GUIDES / RGPD

GDPR for Your Website, Without the Legal Jargon

← All guides
RGPD Beginner 3 Jun 2026 7 min read by Les Techniciens du Net

GDPR for Your Website, Without the Legal Jargon

What the GDPR requires from any site that collects data (a form, an email, statistics), the core principles, people's rights, and a practical checklist to stay compliant.

#gdpr#personal data#compliance

The GDPR is intimidating, especially for small organisations. Yet the spirit of it is simple: respect people’s data. Here is the essence, translated into concrete actions.

What is it, and who does it concern?

The GDPR (General Data Protection Regulation) is the European law that governs the use of personal data. Any organisation that collects it is concerned — a company, a freelancer, a nonprofit, a local council. The moment a visitor leaves an email through a form, you are processing personal data.

A personal data point = any information relating to an identifiable person: name, email, phone, address, but also an IP address or an identifier.

The core principles

  • Purpose: collect for a specific, stated reason (“to answer your request”).
  • Minimisation: ask only for what is necessary (a contact: name, email, message — no more).
  • Consent: for anything not essential (newsletter, trackers), you need free and clear agreement.
  • Transparency: state who collects, what, why, for how long.
  • Security: protect the data (HTTPS, limited access, backups).
  • Limited duration: do not keep data indefinitely.

People’s rights

Anyone can ask you for:

  • access to their data,
  • their rectification or their erasure,
  • to object to a processing operation (e.g. unsubscribe).

You must be able to respond to these requests within a reasonable timeframe.

A practical checklist for a small site

  1. A clear privacy page: who, what, why, for how long, and how to exercise one’s rights.
  2. Minimalist forms: ask only for the essentials.
  3. Explicit consent for the newsletter and for non-essential cookies (see our article on cookies).
  4. HTTPS enabled (security of exchanges).
  5. No reselling of data; providers (emailing, host) that are compliant.
  6. A point of contact for exercising one’s rights (often the email in the legal notice).

Key takeaways

The GDPR does not require you to be a lawyer: it asks for common sense and transparency. Collect little, say so clearly, secure it, and honour requests. For complex cases (sensitive data, large volumes), get professional support — but for a showcase site, these actions cover the essentials.

⚠️ This article explains the principles; it is not a substitute for legal advice in specific situations.

Test your knowledge

0 / 4
  1. The GDPR applies to…

  2. A 'personal data' point is…

  3. The principle of 'minimisation' means to…

  4. A person has the right to…