4 Changes You Need to Make Now to Comply With the EU's Tough New Data Law

Non-compliance can lead to hefty fines whether your company is based in the European Union or not.

learn more about Peter Banerjea

By Peter Banerjea

PeopleImages | Getty Images

Opinions expressed by Entrepreneur contributors are their own.

You have probably heard about the European Union's (EU) General Data Protection Regulation (GDPR) Rules. Even if your company isn't based in the EU, these regulations will apply to you if you collect any information from people located in the EU.

If you are collecting information about your website visitors through a form, or even through cookies, you will need to adhere to these regulations, which go into effect on May 25, 2018. Non-compliance can subject you to fines of at least 20 million euros.

What exactly does GDPR entail, and exactly how do you stay compliant?

Related: Facebook's Data Scandal and Europe's New Data Privacy Rule Have Massive Implications for U.S. Entrepreneurs

This is a question nearly every business is asking right now. In this article, I will mention the key actions that we have been recommending to our clients as a content marketing agency. However, I am not a lawyer or a data privacy expert, and my input should be viewed as marketing recommendations only and not legal advice.

1. Opt-in forms.

GDPR regulations begin to apply the moment you collect any data from your visitors through a form -- whether it's to make a purchase or just download a whitepaper.

The two key principles to follow are consent and transparency. You need explicit consent for collecting data. When someone makes a purchase from your website or even downloads an ebook, you can't just add them to your email list and send them newsletters or promotional emails without explicit consent. If you keep a checkbox asking them for permission, make sure that it's not checked by default. That amounts to GDPR violation.

You must also explain exactly why you are collecting each piece of information, such as a phone number or an address, and how you will use that data. That's why it's a good idea to ask for as few data fields as possible. Avoid asking for phone numbers, addresses and other personal information, unless you absolutely need to.

Your forms should also have links to your Privacy Policy and Terms of Service and checkboxes so that people can indicate that they have read them.

Hubspot, Mailchimp, Elegant Themes and most lead generation and website tool companies are all rolling out features that help you to stay GDPR compliant, so implementing this will not be difficult.

Related: Facebook's Answer to E.U. Privacy Law: Accept Data Collection and Ads, or Don't Use Facebook

2. Privacy policy.

You might have recently received privacy policy updates from several tools you use or blogs you subscribe to. That's because GDPR also requires us to update our Privacy Policies. Here are the most important highlights of what it must contain:

  • A detailed explanation of who you are and specifically name who else will have access to the data -- such as your partner companies.
  • What you will use the data for and how long you will store it.
  • How people can download full records of any data you have on them as well as how they can delete all their data from your database if they wish, in line with the EU's "right to be forgotten."
  • How you will inform users in case there is a breach of data. GDPR mandates that any breach must be disclosed within 72 hours.

3. Use of cookies.

Cookies have become inseparable from marketing. They are used to analyze visitor demographics, provide personalized web experiences, run retargeting-based ads and even for A/B testing. All of these activities will be affected because cookies that collect "personal information" fall under the purview of GDPR.

You would have noticed a bar that says "this website uses cookies" whenever you have visited a European website. However, simply informing people that your site uses cookies isn't going to be enough under GDPR. You need explicit consent.

You will need a checkbox or a radio button that allows people to choose if they want to be tracked though cookies or not. What's more, even if they accept, they can change their minds and ask for their data to be deleted.

4. Data protection officer.

Implementing GDPR and remaining compliant can be challenging, especially if you collect, process and transfer large volumes of complex personal data. GDPR actually mandates that some companies would have to hire a Data Protection Officer who would oversee the entire process. This role would involve several tasks such as ensuring that the organization remains in compliance of GDPR and cooperating with the supervisory authority when necessary.

A study by The International Association of Privacy Professionals (IAPP) estimates that 75,000 DPO positions will have to be created across the globe for companies to stay GDPR-compliant.

Related: This is How Ecommerce Companies Can Protect Customer Data


There are typically two reactions to GDPR. People think it's cumbersome and say it will take away the power of marketers to acquire more leads. Both are true to a certain extent, but if you can't generate more revenue by using retargeting through cookies, your competitors can't either. Moreover, marketers are already innovating with approaches such as using macro data to create more relevant advertising, so no -- this is certainly not the death of marketing as we know it.

Despite the seeming cumbersomeness, it's important to remember that GDPR will lead to the creation of a more secure internet where the privacy of individuals is protected, including your own. That's an excellent reason to support it.

Peter Banerjea

Co-Founder, Startup Voyager

Peter Banerjea is co-founder of Startup Voyager, a content marketing agency. He helps companies acquire customers through organic traffic and build their online brands. He has an MBA in Marketing and Finance. Banerjea was formerly a senior analyst for an investment bank.

Related Topics

Editor's Pick

Everyone Wants to Get Close to Their Favorite Artist. Here's the Technology Making It a Reality — But Better.
The Highest-Paid, Highest-Profile People in Every Field Know This Communication Strategy
After Early Rejection From Publishers, This Author Self-Published Her Book and Sold More Than 500,000 Copies. Here's How She Did It.
Having Trouble Speaking Up in Meetings? Try This Strategy.
He Names Brands for Amazon, Meta and Forever 21, and Says This Is the Big Blank Space in the Naming Game

How to Detect a Liar in Seconds Using Nonverbal Communication

There are many ways to understand if someone is not honest with you. The following signs do not even require words and are all nonverbal queues.

Business News

Gen Z Loves the Toyota Camry. Here's What Car Brands Boomers Love Most

S&P Global Mobility provides data on what types of each age group likes the most, based on car registration.

Business News

These Are the Most and Least Affordable Places to Retire in The U.S.

The Northeast and West Coast are the least affordable, while areas in the Mountain State region tend to be ideal for retirees on a budget.

Business News

American Airlines Sued After Teen Dies of Heart Attack Onboard Flight to Miami

Kevin Greenridge was traveling from Honduras to Miami on June 4, 2022, on AA Flight 614 when he went into cardiac arrest and became unconscious mid-flight.