Everything You Need to Know About GDPR
We've been getting this question a lot lately…what the heck is GDPR?
Here’s what you need to know:
Does it Apply to You?
GDPR is a European regulation
It requires companies with a website to protect their visitor data.
It applies to companies who are doing business with European customers, advertising to European audiences, or tracking European audiences in your website analytics.
If you have European website visitors, it's best to follow it.
How to Follow it
There’s probably a few ways you’re collecting data:
Browsing the website
Your website company (Squarespace, Shopify, Wordpress) probably collects certain information from website visitors automatically, like the time, location, and pages visited.
2. Placing orders
You need to collect certain information (like billing and shipping) to process orders.
3. Accessing the server
Your server will collect information about the user as well.
4. Creating user accounts
You’ll need to collect personal information (email, phone) to create user accounts.
5. Contact Forms
You’ll collect information when someone completes a contact form.
6. Mobile Services
You’ll collect mobile data when people access the website on their phone, like their location.
7. Email Newsletters
You’ll collect email newsletter analytics, like whether they opened the email or clicked a link.
You’ll collect cookies like their preferences, time spent on the site, referral sources, etc.
9. Third party apps
You’ll need to list all the third parties that you use to collect this information (Google Analytics, Squarespace, Convertkit, etc)
You’ll need to list what data you’re collecting, why you’re collecting it, where you’re storing it, and how long you’re keeping it.
You’ll need to list out the visitor’s rights under GDPR and how they can contact you.
You should also include how and when you will notify them of a data breach.
Your Email Newsletter
You’ll need to:
add your contact information (name + address) to bottom of emails
ensure that recipients can unsubscribe or update their data anytime
send newsletters only to users who have specifically agreed to opt-in
Your email provider should be able to manage all of these requirements.
For example, we use ConvertKit and they can automatically tell when someone is subscribing from Europe and send them the GDPR compliant opt-in.
What to Do Next
See if GDPR applies to you.
3. Review your email newsletter to make sure you’re in compliance.
Our Downloadable Website Policies makes sure your website is legit! And GDPR compliant!
So your shipping, exchanges, and refund policies are binding on customers. And you comply with online privacy regulations to reduce legal drama.
Plus, they're affordable ($49) and simple to use.