GDPR: be in the know

May 10, 2018

written by
Bri Martinez

let’s get legal.

GDPR stands for General Data Protection Regulation. It’s based out of the EU but is worded so that if you have the data from any citizen in your databanks or it passes across your virtual desk, you may need to comply. And since the digital world knows no physical boundaries and there are many EU citizens who live/work in the US, the chances are pretty good that you fall under this legislation.


It goes into effect May 25th and is NOT limited to your website. It will require both front end and back end updates to your systems and processes. Ignoring this may result in fines, bans for abusing third party platforms like Google, or both.

Basically, any information that can be used to identify / track a user falls under the new regulation. This includes but is not limited to:

  • Newsletter sign up
  • IP addresses
  • Cookies on a site for marketing purposes
  • Home address
  • User names
  • Adwords


An EU user has the right to know what data you have on them, how you are going to use it, and the right to have all of their data erased. You have an obligation to keep their data secure, provide them with what you have for free in electronic format, and the ability to completely erase them. This includes on Google, in your database, backups, email lists, on your server, or your christmas list.

  • Know what you’re asking for from users. Create a log of how things come in and out.
  • Inventory what data you do have.
  • Review your data inventory to look for weaknesses.
  • Routinely test your systems.
  • Put controls in place so that you can be alerted to a breach. Know how to report it and have a plan. In case of a breach, you’ll have 72 hours to report it.
  • Monitor your traffic and third party data access.

We’re not covering everything here. That includes opt in, data retention policies, and many other details. You should seek more information from your company’s legal team. Our 300FeetOut lawyer constantly reminds us that we are not lawyers and not eligible to give legal advice. Be advised that all of this will require time to implement but this isn’t something to ignore as GDPR is waking the world to the importance of data security and privacy.

For more information on how we’re handling your data please visit our privacy policy.

let's work together.

hello, i'm and i work for . you can reach me at . i'd like to chat with you about .

ding! we've got it. chat with you soon.