proceed? Where to start?

The finding was swift:

  • 90% of companies had IT weaknesses in 2020,
  • More specifically, 77% of French companies are in violation of GDPR (General Data Protection Regulation) and 88% of them have no program in place for data retention,
  • Finally, l’Usine Digitale revealed according to a study that in 2020, only 11.8% of CMPs (Consent Management Platforms) meet the requirements of GDPR and cookie regulations and 32.5% use implied consent.

Faced with these figures, asking the right questions about the status of its website regarding the regulation is essential:

  • GDPR imposes the principle of minimization. This requires that the data collected by the organization be adequate, relevant and limited to what is necessary for the purposes for which they are processed. Therefore, what types of data are collected on my site? Are they relevant?
  • The principles of fairness and lawfulness impose two questions:
    *Is my processing lawful with regard to Article 6 of GDPR, i.e. do I have the right to carry out this processing? Is it consensual? Is it authorized by law? Is it contractually permitted? Required with regard to my legitimate interest?
    *On the other hand, have I sufficiently informed my users about the processing of personal data that concerns them? Is this information easily accessible and delivered in your clear and precise terms?
  • Is my site sufficiently secure with regard to, for example, the requirements of the ANSSI so that my users’ data are sufficiently protected?
  • Have I properly informed my users of their rights with respect to their personal data and have I set up an effective procedure enabling them to exercise these rights?
  • Are the consents required for certain processing operations informed? How is it stored?

This list is far from exhaustive and at first glance discourages many data controllers. We know this. This is why our consultants accompany private and public organizations on all issues related to the compliance of their website and their security.

More than compliance, a certification.

However, our reflection went much further because beyond a legal and basic compliance, it is now necessary for organizations to restore their reputation with their users.

The legitimacy and credibility of websites must be restored and to do this, we have developed a GDPR compliance and web security certification to overcome this feeling of insecurity about personal data.

Thanks to a complete and detailed matrix built by our experts in personal data protection, which is based on several checkpoints, we will establish the degree of compliance of your website.

Our audit is based on the classic benchmarks such as the guidelines for cookies, the recommendations for securing websites of the ANSSI, the general security benchmark, the cybersecurity guide, and more.

This will lead to operational recommendations which, if they are followed or even carried out subsequently by our experts, will allow you to obtain DPO Consulting’s GDPR Certification to be affixed to your site with the objective for you to:

  • Reinforce trust by promoting a serious and responsible image of your company
  • Improve commercial efficiency based on accurate data,
  • Better manage your business and enhance the value of prospect and customer data by asking the right questions about your business and processes
  • Improve data security and protect your company’s information assets
  • Reassure your customers and principals by presenting a competitive advantage
  • Develop your business by creating new services (for example with data portability or personalization).

– Stephanie Broggini

Read this next

See all
Hey there 🙌🏽 This is Grained Agency Webflow Template by BYQ studio
Template details

Included in Grained

Grained Agency Webflow Template comes with everything you need

15+ pages

25+ sections

20+ Styles & Symbols

Figma file included

To give you 100% control over the design, together with Webflow project, you also get the Figma file. After the purchase, simply send us an email to and we will e happy to forward you the Figma file.

Grained Comes With Even More Power

Overview of all the features included in Grained Agency Template

Premium, custom, simply great

Yes, we know... it's easy to say it, but that's the fact. We did put a lot of thought into the template. Trend Trail was designed by an award-winning designer. Layouts you will find in our template are custom made to fit the industry after carefully made research.

Optimised for speed

We used our best practices to make sure your new website loads fast. All of the images are compressed to have as little size as possible. Whenever possible we used vector formats - the format made for the web.

Responsive

Grained is optimized to offer a frictionless experience on every screen. No matter how you combine our sections, they will look good on desktop, tablet, and phone.

Reusable animations

Both complex and simple animations are an inseparable element of modern website. We created our animations in a way that can be easily reused, even by Webflow beginners.

Modular

Our template is modular, meaning you can combine different sections as well as single elements, like buttons, images, etc. with each other without losing on consistency of the design. Long story short, different elements will always look good together.

100% customisable

On top of being modular, Grained was created using the best Webflow techniques, like: global Color Swatches, reusable classes, symbols and more.

CMS

Grained includes a blog, carrers and projects collections that are made on the powerful Webflow CMS. This will let you add new content extremely easily.

Ecommerce

Grained Template comes with eCommerce set up, so you can start selling your services straight away.

Figma included

To give you 100% control over the design, together with Webflow project, you also get the Figma file.