What is GDPR and What Your Website Needs to be GDPR Compliant

What is GDPR?

The GDPR is a ruleset that defines the parameters of how data can be accessed, stored, and processed in regards to citizens of the EU. In essence, the GDPR aims to give the citizens of the EU more control over their personal data.

This comes at a crucial time for the EU, as data consumption is at an all-time-high and data breaches seem to be commonplace on the news.

Think about it. How much of your personal information is stored and collected by businesses worldwide? For most, the number is massive. Street addresses, social security numbers, credit card numbers, name and more are all collected by numerous businesses.

With the GDPR, not only do organizations need to collect personal data under legally strict conditions, but they must also safely store this data in a way that prevents exploitation and hacking.

The GDPR sets to consolidate all of the EU’s existing regulatory privacy bodies into one core group that issues compliance requests across the entirety of the EU.

Who Does GDPR Apply To?

The GDPR rules now apply to all businesses operating within the EU or any business that offers goods or services to businesses or consumers in the EU.

Essentially, all major companies need to be GDPR compliant.

Break it Down: What Does GDPR Want From Me?

Before we answer this, it’s important to talk about what qualifies as data.

What is “Data”?

As far as the GDPR is concerned, data is anything that can be used to directly or indirectly identify a person.

With such a broad definition, data (in the eyes of the GDPR,) is almost everything. Photos, names, addresses, social security information, bank details, social media posts, IP addresses, and more.

Sensitive data is also included in this, which includes race, political opinions, religious beliefs, health, sex-life, and more.

As far as your business is concerned, the GDPR has some direct implications for your day-to-day process. Here are some of the immediate things that the GDPR calls for.


The GDPR attempts to fix issues surrounding complex TOS. Any TOS that contains too much legalese or is too convoluted is a direct violation of the GDPR. All information in the TOS should be presented thoughtfully but concisely.

The Data Protection Officers

This one is a little more complex. The GDPR requires organizations that employ over 250 people or that “process over 5,000 data subjects during a 12-month period” (this definition is still being tweaked – don’t panic) to employ a Data Protection Officer (DPO) to oversee data security and prevent its misuse.

Limit Access

The GDPR also, in simple terms, says that you must limit the consumption of user data to a necessity. In other words, only process the data you absolutely need.

So, What’s the Stick?

Current punishment is financial. We aren’t talking pennies here; the GDPR penalties are as high as 4% of total annual global revenue.

What Do I Need to Add to My Website?

Let’s go over a quick-list of must-haves and a few should-haves.

Privacy Policy

There is an entirely new framework for your privacy policy (which if you don’t already have a privacy policy – you need one) so the verbiage on the policy will need to be reworked.

Contact Forms

While many websites are now using “pop-up” explanations for any data collection activity (such as “we are collecting your address so that we can send you some mail!”), we haven’t seen the necessity of this come into play yet. It is, however, necessary to add a tick-box next to your contact us form with your TOS and if they agree to be contacted.

You will need a second tick box if they want to be sent additional marketing information.

Note: Email, Phone, Text, Skype or any other communication needs this tick-box, and all communication types require separate tick-boxes.

Email Marketing

While email marketing may be a “classic” in terms of inbound marketing, the current GDPR rules are going to change some of its functioning.

Automatic-unsubscribe is probably in the future as well as some changes to whom you can send emails to.

Make sure they have opted-in to receive emails before you send them one (really, you should be doing this anyway.)

Right to be Forgotten

This one is a little strange. Webmasters now need to add some way to send a “right to be forgotten” request. Customers now have the right to be forgotten meaning that they can have you wipe all of their data from your database.

How I Can Help

As you can see, the GDPR is a lot to digest. There are complexities and nuances to the new data ruleset that need to be followed, and the penalties for not doing so are undoubtedly harsh.

If you need help navigating the complexities of this terrain, contact me. I’m a website designer, marketer, and SEO guru who can help you down this new road.

Need help branding? I got you. Need help getting GDPR compliant? No problem! Need help designing a website? I’m your girl. Need help running an inbound marketing campaign that’s growth-driven? I’ll do that too!

You name it; I’ll help you do it. Contact me if you are looking for someone to help get GDPR compliant or if you have any questions about, well, anything.