How to Prepare for GDPR for Small U.S. Websites

Empty Lighthouse is a reader-supported site. This article may contain affiliate links to Amazon and other sites. We earn a commission on purchases made through these links.

GDPR is coming, and if you haven't heard about it, get ready for a big surprise.

Even if you're located in the U.S., Europe's new GDPR privacy rules will affect you significantly. So how do you prepare? What do you do?

GDPR Primer for Americans

GDPR is the new European requirement for data privacy for internet sites.

It requires all sites to put a significant amount of effort into data privacy and security, and it requires all sites to get permission before storing any data -- including IP addresses and cookies.

Unfortunately, if you have any site visitors in the EU, regardless of where the site is located, you have to comply with the new rules.

And if you don't, the EU can fine you up to 4% of your revenues -- that's quite a bit.

So what do you do? Well, unfortunately, the rule is very complicated, and even though it goes into effect in a few days, nobody seems to have a good sense of what the requirements are.

Moreover, the big companies are seemingly not prepared for the requirements, and if they aren't prepared, the problems cascade to site owners.

There are several main requirements for GDPR, although most don't apply to smaller websites.  Nevertheless, the ones that do are extremely cumbersome and could drastically affect your profits.  

The most important requirements for smaller, U.S. based sites are:

  • You need to ensure your site is secure. If you use WordPress, you can follow the instructions here.
  • You must get permission from users in the EU before you do any tracking, which means if you (or your advertisers or plugins) set any cookies, you must get permission before doing so.  This essentially means you can't use any personalized ads, unless the user opts in.
  • You can no longer have automatic opt-in -- every piece of information (including cookies and IPs) need to be expressly opted in, and users have to be allowed to not give you the information.  This will be a huge change for advertising, as well as things like social sharing.

So what do you do? Check out this great primer on how to comply with GDPR for bloggers and small businesses in the U.S.