Everything You Need to Know About GDPR

Let's Talk About GDPR

 We've been getting this question a lot lately…what the heck is GDPR?

GDPR requires that you have a Website Privacy Policy that protects user data.

Here’s what you need to know:


Does it Apply to You?

GDPR is a European regulation

It requires companies with a website to protect their visitor data.

It applies to companies who are doing business with European customers, advertising to European audiences, or tracking European audiences in your website analytics.

If you have European website visitors, it's best to follow it.


How to Follow it

You need a Website Privacy Policy that tells visitors what you're doing with data.

There’s probably a few ways you’re collecting data:

  1. Browsing the website

Your website company (Squarespace, Shopify, Wordpress) probably collects certain information from website visitors automatically, like the time, location, and pages visited.

2. Placing orders

You need to collect certain information (like billing and shipping) to process orders.

3. Accessing the server

Your server will collect information about the user as well.

4. Creating user accounts

You’ll need to collect personal information (email, phone) to create user accounts.

5. Contact Forms

You’ll collect information when someone completes a contact form.

6. Mobile Services

You’ll collect mobile data when people access the website on their phone, like their location.

7. Email Newsletters

You’ll collect email newsletter analytics, like whether they opened the email or clicked a link.

8. Cookies

You’ll collect cookies like their preferences, time spent on the site, referral sources, etc.

9. Third party apps

You’ll need to list all the third parties that you use to collect this information (Google Analytics, Squarespace, Convertkit, etc)

Your Website Privacy Policy

You’ll need a Website Privacy Policy that is compliant with GDPR.

You’ll need to list what data you’re collecting, why you’re collecting it, where you’re storing it, and how long you’re keeping it.

You’ll need to list out the visitor’s rights under GDPR and how they can contact you.

You should also include how and when you will notify them of a data breach.

Your Email Newsletter

You’ll need to:

  • add your contact information (name + address) to bottom of emails

  • ensure that recipients can unsubscribe or update their data anytime

  • send newsletters only to users who have specifically agreed to opt-in

Your email provider should be able to manage all of these requirements.

For example, we use ConvertKit and they can automatically tell when someone is subscribing from Europe and send them the GDPR compliant opt-in.


What to Do Next

  1. See if GDPR applies to you.

  2. Have a website privacy policy that meets GDPR regulations.

3. Review your email newsletter to make sure you’re in compliance.

See our Website Policies

Our Downloadable Website Policies makes sure your website is legit! And GDPR compliant!

So your shipping, exchanges, and refund policies are binding on customers. And you comply with online privacy regulations to reduce legal drama.

Plus, they're affordable ($49) and simple to use.

Nicole SwartzContracts