How The GDPR Affects Your Business


You may have heard the news about a data privacy law, called the General Data Protection Regulation (GDPR), that will go into effect in Europe this Friday regulating how organizations obtain and handle personal data of EU and UK residents.

While it might seem like a European law won't affect US-based businesses, due to the global nature of the internet, there are a few instances in which US businesses might be monitoring data of EU residents and will need to take steps to comply with laws.

So, what does this mean for me? Basically, if your website has Google Analytics, a Facebook Pixel or other tracking code or if you collect emails and might receive information from EU residents, there a few steps we recommend taking. If you market or sell directly to EU residents, these steps are a must!

Disclaimer: We're not lawyers, just your friendly neighborhood social media experts! If you have detailed questions about what actions you need to take regarding the GDPR, it's best to seek out legal counsel!

1. Set up a pop-up on your website to allow visitors to opt-in or opt-out of cookies and other tools that collect their data.

     –If you use Squarespace, Shopify, BigCommerce, Wordpress or any other large website hosting company, follow the corresponding link above for instructions on how to set up a pop-up about cookies on your site. For any hosting platform not listed, Google the name of the site and GDPR and instructions should come up! The set-up process for these platforms should be relatively simple, please feel free to reach out if you have any trouble at all!

     –If you have a custom website or work with a website company or manager, reach out to them about installing a pop-up to provide visitors the option to opt-in or opt-out of cookies and collection of their personal data.

2. Audit your existing data and marketing practices.

     –Does your existing email list have residents of the European Union? It might be worthwhile reconfirming consent to email them, if so.

     –Do you, at any point, collect personal information from website users or contacts without their explicit permission (i.e. they can choose to check a box allowing you to use their information)? If so, review this process to ensure the data you collect is absolutely necessary.

      –Create a GDPR-friendly email collection form for new sign-ups, like this one from our friends at MailChimp.

      –Check out the steps MailChimp suggests its users take for compliance.

3. Update your website Privacy Policy (or create one!)

     –It's good practice in general to have a clear Privacy Policy for your website! You can check out templates here and here or free privacy policy generators here and here. (But again, this might be a good time to consult legal counsel or a data protection professional!)

4. Read up on the GDPR

 –Helpful articles on the law can be found here, here and here. Let us know what you think, we'd love to hear your thoughts!

If you made it this far, thanks for sticking with us and come back soon for more updates!