#1 – Give Visitors the Option to Opt-Out of Cookie Tracking

How you do this will depend upon the cookie tracking methodologies you currently employ. If you use a marketing automation platform like Marketo or Hubspot, you may need to explore the setting options available to honor opt-out requests from visitors. If you employ tracking via pixels, you may need to manually delete user data, and add a pop-up, opt-out notification box on your site.

#2 – Set Up a Dedicated Subscription Management Page/Portal

If your website serves as the hub for membership subscriptions or is where a visitor signs up for a subscription to a service, newsletter, etc., add functionality that allows management of that subscription. A user should be able to dictate the frequency and type of communication that they receive and have a way to cancel said subscription.

#3 – Set up an Opt-In Process

You may already have an opt-in process in place, but it needs to conform to the new GDPR consent specifications. You will be required to document the consent date, reason for processing, the way the consent was obtained, and past consent history. If your forms currently have opt-in boxes that are pre-checked, you will need to remove that functionality. Your form also needs to make it clear exactly what the user is opting into.

#4 – Protect the Data You Collect

Under GDPR, it is your responsibility to protect the data that you collect from users. Limit the access to the data you collect, within your organization. Only those that need the data to perform their job functions, should have access and that access should be monitored and tracked.

#5 – Update Your Company Privacy Policy

Your privacy policy should clearly and concisely state what is being collected, how it is used by your company and how a user may gain access and request deletion of their collected data.

Source:

https://www.salesforce.com/gdpr/overview/

http://spearmarketing.com/blog/prepare-for-gdpr/