GDPR and ePrivacy
The implications for you and your website

The General Data Protection Regulation (GDPR) and the ePrivacy Regulation (ePR) come into effect 25th May 2018. These two new EU regulations are intended to better protect the personal data and privacy of EU individuals. They apply to any website owner with customers residing in any of the EU member countries.

The GDPR and ePR seek to address mounting concerns about the use and privacy of personal data online by increasing the rights of individuals, giving individuals greater control over the use of their personal data, and by expecting companies, organisations and website owners to adhere to strict requirements. The new regulations mean that it is no longer necessary to understand and comply with the different privacy laws of 28 different EU countries. Now, there are just one set of regulations covering all member states.

What is the definition of personal data?

Under the new regulations, personal data is any information which can be used to identify a unique individual. Online, this can include information generated by cookies and other trackers (including information generated by embedded third party services such as Google or Facebook), as well as an individual’s own computer IP address. Website owners are required to provide the same level of protection for this information as for name, address, bank details and social security number. Critically, even if anonymised, this information is still classed as personal data if the individual can be identified through ‘reverse engineering’ methods.

What are the requirements for website owners?

The requirements are numerous and cannot be documented in full on this website. However, as a website owner you must:

  • be fully aware of all tracking technology on your website/s and its purpose
  • obtain user consent prior to any data processing taking place
  • record evidence of consent
  • ensure your website offers the option to withdraw consent
  • know what data your website shares with third parties and where, globally, the data is sent

What if my website doesn’t comply?

There are large fines for non-compliance. Businesses can be fined 4% of their global turnover or up to €20 million, whichever is greater.


Following Brexit, the UK Government intends to implement equivalent legislation similar in content to the GDPR and ePR

Get in touch to find out how IT Trust helps
make your website GDPR compliant

Contact Us

If you’d like to trial IT Trust for yourself, or would simply like to find out more, get in touch with us using the form below. We aim to respond within 1 working day.

We only ask for your email address when you request a call back so we have another way of contacting you, should we experience problems in calling you.
This form collects personal information relevant to the options you have chosen, so that our support team can communicate with you in response to your enquiry. Please check our privacy policy to see how we protect and manage your submitted data.