GDPR Website Checklist

Return to axis vMerchant & GDPR Frequently Asked Questions »

GDPR introduces the concept of freely given consent that is both specific and informed. Your website may not be GDPR compliant, depending on how you obtain consent and how you ensure that the visitor to your website is informed about the consent that they are providing.

The following points all apply to anyone capturing individual's details - not just eCommerce websites but CMS and Static websites can capture this information too via, for example, enquiry forms.

Users must opt-in

This point may seem an obvious one but you cannot assume that anyone is happy to receive marketing communications unless they have given their consent.

In other words, if you ever intend to contact any customer about anything other than the specific orders that they have placed, you must get their permission first.

Required Action »

Users must take a postitive action to opt-in

It must be clear to the user that they are opting in and they must make a conscious decision to do so. Essentially, this bans opt-in boxes that are pre-ticked and "reverse logic" opt-outs. See Examples below.

Required Action »

Separate Opt-Ins from other Confirmations

You should not bundle the consent for future contact into other consents, such as accepting terms and conditions.

Required Action »

Easy to Withdraw Consent

It must be as easy to withdraw consent in the future as it to give it. Generally, this means not only ensuring that every email communication contains an unsubscribe link but also that your website should provide a means for people to withdraw consent without waiting for your next marketing email.

Required Action »

Ensure that your Policy Documents (such Terms & Conditions, Privacy Policy and Cookie Policy) are updated

You should ensure that the various policy documents accessible via your website are updated for any required GDPR changes - for example, making it clear what you do with information received, how long you will retain it and where it may be stored.

Required Action »

Third Party Service Providers

You should verify the GDPR position regarding any third party service providers that you use and, especially, tracking applications. It is possible that these applications track users in a way that they have not consented to and so you should check with the individual service providers. Other service providers should be checked, such as review management companies and Payment Service Providers (PSPs).

Required Action »


Example 1

BAD - This is an opt-out rather than an opt-in

Example 2

BAD - This does not require a positive action to opt-in

Example 3

BAD - This is an implicit opt-in

Example 4

GOOD - They are only opted-in if they specifically choose to do so
and if they do nothing, they are not opted-in

Call Back
This site uses cookies. By continuing to access this site you are accepting the use of cookies by this site.
Read more about cookies...

Cookies are small text files stored on your device when you access most websites on the internet.

This Website uses cookies in order to make the Website easier to use, to support the provision of information and functionality to you, as well as to provide us with information about how the Website is used so that we can make sure it is as up to date, relevant and error free as far as we can. Further information about the types of cookies that are used on this Website is set out in the box below.

By using this Website you agree to our use of cookies. You can choose to restrict or block cookies set on the Website through your browser settings at any time. For more information about how to do this, and about cookies in general, you can visit Please note that certain cookies may be set as soon as you visit the Website, but you can remove them using your browser settings.

However, please be aware that restricting or blocking cookies set on the Website may impact the functionality or performance of the Website, or prevent you from using certain services provided through the Website. It will also affect our ability to update the Website to cater for user preferences and improve performance.

We don’t sell the information collected by cookies, nor do we disclose the information to third parties, except where required by law (for example to law enforcement agencies).

We may sometimes embed content from 3rd party websites such as YouTube. As a result, when you visit a page containing such content, you may be presented with cookies from these websites. We do not control the dissemination of these cookies and you should check the relevant third party's website for more information.

Cookies We Use

Cookie Description
CookieConfirm The presence of this cookie is used to remember the fact that you have confirmed that you are happy to accept cookies
ASPSESSIONIDxxxxxxxx This is a Session Cookie (session cookies are temporary and are erased when you close your browser). It identifies you from one page to the next and is used, for example, to keep track of your logged-in status.
UserID, account, password These cookies are used to remember your login credentials for when you next visit our website. They are only created if you choose the “Remember Me” option on the login page.
_utma, _utmb, _utmc, _utmz These are cookies created by Google Analytics and are used to provide us information on which web pages are the most popular, and the most popular search terms used by visitors arriving at our site.