This website uses cookies.
By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.
Ok, don't show again

GDPR Compliance Checklist For Your Web Extension

General Data Protection Regulation aka GDPR can be considered as the world's strongest set of data protection rules. However, back in 2018 it was a real headache for European businesses. And even today I kept being asked the same question over and over again: 'Do your solutions comply with the GDPR?' And my answer is always the same: 'Of course they do!'

So why is it crucial and how to make sure your business is not getting fined for non-compliance with the GDPR?

Eli Tabrisov
  • Do not store any personal data in the extension
  • Do not collect any data until the user allows you to do so
  • Describe all required permissions
You have to note, that before publication in the web store your project will be validated by reviewers. Among the others, here is the checklist of requirements, for compliance with which ANY project is audited:
In order to comply that you should implement the UI part. Which is included but not limited: modal window, options page, popup. It has to be a very first modal window, with the text of your project policies and evidence that you agree and comply with the GDPR. The second one is the options page - extension page which is isolated from others, where you can kindly ask the user to turn on some features such as collecting data (e.g. google analytics, Facebook pixel).
You must change your code properly in order to respond to the decisions made by the user. In case the user declines the request for collecting data, you should NOT proceed with the data collection. This functionality also reviewed.
In case you get caught by a reviewer for not playing by the rules, you will cause serious consequences. Starting with getting your extension disabled for all users (included your current active users) and if you do not fix the case in one week, they will completely delete it from the web store. In case of relapse or constantly ignoring requirements the company will face heavy penalties. Ignorance of the laws does not exempt you from complying with them.
After all, I described only the tip of the iceberg. The approval process may take some time especially if you're doing it for the first time. And time is money.

So, it's in your own interests. That's why I recommend to trust the professionals in this matter and let them handle the GDPR compliance process.

Previous articles

Successful cases, development life hacks and guaranteed ways to increase user retention and profit growth.


Our goal is to understand your challenge and provide a solution that satisfies your expectations. This ends up in close and long term relations with our clients.
By submitting you agree with the Privacy Policy statement