GDPR for webshops

What is GDPR?

GDPR stands for “General Data Protection Regulation”. It’s an EU regulation regarding personal data and data protection.
More info can be found on this site:

First, it’s important to mention that we are not lawyers and that all information regarding GDPR on this page should be regarded as guidelines only. With this disclaimer out of the way we should now look at some of the areas you as a webshop-owner should be focusing on:

  • Privacy Policy, Cookie declaration and prior consent

  • Contact forms, Comment fields etc.

  • Newsletters

  • Cookies

Privacy Policy, Cookie declaration and prior consent

Start by updating your privacy policy, where you correctly describe which kind of data you are gathering on the website. This also applies your cookie declaration, but this can be more complicated since the content usually is more dynamic than the privacy policy. You can easily include your cookie declaration in the privacy policy. But have in mind that you need to describe your cookies accurately.

It’s relevant to mention that privacy policies and cookie declarations doesn’t need to be written by people with a legal background, it’s all about describing which data you gather and what you are using them for. The most important thing is to say what you do and do what you say.

One of the most important elements in the new rules is the prior consent – that means that your visitors and customers must consent BEFORE you collect and / or use their data.

Under the new rules your customers/visitors have a lot of rights about their personal data – See below. It’s a good idea to describe this in your privacy policy, as well as explaining what to do so they obtain these rights:

  • Right to change their consent (including withdrawal)

  • Right to delete their data (excluding data you must keep for legal reasons)

  • Right to have their data handed over

  • Right to complain about you if you do not comply with the rules

Contact forms, Comment fields etc.

You should attach a link to your privacy policy and an “I accept…” text with a checkmark (the checkmark should not be filled by default) on all the contact forms, order forms, comment boxes and similar forms from which you collect personal data (email, name etc.). It may also be a good idea to describe in a little more detail what you are using their personal data for and possibly how to get them removed again.


When new users subscribe to your newsletter, they should as a minimum be presented with a link to your privacy policy and an “I accept…” text with a checkbox – the checkbox should not be filled by default. Again, it may be a good idea to describe in more detail what you use their personal data and newsletter for, and possibly let them know that they can at any time unsubscribe and how to do that.

It can also be a good idea to inform all existing recipients of your newsletter about their right to unsubscribe from your newsletter, etc. The rules are slightly stricter when it comes to direct marketing.


One of the most complicated areas for webshops is most definitely cookies. Here, you must also have the prior consent of the users which means that cookies must not be saved in the user’s browser until the user has given his/her consent. However, this does not apply to the cookies that are required for your website to work.

In theory, not all websites fall under the new rules for prior consent, but in reality, it will probably be over 99% of all webshops, because most (all):

  • uses tracking tools such as Google Analytics

  • have 3rd part cookies from different plugins (e.g. Facebook, YouTube, Pinterest and Instagram)

  • have marketing cookies on their website (e.g. AdWords, remarketing, Facebook)

It’s important to understand that if you have cookies that sends data to a 3rd party, it’s your responsibility what happens to that data (it’s of course also the recipient’s responsibility, but also yours).

We, ourselves, are using Cookiebot to ensure that we comply with the rules. We are also Cookiebot retailer-and implementation partner, so we can help you install and setup Cookiebot on your website.

Here is some of the features you’ll receive with Cookiebot:

  • Automatic scan and update of new cookies on the website

  • Description of all the most common cookies

  • Easy to setup consent banner and cookie declaration – and on a wide range of languages

  • Prior consent

  • Log of all consents given – incl. reports

  • Integrated possibility to change consent

Cookiebot is a returning paid service that costs 9 € per month per domain (depending on the number of subpages on the domain). Read more here.

Contact us with the contact form here at the bottom of the page if you are interested to hear more about Cookiebot or would like help with other features regarding your website.


Setup and assistance

(We do not provide legal advice)


Compatible with:


What our clients says

Contact us

* Required Fields