Skip to main content

GDPR, Oh my!

What should we be doing?

by maiya
published on May 24, 2018
Monkey hanging around the railings

You’ve likely gotten more emails about GDPR lately than you ever thought possible.  It’s a little overwhelming and can be confusing, but don’t stress.  Here’s a quick overview of what it is and what we suggest you do to comply.

Updated Resource:

This article was recently published by WordPress and is very informative.  It also gives a Privacy Policy page template and makes it very easy to implement.  Instructions are outlined in the article, however you do have to have the latest version of WordPress installed to use it.  Please reach out to support {at} to request an immediate update if necessary.

What is the GDPR?

On May 25th the EU’s General Data and Protection Regulation (GDPR) goes into effect. GDPR is the first time any governing body has created legal backing to protect the personal data of citizens on the web. If your website collects data from EU citizens on a regular basis and serves customers from the EU, you’ll need to maintain a website that is in compliance with GDPR terms as soon as possible. If your website does not collect and store data from citizens of the EU, you are still advised to create a privacy policy on your website and take as many actions as possible to be GDPR compliant.  Your privacy policy should address the following:

  • People should have a right to protect, alter, or remove their personal data
  • People should have the right to understand how their data is used
  • GDPR applies specifically to any company that handles EU citizens data – employees and customers (even if they are located in a non-EU country)

What does this have to do with me?

If you collect data from users (via forms, cookies, etc) your website should likely have a privacy policy and terms of service statement that is easily accessible to users so they can understand how and why you use and store their data. It’s also important for your site visitors to understand what actions they can take to remove or edit their personal data.  If you do not collect data from EU citizens, you are not required to do this, but many are adopting these standards anyway.

If your website or app regularly collects information from EU citizens, you will want to consider consulting with an expert about the specifics of the regulation and take action as soon as possible.

Mangrove has made updates to our own site in accordance with the GDPR which include the following:  

  • we created a Privacy Policy page explaining how we collect, use, store, and manage personal data
  • we made our Privacy Policy page accessible from all public facing forms and the footer of our website
  • we reviewed any third party applications we use on our site and configured settings to be compliant with GDPRs terms for data storage and collection
  • we confirmed that anyone on our email list would like to stay subscribed to receive updates about maintenance and our company

What next?

We recommend to any of our clients who have a contact form on their site (ie, all of you) to take the same actions we have, as outlined above as soon as you can (without creating a ton of stress).

  • First, create a Privacy Policy page.  Please feel free to copy and adapt our Privacy Policy to meet the specifications for your own business, and let us know if you need assistance in adding a new page or links set up to direct to this privacy policy.  As mentioned above in this article, the newest version of WordPress guides you through this process and provides a template for you.
  • Add a link to your Privacy Policy page from any page with a form on it, or add a link to your footer so it’s accessible from all pages.
  • If you use an eblast system such as Mailchimp or Constant Contact, send out an email to all users asking them to re-opt in to your mailing list.  Specific email-related GDPR compliance information is available on the Mailchimp and Constant Contact websites.  If you use another system, you can likely google their GDPR recommendations.
  • If your site integrates with any third-party systems that collect data, ie CRMs like Hubspot or Pardot, or job application tools, make sure these forms or interfaces also reference your privacy policy (and that your policy notes the ways in which these tools collect data as well.)  It is also advised to review any specific suggestions on GDPR compliance from each third-party system.

If you have additional questions about applying this to your own site, or need further support we’d be happy to point you to any resources we have gathered (although we are in no way experts on the matter).  We’ll do our best to support!

A Certified B Corp, Mangrove is a woman-owned website design and development company with a diverse, talented team distributed around the globe. We’ve been building websites since 2009 that amplify the work of change-making organizations and increase the competitive power of businesses owned by historically marginalized people.

If you found this post helpful,  subscribe to our monthly newsletter for notice of future posts and other news from us.

Thinking about a project?