What does GDPR mean for my US based business?

gdpr for us companies

Our simple minded take on what seems difficult and too time consuming to learn

Short on time? Pick your poison.

Disclaimer: We are not attorneys, nor do we play one on TV. We do not claim to know the law or how to protect you from the GDPR police. So, if you really want to cover your tail, seek real professional advice from an attorney or legal professional please.

Updated: May 22, 2018

gdpr for us companies

What does GDPR mean for my US based business? 

The details in case you are having trouble sleeping.


I don't know if you have noticed the emails from companies sending friendly reminders about their updated Terms & Conditions and Privacy Policy.

GDPR means General Data Protection Regulation (GDPR), which happens to be the European Union's new privacy law, which goes into effect May 24th, 2018.

It's a cool law, in that it gives the person more control over how their personal data is used versus giving the company carte blanche to do whatever the hell they want to do with their personal data.gdpr for us companies

And you may be thinking, I don't even have clients in the EU, so why does it matter?

Well, even if you don't have paying clients in the EU, you may have someone, from non-US places, that may have interacted with you online, right?

Not only does this law apply to your business, it applies to any system you use that STORES OR TOUCHES your customers personal information too.

So, before you delete yet another email about a company updating their terms and privacy policy, ask yourself, "Is my customer's data in this system?".

If the answer is yes, then please stay tuned as we try to explain what we understand can ensure make sure your business is a bit more covered.

Unless you know EXACTLY where people are based geographically, then GDPR could effect you because someone from the EU may have:

  • Signed up for your lead magnet
  • Subscribed to your newsletter
  • Maybe sent you an email and you added them to your CRM
  • You boosted a post on Facebook
  • You ran a paid ad on Google
  • They could even be in your Email, Survey, Appointment Scheduling, CRM or MANY other systems.

These are only the things that I think I understand out of the many data variables. In this case, I would lean towards better safe than sorry and read on.

gdpr for us companies

 What does GDPR mean for my US based business

GDPR CLIF Notes for US Business Owners

We will give you CLIF notes version of the bare minimum and then the recommended version of what could be done.

The Bare Minimum That You Should Have in Place Today:

  • Terms and Conditions Page
  • Updated Privacy Policy Page with a GDPR Statement
  • Add Updated Date to Privacy Policy Page 
  • Terms and Privacy Page links on every website page footer
  • Send your updated Privacy Policy to your list of prospects and clients

Gold Star Activities That You Should Have in Place if You Have A Team, Time, or Money:

  • Send an email to your list and engage with them opposed to sending another boring Privacy Policy/GDPR email
  • Verify your Domain is secured with a SSL Certificate. Your domain would say HTTPS if it is secure vs HTTP (which isn't secure)
  • Add a Consent Checkbox to to all opt-in forms, boxes, and forms that collect personal information.
  • Add a Privacy Policy link to all opt-in forms, boxes, and forms that collect personal information.

gdpr for us companies

GDPR For US Companies -  What does GDPR mean for my US based business

List of Common Software Providers

Once you are compliant, you need to make sure the software companies that you use to store or collect client's personal data are also compliant.  Here's our list of the most common providers.

This is NOT everything. This is just a start to get your mental juices flowing.

When you think about GDPR, don't forget to ask yourself, "Is my customer's personal data in this system too?" This could apply to your cloud, email, CRM, appointment scheduling, or survey form software. Even for #startups & #businesses in the US, it matters.  

Click to Tweet
When you look at this list, don't forget to ask yourself. 
"Is my customer's data in this system?"

Website, Marketing, & Lead Generation Software






Wordpress - In depth article on Wordpress compliance 

Wordpress  - Readiness & Compliance 

Wordpress Thrive Themes - Best Wordpress Theme EVER!

If you are our client, this is most likely your theme. Here is an update on what Thrive is doing to help keep our business' client data safe within the GDPR policy. We love, love, love Thrive!

Email Marketing Software

Active Campaign - Our Favorite Email Marketing Software
aWeber  - Great playbook on how to prepare for GDPR with aWeber
Constant Contact
ConvertKit - Readiness and compliance
Drip - Also,  a great place to start if you are new to email.
InfusionSoft -  Compliance and readiness

CRM - Customer Relationship Software

Social Media Software

If you are using Groups, Bots, and Messenger to communicate with people on Facebook, or any other media/ad platform.

Don't forget about online forms, appointment schedulers, surveys, and the almighty cloud (like AWS, Dropbox, Survey Monkey, TypeForm, Calendly, etc). When we say the list goes on and on and on. We mean quite literally.

gdpr for us companies

 GDPR For US Companies - What does GDPR mean for my US based business

Wanna Save Time? Copy ours.

Again, we are not attorneys. This should not be confused for legal advice. But we have a Privacy Policy that seems to cover the bases that you can copy. 
OR -Just copy the GDPR Statement below and add it to your Privacy Page.

General Data Privacy Regulation (GDPR) Practices
As a company that markets its site content, products and/or services online we do not specifically target our marketing to the EU or conduct business in or to the EU in any meaningful way. If the data that you provide to us in the course of your use of our site or services or products is governed by GDPR, we will abide by the relevant portions of the regulation. If you are a resident of the European Economic Area (EEA), or are accessing this site from within the EEA, you may have the right to request: access to, correction of, deletion of; portability of; and restriction or objection to processing, of your personal data, from us. This includes the “right to be forgotten.”

To make any of these requests, please contact our GDPR contact at gdpr@my website domain.com.

Need a bit more?  Here are a couple of options for you.

If you found this useful, please share it with someone who may need help too.  We gotta stick together.

If you have questions or comments, please leave them below.  Be kind, we are only human and make mistakes too.