Website Compliance Checklist
Work through each item for your website. Aim to answer "yes" to every line.
Transparency
- [ ] A clear privacy notice is published and easy to find (for example in the footer).
- [ ] The notice describes what data you collect, why, and who you share it with.
- [ ] Each form explains why you are collecting the information.
Consent and cookies
- [ ] Marketing sign-ups use a clear opt-in, not a pre-ticked box.
- [ ] Cookies beyond what is strictly necessary are only set with consent.
- [ ] Users can withdraw consent or unsubscribe easily.
Data collection
- [ ] Forms collect only the data you genuinely need.
- [ ] Sensitive data is collected only where necessary and with a stronger basis.
Security
- [ ] The site uses HTTPS across all pages.
- [ ] Admin accounts use strong passwords and two-factor authentication.
- [ ] Plugins, themes, and software are kept up to date.
Rights and retention
- [ ] There is a way for people to request, correct, or delete their data.
- [ ] Form submissions and accounts are kept only as long as needed.
Third parties
- [ ] Analytics, chat, and other tools are known, necessary, and disclosed.
- [ ] Your developer or host has appropriate data processing terms.
Legal note. This is a general checklist, not legal advice. Adapt it to your site and confirm specifics against the Act.
