5 website steps to GDPR compliance for creative entrepreneurs

5 Easy steps for making your website GDPR compliant | CodeLoveCreative.com






**Disclaimer: I’m not a legal professional and do not claim to give legal advice in this post. Please seek independent counsel on the best GDPR compliance methods for individual business.**

If you spend any time online these days there’s no doubt you’ve heard a lot about “privacy” in regards to how your information is collected and used by companies (for example, the recent Facebook “data breach”). GDPR, or General Data Protection Regulation, is a new set of laws created by the EU to govern how businesses go about doing that with the goal of protect users’ information and privacy.

Have you noticed a huge increase in “privacy policy” update emails from companies who you subscribe to? I’ve been getting TONS of these, even from companies who I didn’t even know had my email address. The reason for this onslaught of legal notices is also because of these new GDPR laws, which go into effect on May 25, 2018.

Why you should care about GDPR compliance (even though it sounds boring)

This is important for any entrepreneur, even if you aren’t located in the European Union, if you have a website for your business where you collect information from your users. For example, if you have email-optin forms for your newsletter this applies to you! If anyone from within the EU signs up for your list (or has in the past), they are able to report you if you do not follow the GDPR laws.

Spread the word and pin the checklist:

5 Easy steps for making your website GDPR compliant | CodeLoveCreative.com


5 Website Steps to GDPR Compliance

Get consent for emails

Be clear and upfront about what people are going to receive when they sign up for your email list. For example, one of my opt-ins used to say “Sign up to receive my free guide” and I changed it to “Sign up for my weekly emails and receive my free guide.” This is clearly informing that I will be sending an email once a week. If someone purchases a product from you, will you add them to your email list? Let them know!

You should also consider adding a checkbox that users must click in order to opt-in for your email list. Do not make the checkbox pre-checked. You want users to have to take clear action in order to prove they consented to sign up. ConvertKit makes this super easy. Jump to the bottom of this post to see more ways ConvertKit makes GDPR compliance super easy!

It’s also a good idea to implement a double opt-in on your email sign up forms. It may not be a legal requirement, but it does help with proof of consent and it also is great for engagement since you know that the people on your list actually want to hear from you!

Make unsubscribing from emails clear and easy

Don’t you hate when you can’t find an “unsubscribe” link in an email that you want to stop receiving? Me too! So don’t do that to your subscribers. Having a clear and easy way to unsubscribe also means you’re adhering to users’ right to withdraw consent at any time.

Install SSL

SSL, or secure socket layer, is what encrypts and protects the information that people enter into your website. Not only is SSL important for SEO, but it helps to make you GDPR compliant by protecting the information of your website users. p.s. SSL is included in my Managed WordPress Hosting!

Cookie notice

If you use cookies on your website, be sure to include a notice on your website that informs people of this.

Privacy Policy

Be sure to have a Privacy Policy page on your website which outlines what information you are collecting, where you are storing it and for how long. It should also state that the user must fully agree to the terms in order to fully use the site. Be sure to review the privacy policies of third-parties your website is connected with, such as Facebook or plugins that may collect user data.

A privacy policy is a good thing to seek independent counsel about to make sure your Privacy Policy is up to date and thorough.

How ConvertKit helps with GDPR compliance in email marketing

I’ve written many times about why I love ConvertKit. As usual, they’re providing tons of support and assistance for their customers to help them with GDPR compliance. You can check out their entire FAQ page here and feature support for GDPR here.

Custom consent checkboxes (for everyone or just for visitors within the EU)

Easily add a consent box to your email opt-ins without having to know any code. And even better, it will redirect them to a special consent page so it doesn’t clutter up your forms.

Figure out who your EU subscribers are

ConvertKit makes it easy to select your EU subscribers so that you can get consent from the existing subscribers. They even offer a sample message that you can send to them.

Allow users “the right to be forgotten”

If you receive an email from a subscriber who wants their information complete removed (and not just unsubscribed), you can contact ConvertKit to handle this.

Audit protection

And if someday you somehow get audited for GDPR compliance, ConvertKit also has a GDPR Audit Concierge where they say: “we have your back and will get you any data we have that can help you comply with the audit.”


Want to know more about ensuring your email marketing is GDPR compliant? I recommend reading this very detailed article.

I hope that these steps have you well on your way to GDPR compliance. Have questions? Please post a comment below.


10 Must-Have Elements For Your Wellness Business Website

Perfect for yoga teachers, personal trainers, healers, health coaches & other wellness professionals!

Powered by ConvertKit

About the author

I’m Taylor and I help intentional entrepreneurs like health coaches and yoga teachers transform their vision into an enlightened website to help them grow their businesses, build a tribe, attract ideal clients and create the lifestyle they dream of. Read more…