GDPR Basics + Resources

By now, you’ve most likely heard about the European Union’s General Data Protection Regulation (GDPR). The GDPR, similar to the CCPA (California’s Privacy Protection Act), is a law on data protection and privacy.

Your first thought may be, “This doesn’t apply to me, I’m not in the EU.” No so fast. That’s the reason for this post. It matters to everyone, whether you are EU-based or not.

But, before we go any further, we need to tell you this:

*We are not legal experts. It’s up to you to find the best solutions for your business, get assistance from a qualified professional, and ensure compliance within your business and website is met correctly.

GDPR and what it means for your business |

gdpr Compliance – The Basics

  • This regulation was put into effect to protect every individual’s personal and private information, and it’s going to be taken very seriously (it will be enforced). You don’t want to procrastinate or hope for the best when it comes to getting your business and website compliant.
  • The biggie that affects most businesses online? The part of the regulation that has to do with forms on your website, Facebook, or other platforms. If you plan to add people to your email marketing list through an opt-in form on your website or any other platform where you collect personal information (name, email, etc.), you’ll need to comply with the GDPR.
  • The GDPR covers more than just your website and your email list. This regulation covers how you handle and store people’s information, if the services you use are GDPR compliant, and more.
  • You need to reach out (this should have been done before May 25, 2018) to anyone currently on your email list who is located in the EU (meaning, he/she was geolocated by your email marketing service as opting-in while in the EU) and ask him/her if they want to continue to be on your list. There must be explicit consent given. This doesn’t mean people who live in the EU, it means anyone who happened to be in the EU (think pre-2020 when people traveled) at the time they visited your site.
  • You should have, on May 24, 2018, deleted any EU subscribers who have not given consent to stay on your list.
  • You can only send the type of email your EU subscriber has agreed to receive (i.e. discounts and coupons, how-to posts, etc.). Nothing else.
  • You must honor any requests to be removed from your list, to edit (or delete) their information, and other requests as stated in the GDPR.
  • The GDPR regulation is to protect website visitors located within the EU. This means EU residents; your sister on vacation in Paris, but lives in New Mexico; possibly even EU residents who are visiting Florida; etc.
  • Be aware that everyone (including companies located within the U.S.) is required to comply, because you may have people who live (or just happen to be in the EU) who visit your website, comment on a post, etc. You may be thinking, “I don’t have clients outside of the U.S., why do I need to worry about this?” You can’t control who visits your website (not without some advanced knowledge of how to do so, IF you really want to do this). So, you (just like all other businesses) are required to comply. Remember, just by the simple act of visiting your website, you are collecting information (think Google Analytics, Facebook Pixel, IP addresses, etc.).
  • Companies located within the EU, even if all their clients are U.S.-based (as an example) must also comply. The GDPR was set up to protect all information going in and out of the EU and they clearly state, everyone should comply (EU located or not).

Where to Start

We know…it’s a lot and can sound pretty overwhelming. We were overwhelmed, too. Good news is, you don’t have to lose sleep over getting your website and/or business compliant. Yes, it’s important, but if you are actively working on getting your GDPR ducks in a row and don’t just blow this off, you should be ok. It’s important to note, each individual can weigh the risks (working on compliance or not) on their own. We are only the messengers and are here to help and provide information.

The basics that most businesses will probably need to update on their websites are:

  • Updating your privacy policy to be GDPR compliant.
  • Updating or adding a cookie policy (with some type of banner/pop-up notification).
  • Providing a link to your privacy policy wherever you collect any type of information. This means every opt-in area, every form (i.e. a contact form), your shop, shop checkout, and any other place you may collect information of some sort.
  • Providing a way (at the point where you collect an email address for your opt-in) for your online visitors to choose to be added to your list or not (and more). We know this one may leave you scratching your head. This means, if you offer some sort of freebie, you must have a checkbox that asks people if they also want to be added to your list (in case they only want the freebie and don’t want to be on your list.)

Take it in baby steps as we did so it’s not so scary:

  1. Make a list of all of the ways you are tracking, collecting, processing, or storing data (i.e. your data processors: Google Analytics, PayPal, your excel spreadsheet, your project management software – everything). You need to know who the processors are and verify if they are also compliant.
  2. Update your policies (privacy, cookie, and possibly your terms).
  3. Sort out your EU subscribers.
  4. Update your website and opt-in process. Add a blurb below each of your forms linking to your Privacy Policy that people can easily find and access.
  5. Add a Cookie banner the people can see and accept, link to your Cookie and/or Privacy policies.
  6. Email your EU subscribers for re-consent and to find out what type of emails they want to receive from you (i.e. sales info, info about new services, your reading list, etc.). Then, only send them those types of emails. Remove them from your list if they asked to be removed.
  7. Review the information in the links below for more possible steps.

gdpr Resources:

During our quest to understand more about this regulation, we came across a lot of great resources. In the list below, you’ll find people who can (1) give you ALL of the details, (2) provide even more information about things covered (and not covered) in this post, and (3) help you get it all done.

What & Why (Details by the Experts):

Get Help with Compliance (tools and info):

Once you get your policies squared away, we can help implement them on your website. Check out our GDPR Website Compliance Starter Package for details.

Remember, our list of “things to do” is not inclusive of every possible business, website and/or scenario and is not meant to help you become fully compliant with the GDPR. In fact, the regulations set within the GPDR may change as (1) the regulation is updated, (2) services you use may become non-compliant, (3) your record-keeping process changes, and (4) you experience changes within your business. We suggest you consult a legal professional (who is savvy in GDPR) to help you sort it all out.

A BIG thank you to the amazing resources mentioned above for helping us all understand this a little better.

If you have other great resources, please share below. Or, tell us about your experience with getting your own business complaint.

We’d love to hear from you!

About Janet

Hi there! I’m Janet Hoover, designer, code techie, dog lover and co-founder of The Essential Website. Our big thing is helping people bring their online visions to life more beautifully, polished and smarter! We create custom-crafted, hand-coded WordPress websites for biz-builders, action-takers and dreamers who are ready to GROW and shine online! We’re here to help you stop dreaming and start doing with the perfect online solution for your one-of-a-kind biz.


  1. Radhika on May 24, 2018 at 2:54 pm

    Thank you! This is a really helpful and easy-to-understand post on a very complicated topic.

    • Stefani and Janet on May 24, 2018 at 2:58 pm

      Thank you, Radhika! We’re so glad it was helpful! This topic is NOT fun! 🙂

Leave a Comment