AppitectAppitect
CSEN

GDPR (General Data Protection Regulation)

GDPR (General Data Protection Regulation) is a European Union regulation on the protection of personal data, in force since 25 May 2018. In the Czech Republic it is supplemented by Act No. 110/2019 Coll. GDPR sets out the rules under which companies and organisations may collect, process, store and share the personal data of EU citizens. Every website that collects any personal data (email, name, IP address, cookies) has to comply with GDPR. Breaches can lead to fines of up to EUR 20 million or 4% of annual turnover.

  • /01

    What GDPR means for your website

    If you have a website with a contact form, a newsletter, analytics tools or cookies, GDPR applies to you. You must have a clear privacy policy, inform users which data you collect and why, obtain consent before setting non-essential cookies, give users access to their data and the right to be forgotten, and protect their data against breach. All of this must be implemented on the site transparently and in plain language.

  • /02

    Cookie banners and consent to cookies

    One of the most visible impacts of GDPR on websites is the mandatory cookie banner. Before setting analytical, marketing or other non-essential cookies you have to obtain the user's active consent. That means cookies must not be pre-ticked and the user must have a real option to reject them. You may only run Google Analytics, the Facebook Pixel or any tracking script after consent has been given. At Appitect we implement cookie management with full GDPR compliance.

  • /03

    Privacy policy

    Every website needs a privacy policy page in which you clearly describe: who the data controller is (your company), which data you collect, for what purpose, how long you keep it, who you share it with, what rights users have and how they can exercise them. The document must be written in plain language, not legalese. The link to the privacy policy must be easily accessible from every page of the site.

  • /04

    Practical steps to GDPR compliance

    For basic GDPR compliance of your website you need to: implement a cookie banner with granular consent, create a privacy policy page, add consent to data processing on contact forms, secure the website with an HTTPS certificate, set the correct data retention periods and have a process for handling requests for access to data or its deletion. If you're not sure, we recommend consulting a lawyer who specialises in personal data protection.

  • /05

    Practical example

    When building a website for a clothing e-shop we implemented a complete GDPR solution: a cookie banner with granular choices (analytical, marketing and preference cookies), a privacy policy page, double opt-in for the newsletter, encrypted storage of customer data and automatic deletion of inactive accounts after 3 years. The client can therefore do business with confidence that they meet all legal requirements.

Need a website that complies with GDPR? We'll handle the technical implementation, from the cookie banner to data security.

We'll be glad to help. The consultation is free and with no obligation.

Get in touch

Need help with your project?

Don't hesitate to reach out — we'll happily advise you on anything from website development to online marketing. The consultation is free.

We respond within 24 hours on business days.