Law 25 for SMEs: 10 Common Mistakes
Here's a quick checklist to secure your site (cookie banner, FR/EN policy, subcontractor registry) and gain credibility…
1) No functional cookie banner
Many SMEs have a cookie banner that displays but doesn't actually block third-party scripts before consent. Law 25 requires explicit and granular consent. Verify that Google Analytics, advertising pixels, and other tracking tools only load after acceptance.
2) Missing or incomplete privacy policy
Your policy must be accessible, in French (and English if you serve English-speaking clients), and mention all subcontractors processing data (Vercel, Google Analytics, Cal.com, etc.). Also include a mechanism for access/deletion requests within 30 days.
3) No subcontractor registry
Law 25 requires documenting all third parties accessing your data. Create a clear list with the service name, purpose, data processed, and server location.
4) Undocumented consent
You must be able to prove when and how a user consented. Keep consent logs with timestamps and chosen preferences.
5) No deletion mechanism
Users must be able to request access, rectification, or deletion of their data within 30 days. Create a simple form accessible from your privacy policy.
6) Data collected without clear purpose
Each data collected must have a legitimate and documented purpose. Avoid collecting information "just in case" without justification.
7) Undocumented international transfers
If you use services hosted in the United States or Europe, document these transfers and ensure contracts include data protection clauses.
8) No retention policy
Define how long you retain data and why. Law 25 requires keeping only what is necessary.
9) Absence of data protection officer
Designate a responsible person (DPO) and display their contact information in your policy. For SMEs, this is often the founder or IT manager.
10) No team training
Ensure your team understands Law 25 issues and knows how to handle access/deletion requests. Document your internal procedures.
Need help making your site compliant?
Contact us for a free diagnostic and discover how we can help you secure your site while improving your visibility.