• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
Just Peachy Consulting and Web Design

Just Peachy Consulting and Web Design

  • Home
  • Websites
    • Portfolio
    • Website Care
    • FAQ
  • Technology Consulting
  • Content Marketing
  • Blog
  • Contact

How GDPR Affects US Small Business Owners

May 23, 2018 by Alexandra Martines Leave a Comment

Disclaimer: This isn’t legal advice, and I’m not a lawyer.

If you’ve been reading your emails, you know there have been some big changes to online privacy laws lately. Most of this chatter is about the EU’s General Data Protection Regulation (GDPR), which goes into effect in just a matter of days on May 25, 2018.

GDPR is all about how businesses process and store the personal data of people living in EU countries. When a business collects personal data, it will have to give those people information about the data it’s collecting about them and why, where it’s stored, and for how long. GDPR requires that this information be provided in clear and easy-to-understand language. No lawyer-ese.

But I’m not in the EU and neither are my customers

I’ve spoken with a number of small business owners who think GDPR doesn’t affect them because they’re located in the US and don’t do business with people living within the EU. If you’re one of those business owners, I’ve got some news for you.

GDPR affects you and your business if your website does any of the following:

  • Use Google Analytics, the Facebook Pixel, or any other tracking software for your website’s analytics
  • Have an online shop that EU residents can make purchases from
  • Let users create accounts on your website
  • Have a contact form on your website
  • Allows users to leave comments on your website

I can’t think of a single business owner I’ve worked with whose website doesn’t include at least one, if not several, of these. If you aren’t GDPR compliant, you could be fined up to 4% of your annual revenue.

So, what should you do?

A woman working on her computer with the text How GDPR Affects US Small Business Owners

Update and Explore WordPress

You should be keeping your website up to date, but if you haven’t already updated to WordPress 4.9.6, you should do it now. This release contains all kinds of useful (and required) tools for GDPR compliance.

You’ll want to familiarize yourself with the new features in WordPress and the other tools you use either as part of or in conjunction with your website. GDPR gives EU residents the right to request a copy of all the data you’ve collected about them, so you should try out the new tools in WordPress that let you export data. You should also note any plugins that contain data that isn’t included in this export and make a plan for how you’ll get access to that data and share it.

EU residents can also request that you delete their data (aside from anything you need to run your business, like records of sales), so get familiar with the tools for that too.

You’ll need to respond to these requests within 30 days, so you may want to create a special email address (like [email protected]) and assign someone on your staff to handle requests.

Set Up a Privacy Policy or Update Your Existing One

If it doesn’t already have one, your website needs a privacy policy. Broadly, a good privacy policy should help your visitors answer the following questions:

  1. What data does this website collect about me?
  2. What does this site do with my data and why?
  3. Who does this site share my data with?
  4. How long does this site keep my data?
  5. How can I view, update, or remove the data collected about me?

Those last two questions are new additions based on GDPR’s requirements. It’s likely that your existing privacy policy doesn’t include this information, so don’t rest on your laurels just because you already have a privacy policy.

Writing a privacy policy can be tedious and it’s difficult to be sure you’ve included everything you should. If you want to DIY it, WordPress will generate a simple policy for you under Settings > Privacy and WooCommerce has a great guide on writing a privacy policy that will help you fill in any blanks. Otherwise, I highly recommend a privacy policy generator like Iubenda, which is the service I trust for my own website and my clients’ websites.

Let Your Users Know Your Site Uses Cookies

You’ve seen cookie warnings on websites before. Usually they say something like “Our site uses cookies to give you the best experience. By continuing to use our site, you agree to our use of cookies.”

If you’re not familiar with them, cookies are small pieces of information that are stored in your browser when you visit a website. For example, when you visit a website that uses Google Analytics, Google looks for a cookie that indicates you’ve been to this website before. If it doesn’t see one, it creates one for you.

If you use Google Analytics on your website, cookies are how Google tells you how many different users have visited your site. These cookies have some limitations, but that’s the broad overview.

With the new GDPR rules, you’ll need to:

  • list the cookies your site uses in your privacy policy
  • let users know that your site uses cookies the first time they come to the site and provide a link to your privacy policy
  • ask your users to positively consent to the way your site uses cookies
  • allows users to revoke cookie permission later

There are several WordPress plugins that can automate this, or at least make it easier. My favorite is Cookiebot, since it’s one of the few that works pretty much out of the box and is fully GDPR compliant.

{{Privy:Embed campaign=506201}}

(Un)check Your Checkboxes

Under GDPR, it’s not okay to pre-check checkboxes that cause visitors or customers on your site opt-in to your mailing list. Yes, this will probably diminish your list growth, but it’s not worth being on the wrong side of GDPR over it.

While you can simply provide an unchecked box that allows people to sign up to receive promotional emails from you, you’re better off adding a set of Yes/No radio buttons that users are required answer before proceeding. Studies show more people opt in to mailing lists when presented with a yes or no choice.

You can still require people to sign up for your mailing list in exchange for an eBook, coupon code, or other lead generation tool. You just need to be 100% clear about what folks are opting in to.

The Road to GDPR Compliance

Even though May 25 is just days away, GDPR compliance is a process that starts now and will continue into the future. I know it’s a bit scary, both in the scope of work to get compliant and the legal (and financial) ramifications if you aren’t.

The above resources are the biggest technical changes you’ll need to make to your business’s WordPress website, but these steps alone won’t make you GDPR compliant. Especially if you provide services to EU residents, you’ll want to consult with a trusted legal professional who’s well-versed in GDPR.

Even just starting with a plan means you can show that you’re working on compliance and not ignoring it, so don’t sleep on it!


Got GDPR questions? Not sure how to make your WordPress website compliant? Found a really useful GDPR tool? Let me know in the comments!

Filed Under: Blog

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

{{Privy:Embed campaign=474067}}

Recent Posts

When to Hire a WordPress Professional to Customize your Website

With WordPress sites running the gamut from basic blogs to massive eCommerce stores, it can be difficult to figure out when you need to hire a WordPress professional and when you can DIY it. If … Read more about When to Hire a WordPress Professional to Customize your Website

The Easiest Ways to Customize a WordPress Theme

One of the trickiest things about DIYing a website for your business is creating something that looks as gorgeous as you imagined it would. From buttons that seem to be stuck at blue when your brand … Read more about The Easiest Ways to Customize a WordPress Theme

Why Website Maintenance Matters

Just like a car, websites require maintenance to keep them working. Your car won't take you very far if you never change its oil, and your website won't take your business very far if you don't look … Read more about Why Website Maintenance Matters

Why Small Businesses Should Care About Net Neutrality

If you're reading this article right now, chances are you have Internet access at your home or work. If you have Internet access, there's about a 98% chance you've heard something about how the FCC … Read more about Why Small Businesses Should Care About Net Neutrality

Unf*ck Your Website

You know that awesome website you put together a few years ago? The one you wrote a ton of copy about yourself or your business for? The one you planned to write a blog post for every week? The one … Read more about Unf*ck Your Website

Footer

Connect

  • Facebook
  • Instagram
  • LinkedIn

Contact

(413) 376-8822
[email protected]

Quick Links

  • Cart
  • Terms
  • Privacy Policy
  • Cookie Policy
Change Cookie Consent

Keep Up

Subscribe to the latest in tech tips and web strategy.

Copyright © 2023 · Business Pro on Genesis Framework · WordPress · Log in

Request a Website Audit