Last checked: 03/06/2022

Securing a website

The development and maintenance of your website plays an important part in your online presence. Cybersecurity incidents such as theft of your customers' data could have a high impact on your business or brand on multiple levels:

Cybersecurity incidents that affect online shops can consist of:

It is also very important that you note what sensitive information you have on your site, prior to any security breach. You should consider the following:

You should also perform a complete audit of your systems, take note of the most important components and track everything. Make sure you are not the only person in your organisation who is aware of this audit, but also bear in mind that access to all data systems should only be granted on a need-to-know basis.

Protecting information on your website

It is important to reflect on how the core aspects of information security – confidentiality, integrity and availability – apply to your website and services and determine the service level requirements needed. Note that these requirements might be different depending on what other elements you have decided to integrate.

If you want your system to be secure, you need to make sure that the following components are protected:

How to respond to security incidents

It is important that, in the event of a security breach, there is an actionable plan developed which provides specific, concrete measures and procedures to follow a security incident. The procedures should address:

If you do detect a breach, follow these steps:

You should also create a data breach notification policy, which could be included in your privacy notice, and it should state how and when you will notify your customers if personal data is breached. You must also take into account that under the GDPR rules you are required to notify the supervisory Data Protection Authority once you become aware of any data breach.

At a national level, Computer Emergency Response Teams (CERT) are teams of security experts responsible for the management of security incidents (such as reporting and responding to security threats). They can give you information on what to do and who to turn to for help if you are under any type of cyberattack. They also publish alerts about vulnerabilities and threats in your country.

Choose country

Data protection compliance

The General Data Protection Regulation contains obligations for businesses collecting, storing and managing personal data. The 2 main goals of the GDPR are transparency and informing the public about how their data are used.

For more information on the overall provisions of the GDPR and how they apply to your business, visit the data protection subsection.

The part of your online shop that the GDPR concerns the most is the privacy notice (or policy). This notice is a public document issued by your business, in which it explains how it processes personal data and how it applies data protection principles. If your website collects a user's personal data directly, the privacy notice should be displayed the moment it does so.

The privacy notice should be written in:

Find out what your privacy notice should contain

The privacy notice displayed on your online shop should include the following information:

The privacy notice displayed on your online shop should include the following information:

Privacy notices must be provided in writing and supplied electronically (where applicable), published on a specific section of your website (for example: Privacy policyOpen as an external link) and must be accessible directly from any page or subpage on the site.

For more details and useful advice on drafting your privacy policy, you can refer to these practical GuidelinesOpen as an external link.

EU legislation

Need support from assistance services?

Get in touch with specialised assistance services

Do you have questions on operating a business cross-border, for example exporting or expanding to another EU country? If so, the Enterprise Europe Network can give you free advice.

You can also use the assistance service finder to find the right help for you.

Share this page: