Data Privacy Compliance

Checklist for Website

Building Platforms
Offer GDPR and CCPA/CPRA compliance
 Ensure that all of the websites on your platform are on the
right track to compliantly manage cookies and meet GDPR,
ePrivacy Directive, CCPA and CPRA requirements.

Have a comprehensive Privacy Policy and a cookie banner as

1
part of your platform offering

q Enable customers to provide a Privacy Policy that is easy to find,

read, and understand for the average user.

q Clearly inform about cookie usage on the website, e.g. cookie

lifespan, and all parties that can access data from them, especially
third parties.

q Make privacy and cookie use information available via a banner when
users arrive at your customers’ websites.

q Partner with a Consent Management Platform to enable scalable

implementation across thousands of websites at once.

Enable agency partners and customers to disclose their website

2
users that they are using cookies and other tracking technologies

q Ensure that website visitors are informed of cookie usage and

provided with consent options (if relevant) at or before the point of
data collection.

q Include cookie use information in the Privacy Policy and cookie banner.

© U S ERCEN T R I CS 2 0 2 3 US E RC E N TRI CS.COM

 Explain what cookies and other tracking technologies are used for
3
on the website(s)

q Enable agency partners and customers to inform website visitors

about the purpose of each cookie individually to ensure specific,
granular consent can be obtained.

q Include information about cookie use in the Privacy Policy.

q Check with relevant data protection authorities and regulations for

further details and regional or regulation-specific requirements, e.g.
for contents of the Privacy Policy or cookie banner.

Enable collection of valid consent to store the cookies and

4 trackers in the user’s browser or device

q Explicit: Active acceptance, e.g. ticking a box or clicking a link.

q Informed: Who, what, why, for how long?

q Documented: The website operator has the burden of proof in the case
of an audit. Ensure consents are securely documented and stored.

q In advance: No data is collected before the user has consented, i.e.
cookies cannot be set on the website before the user has consented
to them or if the user declines.

q Granular: Individual consent for each individual purpose, i.e. consent

cannot be bundled with other purposes or activities.

qF
 reely given: Provide “Accept” and “Reject” options, e.g. buttons,
that are equally displayed and accessible.

qE
 asy to withdraw: Enable opt out on the same layer as opt in.

© U S ERCEN T R I CS 2 0 2 3 US E RC E N TRI CS.COM

 Ensure access to the website or service even if end users do not
5
consent to use of cookies and tracking technologies

q If the website visitor does not consent to cookie use or access to their
personal data, no unessential cookies can be set. Essential cookies are
the exception and do not require consent.

q Ensure website visitors can still access the website even if they refuse
to allow the use of all or some cookies or tracking technologies.

Collect and process data only after obtaining valid user consent,
6
only for the stated purpose(s)

q Cookies and tracking technologies are not loaded until end-user

consent has been obtained.

q Once valid consent has been recorded, website tracking can be

initiated for the services the user has consented to and can collect
and process relevant personal data for the purposes for which the
user has been informed.

Enable agency partners and customers to securely document

7
and store consent received from website visitors

q Ensure that consents from website visitors, that are compliant with
relevant regulations, can be verified in case of an audit by data
protection authorities (DPA).

© U S ERCEN T R I CS 2 0 2 3 US E RC E N TRI CS.COM

 Opt out must be as simple and easy to access and complete as
8
opt in

q Ensure that declining or withdrawing consent or otherwise changing

consent preferences later on is easily accessible for end-user
visitors and customers of agency partners and their customers to
demonstrate respect for user privacy. External links to a separate
page for opt out are not sufficient or equal.

q Ensure that accept and reject options are similarly designed and
displayed, e.g. on the same layer, in the same format, with the same
degree of simplicity.

9 Stop all data collection and use immediately after opt out

q Ensure that from the moment consent is declined or withdrawn, no

further data is collected, forwarded, or shared.

Provide a customizable banner to help increase interaction and

10
acceptance rates

q Enable pre-approved templates and configuration options for

consent banners. To help agency partners and customers improve
consent rates.

Is your website building platform offering cookie management and control?

Partner with Usercentrics to become a privacy by design platform. Contact our
experts to learn how our partnership opportunity can enable you to do that.

Contact our experts

© U S ERCEN T R I CS 2 0 2 3 US E RC E N TRI CS.COM