First, I have to say that I am a lawyer, but this article is not legal advice. I am here to explain GDPR and help you navigate if GDPR applies to you and your website. My goal is to help you decide what steps if any, you may need to take on your website. I am all about practical solutions. If you are a large website that deals with collecting or processing vast amounts of personal data a GDPR specialist is necessary. If you are an online business in the United States and you aren’t sure where to start, keep reading.

What is GDPR and why is everyone taking it?

GDPR stands for General Data Protection Regulation and is a law passed in the EU to unify the Data Privacy laws across the region. This law was adopted by the EU parliament April 2016 and takes effect May 25, 2018. You may ask, why am I just hearing about this? First, large companies have been dealing with this through their regulatory and compliance departments or agencies. But, for online entrepreneurs…a lot of us don’t have compliance or regulatory departments! So the information gets to you when the news get’s to it. In the US a few factors have brought this into the conversation. First; the Cambridge Analytica Scandal. You know where like 87 million people had their personal information shared and stored without their knowledge? Second,  the Facebook Congressional hearings and Third the deadline for GDPR compliance is approaching. I am here to make the complicated a little more accessible.

Does GDPR apply to me?

Yes if you collect, store or process personal data; AND

  • Are located in an EU member country, or
  • You primarily conduct business in an EU member country; or
  • You target residents of an EU country; or
  • You accept the currency of an EU country; or
  • You ship to an EU country

What is considered Personal Data under GDPR?

   The GDPR expands the definition of personal data from more traditional uses. It is not just data that relates to an identified or identifiable person. It includes all information that can be used to identify a person such as IP addresses, cookie strings, social media posts and shares, online contacts and mobile device IDs.

What do I need to do to make sure my website is compliant?

The answer here is tougher because it depends on what information your site collects. If you have an understanding of the type of personal information you collect, then you can look through the information provided here and decide what you need to do. This includes (at a minimum) providing an opt-in, providing a clear privacy policy and making sure that if people opt-out you are not storing their information. That said if you site processes or collects large amounts of personal data you need to work with a GDPR specialist. But I do have some tips and resources for you to apply as appropriate to your situation.

  • Website Privacy Policy – You have to have a good website privacy policy!! If you do not have one yet you can purchase a privacy policy from me. If you already have a privacy policy be sure it includes the following
    • A clear and easy to understand explanation of what information your site collects and tracks and what you do with that information.
    • You can also list the privacy policies of the services you use, I have included this in my Website Privacy Policy Supplement which you can receive by signing up below.
    • A way for visitors to block tracking
  • Notification – This can be in the footer of your website that your site uses tracking data. See this example from Facebook or you can receive my  US Privacy Policy Supplement below!
    • Facebook Example “We use technologies, such as cookies, to customize content and advertising, to provide social media features and to analyze traffic to the site. We also share information about your use of our site with our trusted social media, advertising and analytics partners. [See details – link to your privacy policy.]”  
  • Consent or Opt-In – The current practice in the US is to state in the website Terms of Use and Privacy Policy that your use of the website is consent to the policies and that if you don’t consent you should discontinue use.  This isn’t enough for GDPR.

What comes next?

Even if your site isn’t required to comply with GDPR it is likely that all of the tracking services (think Facebook and Google) will start to require some type of disclosure on your website as a condition of their use. They will do this by updating their own policies and terms of use. At the end of the day having consistent standards for disclosures of data tracking is the way we are going. It’s easier to start heading that direction now and to show your community and customers that you care about their data and are going above and beyond what is required (because eventually, that will be the standard). I have updated my own privacy policy to include the information provided in the supplement (which you can receive down below), but my site is not under GDPR and at this point, I am choosing not to use the affirmative Opt-In methods, but that could change!

Want to be the first to know about changes that affect online business? Be sure to sign up for my e-mail list so I can help keep your online business protected so you can focus on the important stuff!

Want to test your tolerance for legal writing? Check out the actual legislation here.

Are you a small business owner with a website? Have you heard of GDRP but have no idea what it means or if it applies to you? Click through to learn more about this!!

At a Glance

Does GDPR apply to me?

Yes if you collect, store or process personal data; AND

  • Are located in an EU member country, or
  • You primarily conduct business in an EU member country; or
  • You target residents of an EU country; or
  • You accept the currency of an EU country; or
  • You ship to an EU country

Check out my video explaining GDPR!

Emily D. Baker, Esq.

Emily D. Baker, Esq.

Badass Lawyer for Online Business

Emily has been running business for 15 years and has ove 13 years of legal experience. She spent 10 years at the Los Angeles County District attorney's office where she truly learned to be a solopreneur. Emily has built her consulting and speaking business from the ground up, in her garage jamming out to 90's music. She specializes in no BS practical advice for the starting and scaling online entreprenur. Emily will tell you what the business gurus can't in a way that is both hillarious and empowering.

Contact Emily

12 + 1 =

Pin It on Pinterest