encompass blog

GDPR’s Impact on Your Business Website

GDPR’s Impact on Your Business Website

Written by enCOMPASS Agency

You've probably heard a lot lately about the upcoming European Union General Data Protection Regulation (GDPR), so we wanted to take a minute to let you know what this means for your business’ website.

What is GDPR?

On May 25th 2018, the European Union General Protection Regulation comes into effect. This regulation was created to give better data access an­­­­d protection to individuals in the EU—with a focus on consent for data collection.

Who does GDPR impact?

Any organization operating in the EU, selling into the EU, or collecting personal data on individuals in the EU falls under GDPR.

What is Considered Personal Information?

Personal information is anything that could be used to directly or indirectly identify a person or “Data Subject.” Some examples include:

  • Names
  • Photos
  • Email addresses
  • Banking details
  • Posts on social networking sites
  • Medical information
  • Computer IP addresses


What happens if you don't comply?

For organizations impacted by GDPR, there will be new regulations for how they collect, process, and store personal information. Non-compliant organizations will face penalties—including significant fines.  Companies failing to comply with GDPR will face significant fines, with the harshest possible penalty being €20 Million or 4% of the company’s annual global revenue.

What does this mean for you and your enCOMPASS-built website?

In order to mitigate risk for your company, if your website was built by enCOMPASS Agency, we will be blocking all IP addresses from the EU, which will keep you from collecting data on people in the EU.  This will mean that no one in the EU will be able to access your website, thus keeping you from needing to make major modifications to your website for GDPR.

What if I want people in the EU to be able to access my website?

If you need your website visible to the EU, then a number of things will need to be addressed and updated on your website to make you compliant with the GDPR regulations.  If you are interested in this option, please contact your account manager.

What will I need to update on my website to be compliant?

There are a number of things to consider and as with any new regulation, there are differing opinions on how to best implement compliance.  We suggest discussing with your legal counsel, but based on our research, here is a list of things that should be addressed:

Privacy Policy

Your privacy policy needs to be written clearly and explain how you are capturing data, where you are storing it, how long you intend to keep it for, how people can view the information you have stored and finally, how they might go about having their data removed from your systems.

SSL Certificate

You should already have this on your site for SEO purposes, but if you do not, it is important for GDPR compliance to give your users the peace of mind that your site is secure.

Notification that your site uses Cookies, Marketing Tracking Pixels, Google Analytics and Social Media retargeting pixels.

If you are using any marketing pixels or tools, which you should be, you will need to notify users that your site is using these to collect data.  This will not only need to be outlined in your privacy policy on what you are collecting and what the data is being used for, but many sources are reporting that your site needs to include a browser bar or pop-up notifying users of any tracking before they are allowed to view your website.  It’s also suggested to explain in your privacy policy how users can opt-out of cookie tracking in their browser’s privacy settings.

Contact Forms

Forms on your website must no longer include pre-checked boxes. The user must manually check the box and agree to you collecting their data.  Implied consent is prohibited under GDPR. 

Users will need to be able to provide separate consent for different types of processing. For instance, an option to be contacted by chat, email, or telephone will need to be three separate check  boxes.

Opt-Out must be simple and accessible

The process for a user to remove their data from your system must as simple as it was for them to add it in the first place, and it needs to be clear in your forms and privacy policy that users have the right to withdraw their consent. 

Social Media Marketing Notification

If you’re planning on using email addresses to build lists for social media advertising, you will need to tell your users about this. They will need to opt in to the social media marketing (as a granular check box) and, also be offered the option to opt out as well.

Chat and Email Marketing

These systems almost always store data. Make sure that whatever platforms/vendors you are using for chat and/or email marketing are GDPR compliant.  Be sure they have GDPR in their privacy policy, and make sure your privacy policy links to it.

Online Payments

If you run an online e-commerce store, you are likely collecting the user’s information before you pass them on to your payment gateway.  You will need to update your privacy policy to explain how you are collecting this data and what you are using it for.  You will also want to remove any data after a reasonable period.  The GDPR legislation does not specify the number of days that is “reasonable” but you’ll need to be prepared to provide the details you have for any user who requests it and remove the data upon their request as well.

What if enCOMPASS did not build my website?

We highly recommend communicating with your website company to determine what they are doing with regards to GDPR.  The fines for non-compliance are substantial and should be considered when making a decision on how your company should respond to the new GDPR standards.

What else do I need to know about GDPR?

Every organization is different, you can only ensure compliance by consulting your legal counsel.  You can learn more about GDRP here: https://www.eugdpr.org/key-changes.html.

The digital world is always changing! As your valued and trusted partner, we are relentlessly keeping ourselves updated on the latest developments to keep you at the forefront of digital marketing, and in this specific instance – to keep you protected from potential threats to your business.  As always, we are here to help, so please call us with any questions.