Are you GDPR compliant? [here's what you need to know] - Liz Theresa
Become the star you know you are.
High-End Web & Marketing Services

Are you GDPR compliant? [here’s what you need to know]

I may receive a commission if you purchase something mentioned in this post. Read the disclaimer for more info.

If you opened this, it’s super likely you’ve been seeing the Chicken-Little-esque, “sky is falling!” panic that’s swept through the entrepreneurial community over something called GDPR.

GDPR is an acronym that stands for General Data Protection Regulation – a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area that applies to any business that collects the data of anyone in the EU. It goes into effect TOMORROW – on May 25, 2018.

Most of you guys are US-based businesses like me, but because you do business online – and I would be willing to say – most or all of you collect data on your web visitors at least via Google Analytics, and/or a contact / optin form – so yes, this applies to you.

I’ve done some research and have sourced the bulk of my findings from my friend Bobby Klinck, an Intellectual Property Attorney who specializes in working with entrepreneurs just like you! You might recognize him from Episode 60 of the Liz on Biz podcast “Legal 101 for Entrepreneurs.”


FYI – playing dumb is not an option. Saying your ‘web person’ is responsible for this is also not true. If you’re the person who owns your domain and hosting, then YOU’RE the one responsible for anything that happens on your website. So listen up – because there are huge fines and fees that can be levvied if you do not comply.

Step 1 – Even though GDPR is going into effect tomorrow, you’re likely not that late to the party if you’re only just thinking about it right now.

In this case, I highly recommend adding language to your homepage or wherever the bulk of your traffic is going that reflects you’re aware of GDPR, that you take privacy seriously, and that you are in the process of taking steps to make your policies GDPR compliant. Doing this will at least show you’re taking GDPR seriously and will reduce the likelihood of “getting into trouble.”

(Honestly, the reason it took me so long to email you is because I’ve had to do my due-diligence of sorting good information from bad information.)

Step 2 – Update Your Terms of Use, Privacy Policy, and Disclaimer

You’re absolutely required to make sure you’re fully disclosing the necessary stuff on these different pages of your website. And Bobby has created templates *for you* in an amazing forms package that I sincerely trust, am an affiliate for (I don’t ever email my list about an affiliate situation unless I think it’s of the utmost importance btw), and highly recommend getting this when it comes to proper disclosures. It’s only $150 to get Bobby’s Website Forms Package – an incredible value when you compare doing that to hiring an attorney to write high-quality terms for you.

If you skip out on Bobby’s Website Forms Package, I assume you will be updating your website forms by consulting an attorney you already know and trust.

Step 3 – Revise your opt-in forms via your email marketing platform to be GDPR-compliant.

Most email marketing platforms have different compliance features already enabled for your ease of use. Something you should do, off the bat, is revise your opt-in process to require a double-optin from anyone in the EU. For GDPR guidance for each email marketing platform, check out the handy links below which covers the platforms I know most of you use. If you have trouble finding guidance here, hit reply and I can hook you up with information.

Note that wherever people opt in or give you information, you should have a link to your Privacy Policy somewhere in plain site so you’re being transparent about what you do with people’s data. That’s why it’s important your privacy policy (along with terms and disclaimer) are up to snuff. I can’t stress enough how much you need Bobby’s Website Forms Package.

Also – be sure you’re not automatically opting in users who buy your products via the checkout or doing the same thing on a contact form somewhere on your site — you should be default-leaving the opt-in boxes there un-checked so as to not get uninformed consent inadvertently.

Step 4 – Segment anyone from the EU who has previously opted into your list and REGAIN their permission, formally. Do this as soon as you can.

This is admittedly a pain in the behind – but, hopefully your email marketing platform (most do this), has tracked the countries of the users on your list. Create a segment of the EU people who are on your list, and you have to either remove them, or email them now to require them to re-opt-in to your list. 

The urgency is that if you do NOT re-engage members of your email list who are based in the EU, you have to remove them. So avoiding this step is COSTLY – especially if you’ve garnered a following there.

You can do this – it’s a lot of work, but take the time – be compliant, be transparent, and it’ll really just take the GDPR weight of the world off your shoulders.

To start with Bobby’s Web Forms Package, click the button below.

FYI – Also, I’m not an attorney. Bobby is. So this step-by-step thing is a construct of my interpretation of the information currently out there. If you can consult someone like Bobby or want to look at working with him at a higher level, you can contact him directly on his website. I am proud to say he’s been an amazing influence on my business and I recommend him without reservation.

Wanna be a lead magnet?

It starts with using better words on your website. Improving your copy is the absolute easiest, quickest, and most cost effective way to get more clients and cash rolling in. Fill out the form below to download my FREE copywriting training and you'll also get updates from me.