Unless you’ve been living under a rock the last month or two, you’ve heard about the European Union’s General Data Protection Regulation (GDPR).

Your first thought may be, “Why should I care, I’m not in the EU?” Well my dear, that’s the reason for this post. It matters to everyone. EU-based or not.

But, before I go any further, I need to tell you this:

*We are not legal experts. It’s up to you to find the best solutions for your business, get assistance from a qualified professional, and ensure compliance within your business and website is met correctly.

GDPR and what it means for your business | TheEssentialWebsite.com

GDPR Compliance – The Basics
  • This GDPR goes into effect May 25, 2018. This means your company should be compliant by that date.
  • It will be enforced. This regulation was put into effect to protect every individual’s personal and private information, and it’s going to be taken very seriously. Do we think they are going to let out the internet guard dogs and you’ll be heavily fined on day one? No. But, you should not procrastinate when it comes to getting your business and website compliant.
  • The biggie that has most businesses freaking out right now? The part of the regulation that has to do with email list opt-in forms on your website, Facebook or other social media platforms that allow you to embed or link to a sign-up form. Gone are the days of site visitors simply exchanging their email address for your free gift (i.e. an ebook or coupon). If you plan to add people to your email marketing list through an opt-in form on your website or another embedded or linked form, you’ll need to comply with the GDPR. The basics that will probably need to be updated on your website are:

    • Updating your privacy policy to be GDPR compliant
    • Updating or adding a cookie policy (with some type of banner/pop-up notification)
    • Providing a link to your privacy policy wherever you collect any type of information. This means every opt-in area, every form (i.e. a contact form), your shop, shop checkout, and any other place you may collect information of some sort.
    • Providing a way (at the point where you collect an email address for your opt-in) for your online visitors to choose to be added to your list or not (and more).
  • It covers more than just your website and your email list. This regulation covers how you handle and store people’s information, if the services you use are GDPR compliant, and more.
  • You must reach out (before May 25, 2018) to anyone currently on your email list that is located in the EU (was geolocated by your email marketing service as opting in while in the EU) and ask them if they want to continue to be on your list. There must be explicit consent given.
  • On May 24, 2018, you must delete any EU subscribers who have not given consent to stay on your list.
  • You can only send the type of email your EU subscriber has agreed to receive (i.e. discounts and coupons, how-to posts, etc.). Nothing else.
  • You must honor any requests to be removed from your list, to edit their information, and other requests as stated in the GDPR.
  • The GDPR regulation is to protect website visitors located within the EU. This means EU residents, your sister on vacation in Paris but lives in New Mexico, possibly even EU residents who are visiting Florida, etc.
  • Be aware – everyone (including companies located within the U.S.) is required to comply – because you may have people who live (or just happen to be in the EU) who visit your website, comment on a post, etc. You may be thinking, “I don’t have clients outside of the U.S., why do I need to worry about this?” You can’t control who visits your website. So, you are required to comply. Just by the simple act of visiting your website, you are collecting information (think Google Analytics, Facebook Pixel, IP addresses, etc.).
  • Companies located within the EU, even if all their clients are U.S.-based (as an example) must also comply. The GDPR was set up to protect all information going in and out of the EU.

We know…it’s a lot and can sound pretty overwhelming. We were overwhelmed, too. Good news is, you don’t have to lose sleep about getting your website and/or business compliant. Yes, it’s important, but if you are actively working on getting your GDPR ducks in a row and don’t just blow this off, you should be ok.

Take it in baby steps like we did (as far as the email opt-in portion of our website is concerned) so it’s not so scary:

  1. Make a list of all of the ways you are tracking, collecting, processing, or storing data (i.e. your data processors: Google Analytics, PayPal, your excel spreadsheet, your project management software – everything). You need to know who the processors are and verify if they are and also compliant.
  2. Update your policies (privacy, cookie, and possibly your terms).
  3. Sort out your EU subscribers.
  4. Update your website and opt-in process.
  5. Email your EU subscribers for re-consent.
  6. Review the information in the links below (for more steps).
GDPR resources:

During our freakout and worry sessions over this new regulation, we came across a lot of great resources. In the list below, you’ll find people who can give you ALL of the details, provide even more information about things covered (and not covered) in this post as well as options to help you get it all done.

What & Why (Details by the Experts):

Get Help with Compliance:

Once you get your policies sqaured away, we can help implement them on your website. Check out the GDPR Website Compliance Starter Package for details.

Remember, our list of “things to do” is not inclusive of every possible business, website and/or scenario. You may need to do more to become compliant with the GDPR. In fact, the regulations set within the GPDR may change as the regulation gets updated, services you use may become non-compliant, your record keeping process may modify, you may experience changes within your business, and other things that may affect compliancy going forward. Consult a legal professional to help you sort it out.

I can’t end this post without saying a BIG thank you to the amazing resources mentioned above for helping us all understand this a little better.

If you have other great resources, please share below. Or, tell us about your experience with getting your own business complaint.

I’d love to hear from you!

About Janet

Hi there! I’m Janet Hoover, designer, code techie, dog lover and co-founder of The Essential Website. Our big thing is helping people bring their online visions to life more beautifully, polished and smarter! We create custom-crafted, hand-coded WordPress websites for biz-builders, action-takers and dreamers who are ready to GROW and shine online! We’re here to help you stop dreaming and start doing with the perfect online solution for your one-of-a-kind biz.


  1. Radhika on May 24, 2018 at 2:54 pm

    Thank you! This is a really helpful and easy-to-understand post on a very complicated topic.

    • Stefani and Janet on May 24, 2018 at 2:58 pm

      Thank you, Radhika! We’re so glad it was helpful! This topic is NOT fun! 🙂

Leave a Comment