What you need to know about GDPR for your US Website

In May of 2018 the EU instantiated a regulation on websites called the GDPR and was the greatest change in to European data security in the last two decades. These new regulations enforce stronger consumer consent and security practices, with a penalty of high fines.


Why does this effect my site? I only do business in the U.S…

EU-based companies and multinational corporations should already have taken the proper actions to comply with the GDPR. However, many U.S. based companies still have not heard of these regulations and therefore have not implemented the required compliancy changes. U.S. companies that have no direct business in the European Union still have a web presence in those nations. They may market their products over the web or run tracking analytics on their sites, both reaching and gathering data from European consumers. Therefore according to regulations set in GDPR Article 3: If you collect personal data or behavioral tracking information from someone in an EU country, your website is subject to GDPR compliancy and must adhere to its regulations. This essentially means any website with an online presence should adhere to this law as a precaution, especially those with analytics plugins and marketing campaigns.

The GDPR does not apply to Europeans that Google a U.S website that is specifically geared towards US businesses and consumers. However, websites that have region specific domain extensions, marketing campaigns, or site language changes will be upheld to GDPR standards.

Therefore U.S.-based hospitality, travel, software services and e-commerce companies will certainly have to take a closer look at their online marketing practices. [1]


How do I make my site GDPR compliant? First Steps..

Marketing and Contact Forms

For US companies targeting ads at EU consumers you will need to adjust online marketing forms to explicitly obtain consumer consent. Consent must be given “freely given, specific, informed, and unambiguous” according to the GDPR.


Contact Form fields must also be given descriptions as to why you are requesting their email, phone number, etc. With an additional tick mark for accepting email marketing campaigns upon submission.


Privacy Policy

While privacy policies were not a priority for many websites they are now a must. You should include a link to your policy on your website, often the footer, to detail how your website users consumer data. The ICO have provided a sample privacy notice framework here.


Once contact form verbiage and a privacy policy are set up, you can further your GDPR compliance by following these steps here.


For questions about GDPR compliance, contact one of our experts today!