There’s no denying it. The internet radically shapes our lives.

We pay bills, send emails, and subscribe to our favorite sites, but, do we ever take a moment to consider – exactly how much of our personal information is out there on the web?

With the latest roll-out of the European Union’s privacy law, General Data Protection Regulation, it’s much easier to find out.

Starting May, 25th, this new law will change how organizations handle customer data while strengthening transparency and trust between businesses and their customers.

And while GDPR requirements apply differently depending on the type of business you run, there are important aspects to consider, like updating your website’s privacy policy. Here’s an example of Strategy’s privacy policy.

Like you, we’re navigating the GDPR landscape. Even if you’re hearing about it for the first time, it’s best to get started today.

What is GDPR?

GDPR gives EU residents more control and confidence over what, how, why, where, and when their personal data is used, processed, or disposed.

Here are a few takeaways:

  • Inform individuals how their personal information is used
  • Provide what data is being stored when requested by an individual
  • Remove an individual’s data from their systems if requested
  • Be able to provide data subjects with a copy of their personal data

Who Does GDPR Apply To?

GDPR applies to any company (in the United States or not) that uses, stores, or processes an EU resident’s information.

What’s Considered Personal Data?

Any information used to identify a person is considered data. It’s classified as two types:


  • Name
  • Email address
  • Bank details
  • Medical information


  • Date of Birth
  • Gender
  • IP address

How Does GDPR Affect My Business?

The GDPR rule applies differently depending on your business, but both technology and marketing play significant roles.

For technology, companies will be affected by how they store, maintain, retain and transfer personal data. Consider appointing a data protection officer or data controller who is in charge of GDPR compliance.

For marketing, it’s more about transparency – how you use an individual’s personal information while asking for consent to communicate with them. Let’s say someone signs up for your newsletter. A simple signup form will no longer make the cut. Instead, you’ll likely have to use a double opt-in and a checkbox on your email signup forms.

Keep in mind, these examples are just one of the many examples of GDPR compliance. You’ll have to assess your own business’s unique needs.

What’s My Next Step?

As you dive into GDPR, here’s a quick list to keep in mind.

  • Build awareness with staff and EU residents about GDPR
  • Review current security and privacy processes in place
  • Identify and analyze how personal data is being processed, stored, retained, and deleted
  • Assess the third parties with whom you disclose data
  • Establish procedures to respond to individual’s data requests
  • Create or update your website’s privacy policy
  • Create processes for data breach notifications

For more information, here’s a helpful GDPR checklist you can use.