Templates and checklists

Checklist · Online

Website Compliance Checklist

A practical checklist to make your website handle personal data in line with the Data Protection Act.

Editable checklist
This is a general starting template, not legal advice. Adapt it to your business and have it reviewed before you rely on it. Text in square brackets is for you to complete.

Website Compliance Checklist

Work through each item for your website. Aim to answer "yes" to every line.

Transparency

  • [ ] A clear privacy notice is published and easy to find (for example in the footer).
  • [ ] The notice describes what data you collect, why, and who you share it with.
  • [ ] Each form explains why you are collecting the information.
  • [ ] Marketing sign-ups use a clear opt-in, not a pre-ticked box.
  • [ ] Cookies beyond what is strictly necessary are only set with consent.
  • [ ] Users can withdraw consent or unsubscribe easily.

Data collection

  • [ ] Forms collect only the data you genuinely need.
  • [ ] Sensitive data is collected only where necessary and with a stronger basis.

Security

  • [ ] The site uses HTTPS across all pages.
  • [ ] Admin accounts use strong passwords and two-factor authentication.
  • [ ] Plugins, themes, and software are kept up to date.

Rights and retention

  • [ ] There is a way for people to request, correct, or delete their data.
  • [ ] Form submissions and accounts are kept only as long as needed.

Third parties

  • [ ] Analytics, chat, and other tools are known, necessary, and disclosed.
  • [ ] Your developer or host has appropriate data processing terms.
Legal note. This is a general checklist, not legal advice. Adapt it to your site and confirm specifics against the Act.