GDPR - what the?!

You may or may not have heard a lot of talk recently about GDPR (see below for a definition).

We want to get straight to the point: yes, you need to comply if anyone landing on your site is in the EU.

Remember - it is your responsibility to ensure that the services you use on your website and other digital platforms are permitted and abide by your local laws. Any information contained herein is not legal advice and you should not rely upon it as such. The GDPR is a complex law and demands multiple actions from site owners. We recommend that you seek legal advice to understand and to prepare for possible additional requirements stated in such regulation.

In a nutshell, you will need to do the following:


  1. Create a Cookie Policy for your website. Cookies are small pieces of data stored on a site visitor's browser, usually used to keep track of their movements and actions on a site. In accordance with the GDPR, you must inform your users that you are using cookies on your site. You can inform your users by adding this as a section of your site's privacy policy. Make sure to include details on the types of cookies your site uses.


  1. Send out EDM to anyone on your CURRENT LIST who may be in the EU and get their consent to be on your list. OR you could just delete all people you believe are in the EU. This will require list segmentation.
  2. Send out an automatic EDM when adding EU customers to your list. This means a separate automatic email which requires them to click a button saying ‘yes, I want to hear from you’. Going forward - You have to sell prospects on the benefits of your list to get them to voluntarily sign up (not just as a requirement to get your lead magnet, freebie, or webinar registration).
  3. Update all current EDM templates to contain link to your privacy policy and give users a clear opt in/opt out option to stay on your list and be contacted by you.



GDPR stands for “The General Data Protection Regulation” a privacy law from the European Union that goes into effect May 25, 2018. Even though it’s a European Union law, all online entrepreneurs need to be paying attention because the GDPR will mean major changes for the way we operate.


  1. The GDPR will apply to any relationship or transaction (commercial or free) where one of more of the parties is in the EU. It is not based on citizenship, it’s based on where they are when you are interacting with them.

  2. If you are an online entrepreneur or marketer based outside of the EU, you must comply with the GDPR when we are interacting with or collecting data from people in the EU.


A non-EU entrepreneur has to comply when processing of people in the EU.

1. But ONLY if the processing is related to: Offering products or services to people in the EU (paid AND free)

2. Monitoring the behaviour of people in the EU


The only lawful basis for adding someone to your marketing email list under the GDPR would be consent, and the GDPR requires that consent be freely given, specific, and unambiguous.
This new standard means we can’t automatically add everyone to our general marketing email list.

  1. We must get a separate consent to add them to our marketing list.

  2. You can’t require them to give this consent as a condition for getting something from you.

  3. You have to sell prospects on the benefits of your list to get them to voluntarily sign up (not just as a requirement to get your lead magnet, freebie, or webinar registration).

The new consent standard applies to your EXISTING list. If you can’t show that you have the right kind of consent from people who are already on your list and to whom the GDPR applies, then you cannot email them any longer beginning May 25, 2018

Here are some great resources we recommend you read as this is your responsibility to make sure you are compliant: