You may have heard some frantic rumblings recently about “GDPR” and “GDPR compliance,” or you may recall being overwhelmed with emails from companies saying they’ve updated their privacy policies. Those emails are landing in your in-box because of GDPR.

GDPR emailsThis screenshot shows five emails I got in a row just before the law went into effect – four are about GDPR and privacy policies.

Have no fear. The team at Bald Guy Studio, while we are not lawyers and cannot provide any legal advice, is here to help.

GDPR stands for General Data Protection Regulation, a law in the European Union (EU) that took effect on May 25, 2018. This law was created to give citizens in the EU more control over how organizations and websites use and store their personal data. In this case, “personal data” includes even the most basic info on a contact form, like your name and email address.

Okay, so there’s a new law in Europe. Why should we care? 

Simple: this is the strongest online privacy law to date, and it affects all of us.

If your website has visitors from the EU, you must be compliant.

So you don’t think you have EU traffic? Take a look at your Google Analytics visitor map … that’s mine above. It covers 90 recent days and for some reason, I had 40 visits from France.

(If you aren’t running Google Analytics, you should be!) And it’s entirely possible you’re getting traffic from the EU whether you’re aware of it or not.

Complying with this law also ensures that you are taking care of your customers and their information, so even though it’s a hassle, it’s a good idea.

You can read more about GDPR and how it will specifically affect your website and your marketing efforts here. This is a super thorough post from the good folks at Social Media Examiner.

Here are some very common areas of concern for marketers from the post above:

If you use Google Analytics, you may be collecting user ID/hashed personal data, IP addresses, cookies, or behavior profiling. To be GDPR-compliant while using Google Analytics, either 1) anonymize the data before storage and processing begin, or 2) add an overlay to the site that gives notice of the use of cookies and asks for the user’s permission prior to entering the site.

Retargeting Ads and Tracking Pixels
If your website uses remarketing ads, including the Facebook pixel, inform website visitors of this immediately when they enter your site and obtain informed consent.

Email Opt-In
On the subscription form, have a checkbox for the visitor to consent to everything they’re about to subscribe to. If your newsletter uses tracking pixels to see when they open it, put a visible disclaimer before they subscribe. Verify if your email service provider offers GDPR tools.

Other areas of concern include affiliate links, display ads, contact forms and blog post comments. That’s a lot, right?

A few things you will definitely need to do: update your privacy policy and make sure it’s clearly visible on every page of your website (we suggest linking to it from your website footer), add or update your cookie policy, and make sure that you update your contact forms and email marketing to be GDPR compliant.

But the law went into effect May 25, 2018! Shouldn’t I be freaking out?!

Again, we are not able to provide legal advice, but borrowing from the Social Media Examiner post above:

“Whether you’re ready or not, GDPR [went into] effect on May 25, 2018. If your website [was] not compliant before then, don’t panic. Just continue to work towards compliance and get it done asap.

The likelihood of you getting a fine the day after this rule goes in effect are pretty close to zero because the European Union’s website states that first you’ll get a warning, then a reprimand, and fines are the last step if you fail to comply and knowingly ignore the law.

The EU is not out to get you. They’re doing this to protect user’s data and restore people’s trust in online businesses. As the world goes digital, we need these standards. With the recent data breaches of large companies, it’s important that these standards are adapted globally.”

Bald Guy Studio can help.

If this is all gibberish to you or if you don’t have the bandwidth to deal with it, don’t worry. Bald Guy Studio can work with you to update your website, including your privacy policy and email marketing.

We don’t think this is cause to – as the British would say – “get your knickers in a twist,” but it’s something we should all take seriously and begin to address ASAP. My colleague, Mike Allton, said in his FB exchanges with me: “… be careful starting now.”

So, if you need help with your GDPR compliance efforts, KEEP CALM & HIRE THE BALD GUY.

There is a lot of confusion and some anger about EU overreach, but the law is here now, and who knows what version of it may come to the rest of the world, including the US?

Let me know what you think in a comment below.