Getting my Site GDPR Compliant


I have just made a website, which uses the Netlify form, which both takes peoples’ email and name. The answer is furthermore sent to my email as well.

I therefore need to have a Privacy Policy and Terms and Conditions document if I understand it correctly to be compliant with GDPR?

Do I just link to these two Netlify documents, or should I make my own or add others?

Hi @Thomasresen

I am certainly no expert on legal matters, but my understanding is you are the one responsible for the data collected on your site, so you need to make a document/statement of your own. As part of this you may need/wish to link to other documents such as Netlify’s as you are using their platform and user data touches their servers on the way to you.

If you’re up for a little light bedtime reading here is the official regulation


howdy @Thomasresen , here is the freshest info directly from our security team.

First, you will need to have your own Privacy Policy and Terms of Condition, since you are the one that controls the collection and use of PII data (defined as the Data Controller under GDPR). Netlify only hosts the data on your behalf (defined as the Data Processor under GDPR).

You’ll also need to sign a DPA with us, which is available here, at the bottom of the page.

let us know if you have any more questions, and thanks for thinking about GDPR compliance! :netliheart: