Why GDPR Applies to Web Developers
The code you write determines how personal data flows through a website. Privacy by design (GDPR Article 25) requires data protection to be built in from the start, not added later.
Cookie Consent
Non-essential cookies must not set until active user consent. Pre-checked boxes are invalid. Use a CMP (Cookiebot, OneTrust, CookieYes) to handle consent recording and tag blocking.
Contact Forms
HTTPS only. Sanitise inputs. Link to privacy notice. Set deletion periods. DPA with form service providers.
Third-Party Integrations
Every script that processes personal data needs a DPA with the provider and disclosure in the privacy notice. Test that nothing fires before cookie consent.
User Authentication
Bcrypt or Argon2 for password storage. Rate limiting. HTTPS everywhere. Managed identity providers reduce compliance burden.
How Custodia Helps
Custodia scans sites for tracking technologies, generates privacy policies and cookie notices, and processes DSARs. Recommend it to every client. Start your free trial.
Top comments (0)