Should Your Website Comply With The General Data Protection Regulation? Does it need a Privacy Policy?

Passed in 2016 and implemented in May 2018, the General Data Protection Regulation (GDPR) is designed to establish and protect digital rights for citizens of the European Union. While the GDPR primarily affects websites and organizations conducting business within the European Union, any business that stores and collects the personal data of European Union users on its website must also comply.

Could this affect your website? Ask yourself these questions:

  • Could I potentially get a new job applicant from a country within the European Union?
  • Do I sell/ship to any European Union country?
  • Is the educational content that I provide on my website applicable to those in the European Union?

If you answered yes to any of the above, and also use Google Analytics or another tool to gain insights on your website traffic, then you should evaluate your need to follow GDPR regulations.

Does Your Website Need a Privacy Policy?

Aside from GDPR compliance, most websites need to follow the terms of use of Google Analytics (or other tool of choice). It is a legal requirement in the Google terms of service to have a privacy policy that states how you are tracking and using visitor data from your website. A privacy policy is also legally required when a company stores, transfers, or otherwise handles someone’s personal information.

Even if you don’t use Google Analytics or place any tracking on your website (which is unlikely), having a privacy policy assures your website visitors that you take their privacy and management of their personal data seriously.

Getting Compliant

The first step is to create a privacy and cookie policy that states how and why you collect user and visitor data on your website. There are countless templates available online that you can likely modify to meet your needs, e.g.,

After your privacy policy is created, simply link to it from the footer of your website. This meets the requirement from Google Analytics and most U.S. states, but it will not get your site GDPR-compliant, which requires that the visitor acknowledge your privacy and data policy—typically by clicking “O.K.” on a pop-up or other prompt when they visit your site.

There are some tools, like, that generate a privacy and cookie policy, and have a simple embed code that can be implemented to be in compliance for best practices and Google, as well as more robust solutions for GDPR compliance.

Not sure where to start? Give us a call at 918-938-7901 or send us an email. We are happy to help.