So, GDPR, huh? 🙂 I'm thinking that you either fall into one of two camps on this.

Either you're familiar with this, or you're not.

Regardless of what camp you fall into, and regardless of if you're a small business owner, marketer, web developer or whatever, this will be one of those things that EVERYBODY will ask you what you should be doing about it.

Starting now.

First of all, GDPR (General Data Protection Regulation) is a law that goes into effect today in the European Union, but it effects most businesses in the world because there's always a chance that an EU citizen or business could provide you their user data through your website.

Having said that, some companies have done a better job than others at scrambling around to prepare for ensuring GDPR compliance on their digital presence.

I'm trying to keep this simple.

Here's my guide:

1. Audit your website. Understand exactly where user information is being collected. Regardless of what platform your website is on (WordPress, Shopify, Magento, etc.) you should audit your web presence. Where are you collecting user information? This would include anything from a "contact" / "opt-in" form to selling a product online. Look at the frontend and the backend of your website. The backend is critical. Understand what technology you're using. For example, if you have a WordPress site, are you using Gravity Forms? Contact Form 7? Ninja Forms? Mailchimp? These are all third party plug-ins that collect user data. But since you're using them, you're responsible for them. The good news is, all of these plug-ins have extensions that expand their functionality to ensure GDPR compliance (keep reading).

If your WordPress website uses WooCommerce to sell products, there are extensions and plug-ins to WooCommerce that make it GDPR compliant.

If you use Shopify, chances are, you're covered already since they have updated their privacy policy and settings, but you'll still want to read this to make sure.

2. Update your privacy policy to let users know how you're collecting their information, where it goes and what you're doing with it. Even if you're not doing business in Europe, you should likely do something like this. This is pretty simple to think through, write and add to a new page on your website or update your existing one.

3. Decide whether or not to take further action. If there's a chance that anything you learned in step 1 about how you're collecting user data puts you in a position where there's a chance that an EU company or citizen would submit their information to you, then their expectations are are going to be that you've accounted for the following basic things on your website...

  • data accessibility - On the data request page users can request access to their personal data.
  • viewable data - Make it possible for users to view their personal data
  • updateable data - Make it possible for users to update their personal data
  • downloadable data - Make it possible for users to download their personal data
  • request for removal - Make it possible for users to request for their personal data to be removed

Finally, here are another couple solid resources that elaborate on what's happening out there in various industries:

Thanks for reading, and have a great day!

Paul Hickey, Founder / CEO / Lead Strategist at Data Driven Design, LLC has created and grown businesses via digital strategy and internet marketing for more than 10 years. His sweet spot is using analytics to design and build websites and grow the audience and revenue of businesses via SEO/Blogging, Google Adwords, Bing Ads, Facebook and Instagram Ads, Social Media Content Marketing and Email Marketing. The part that he’s most passionate about is quantifying next marketing actions based on real data.