Technology / 07.17.2018

GDPR: 4 ways to get started

On May 25th, the  General Data Protection Regulation (GDPR)  went into effect, providing European Union residents insight into how their personal information is collected, stored, and used by websites. Just being located outside the EU does not relieve your company from having to comply—the regulation protects any user accessing your website from within the EU.

Under GDPR, personal data is defined as information that can be used to identify someone, directly or indirectly. This includes IP and email addresses, cookies, location data, and names. We recommend you take the following four precautionary measures, and, of course, seek legal counsel.

1. Update Google Analytics’ Data Retention settings to 50 months

Google Analytics users are now required to set the length of time user-level and event-level data is stored on its servers before that data is automatically deleted. This update will not affect aggregated data currently used in dashboards, but will affect components such as “Custom Segments” that rely on advertising user IDs, cookies, etc.

2. Update your website’s Privacy Policy to ensure it addresses the collection and use of all website and customer data 

Inform users how the information your company collects is used, who it is shared with, and how they can act on their right to be forgotten. Privacy Policy Generators, such as Iubenda’s, provide helpful tools for getting started. See this example from AdRoll for reference.

3. Add a pop-up to your website that requires user consent

We recommend intercepting new visitors with a message such as, “We use third-party cookies to improve your experience and to analyze the use of our website. If you continue, we assume that you consent to receiving all cookies on our site. For more information, click here [link to privacy policy].” HubSpot and WordPress offer out-of-the-box GDPR and pop-up plugins for this purpose.


GDPR Cookies pop-up graphic.
Example of a user consent pop-up

4. Add a disclaimer to any lead capture forms that explain the exact use of a user’s email address and contact information.

This disclaimer can be a one-liner that links to your company’s privacy policy. For example, “Opt-in now to get discounts and exclusive offers. For more information, click here [link to privacy policy].”

If you have questions about GDPR, how to ensure you’re compliant, or want help executing the steps above don’t hesitate to reach out.

Hayden Sorensen

Related Articles

Why SSL is a marketing must
When Google updates its security protocol on June 30th, users will begin see a change to the URL bar based on whether or not their site is SSL certified on Google Chrome, the web’s most…
Read More
Is my job robot proof?
Intriguing as it is to imagine a world where artificial intelligence is so advanced we can be fooled into believing a robot is physically and emotionally human, I know I probably won’t live long enough…
Read More
A plea against push notifications
Push notifications are part of the zeitgeist; a quick image search for ‘notifications shirt’ proves that. It has become clear to me that these well-intentioned distractions are less about keeping me ‘in the loop’, and…
Read More
Reduce your tech stack to improve viability
Bob Dylan wrote “The times they are a changin” more than 50 years ago. People have listened to it on vinyl, cassette, CD, iPod, and streaming—same song, new delivery system—accepting these changes without question. Few…
Read More