Updated December 2, 2021

Digital Marketing Graphic

What does the GDPR Mean For You If You’re a Small Business in the United States?

The European Union’s new General Data Protection Act, which went into effect on May 25, 2018, has been the topic of much discussion since its exact implications still remain unclear. If you run small businesses located in the US, the GDPR will have a minimal impact on how you run your website. However, it’s safer and relatively easy, to bring your website into compliance anyway. This article will demystify the implications of the GDPR, and walk you through some easy steps to comply with the regulations.

What exactly is the General Data Protection Act?

The General Data Protection Act is legislation that protects the data of citizens of the EU when this data is collected on the internet. In particular, it stipulates:

  • Websites must be clear about how collected data will be used.
  • EU citizens must be able to give explicit consent for their data to be used when asked to provide it online.
  • All EU citizens have “the right to be forgotten,” which means that they have the ability to request their data be deleted. They can also request to download their personal data from any website that has collected it.
  • Any data breaches must be reported to local authorities within 72 hours.

What does this mean for me as a small business owner in the US?

The impact of the resulting EU General Data Protection Regulations (GDPR) on small businesses in the US will likely be limited. If your small business is US-based and targets customers in the United States, the vast majority of your traffic will likely be from within the US and therefore won’t be impacted by GDPR regulations. Even if you do have traffic from the EU, it is very unlikely that a business collecting minimal data from the EU will be prosecuted under the GDPR. First offenses of the regulations will receive a warning, rather than a fine.

However, there are times when EU residents may come to your site. For instance, if you have a blog to generate traffic for your business, the blog posts may bring in EU traffic through Google. Take a look at your Google Analytics to see how much traffic your website is generating from Europe to make an informed decision about whether or not to worry about making your site compliant.

How do I become compliant with the GDPR?

  1. Check how the services you use are addressing the GDPR.

    Most of the heavy lifting for GDPR compliance will be likely done by the services you already use to run your website. Check with your web host, email campaign service, and any other service you’re utilizing to see how they’re addressing the GDPR and follow any specific instructions they have for their clients.

  2. Bring your email list into compliance.

    1. Email the subscribers of your list, and remind them that they can unsubscribe at any time.
    2. Make sure that when users provide an email on your website, they must manually check a box to consent to being added to your email list.
    3. Utilize a double-opt-in method when adding new users to your list.
  3. Update your privacy policy.

    There are many places online where you can find privacy policy templates, such as the one at Termsfeed.com. If you use WordPress, it now includes a privacy policy generator you can use. (Make sure your WordPress is updated to the latest version.)

  4. Alert your visitors to the use of cookies.

    If you use cookies on your website, create a pop-up that alerts visitors to this when they first arrive. An easy way to do this, if you use WordPress, is to install a plugin such as Cookie Consent or Cookie Notice.

Although these changes might feel like they’re having a negative impact on your site – such as decreasing the size of your mailing list – remember that these changes will most likely lead to a more engaged, more enthusiastic audience. So don’t worry too much! The GDPR regulations are an opportunity to freshen up your mailing list and implement a privacy policy, which are good practices for any website anyway.

For more information on whether your website is in compliance, contact our SEO and website experts.

Note: This article should not be considered legal advice. Contact a lawyer if you are concerned about the legal implications of the GDPR on your company.