Sign up for our Newsletter:

GDPR Compliance and Best Practices


    It’s 2018 and therefore, if you have a website, you are very likely to be collecting personal data in order to better serve your visitors/customers. However, because privacy data was abused, there is a new law called General Data Protection Regulation (GDPR) that goes into effect on May 25, 2018. This law requires all websites that collect data (so, all websites) to have a GDPR compliant privacy policy, to gather consent when collecting data and to ensure their third-party vendors are compliant as well. It’s a lot to stomach, so, to help you prepare for these changes, FootSteps Marketing is providing you with an FAQ page and steps to get GDPR comply, and a few tips to help you prepare for GDPR.

    Three suggested steps to get you started:

    • Add a Privacy Policy to your website. We’ve created a simple form that will auto-generate a privacy policy for FootSteps Marketing website clients. You can fill out a form, asking what info you collect, and we will generate a simple privacy policy and post it to your site on your behalf for free (if submitted on or before May 31, 2018). If you already have one, you should review the terms to make sure it complies with the expanded requirements under GDPR. If you don’t have one, either use our privacy policy generator or visit a trusted legal source that you can utilize as part of your process to become GDPR compliant.
    • Inform your visitors and get their consent. Whenever you need to collect data from a user, make sure to clearly state, among other things, why you need it, what you plan to use the data for, whether it may be shared and with whom, and the lawful basis on which you are relying to collect such data. For example, if you have a newsletter or mailing list, make sure that the purpose of your sign up form is very obvious so they know what they are signing up for.
    • Evaluate third-party apps and vendors for compliance. If you are using any third-party services to gather or process customer data (Shopify, eTower) you will need to check with those companies to verify they are GDPR compliant and will assist you with, among other things, users’ data removal and portability requests.

    A lingering question that every online business is asking is: what will happen to those companies who do not comply? The answer is still unknown. The regulation goes into effect May 25, 2018, and until there is a test or abuse case in the US, we won’t know how things might play out stateside. For multinationals with divisions in Europe, compliance is mandatory to avoid fines. For US-based businesses that control or process the personal data of European citizens, with or without the company’s knowledge, compliance is recommended, but not necessarily mandatory until the real-world impact of GDPR is better understood. That being said, it’s always prudent to have a privacy policy and we highly recommend having, posting and complying with one.

    For more information on the GDPR, please visit our FAQ page. To generate a standard privacy policy for your FootSteps Marketing website, please visit our Privacy Policy Generator page. To find legal assistance with a privacy policy, please consider an online resource. 

    Please note that the information provided herein is for general informational purposes only and does not constitute legal advice; it has not been prepared with your specific circumstances in mind and therefore may not be suitable for use in your business. By relying on the information contained in this blog post, our FAQ, and policy generator, you assume all risk and liability that may result.