Image of a settings tab on a computer

GDPR: 4 ways to get started

On May 25th, the  General Data Protection Regulation (GDPR)  went into effect, providing European Union residents insight into how their personal information is collected, stored, and used by websites. Just being located outside the EU does not relieve your company from having to comply—the regulation protects any user accessing your website from within the EU.

Under GDPR, personal data is defined as information that can be used to identify someone, directly or indirectly. This includes IP and email addresses, cookies, location data, and names. We recommend you take the following four precautionary measures, and, of course, seek legal counsel.

1. Update Google Analytics’ Data Retention settings to 50 months

Google Analytics users are now required to set the length of time user-level and event-level data is stored on its servers before that data is automatically deleted. This update will not affect aggregated data currently used in dashboards, but will affect components such as “Custom Segments” that rely on advertising user IDs, cookies, etc.

2. Update your website’s Privacy Policy to ensure it addresses the collection and use of all website and customer data 

Inform users how the information your company collects is used, who it is shared with, and how they can act on their right to be forgotten. Privacy Policy Generators, such as Iubenda’s, provide helpful tools for getting started. See this example from AdRoll for reference.

3. Add a pop-up to your website that requires user consent

We recommend intercepting new visitors with a message such as, “We use third-party cookies to improve your experience and to analyze the use of our website. If you continue, we assume that you consent to receiving all cookies on our site. For more information, click here [link to privacy policy].” HubSpot and WordPress offer out-of-the-box GDPR and pop-up plugins for this purpose.


GDPR Cookies pop-up graphic.
Example of a user consent pop-up

4. Add a disclaimer to any lead capture forms that explain the exact use of a user’s email address and contact information.

This disclaimer can be a one-liner that links to your company’s privacy policy. For example, “Opt-in now to get discounts and exclusive offers. For more information, click here [link to privacy policy].”

If you have questions about GDPR, how to ensure you’re compliant, or want help executing the steps above don’t hesitate to reach out.

Hayden Sorensen, Digital Strategy Manager, smiling while posing for the picture
Hayden Browning

Related Articles

The new rules of SEO vs. SEM in content marketing
If the Internet is a highway, search engines are the map. In the past 20 years, search engines have grown from a useful tool to an absolute necessity for navigating the Internet. Nearly 93% of…
Read More
How to Boost Brand Awareness with Instagram’s Search & Explore Feature
Instagram has exploded in popularity since its release in 2010, with an estimated 1 billion active monthly users as of July 2021, according to Statista. In response, brands are increasingly looking to Instagram to build…
Read More
Why Your Brand Should Tread Lightly on TikTok
You may be wondering if your brand should be on TikTok. As the fastest growing social media app, TikTok has over 70 million active monthly users in the US, and its user base grew 800%…
Read More
The History of Marketing in Video Games
As more people continue to cut the cord, advertisers now look towards video games as an essential outlet for engaging with their target audiences. Video games have become a leading form of media in the…
Read More