GDPR Tool + Checklist: How It Affects YOU & What You MUST Do
Facebook Youtube

GDPR: Report, Checklist & Tool Download

GDPR Tool and Checklist

Hi, and welcome to another ‘1st of the month’ blog post here on!

This months blog post is an important one, so please read on… first though, the mandatory disclaimer that I have to give:

Please note that this article is for information purposes only and is based on my understanding of GDPR. The tips I’m providing are not intended to be legal advice and in no way represent a comprehensive standard for ensuring the GDPR compliance. I recommend you seek your own legal advice.

Before you do ANYTHING else…

Click Here To Access GDPR Software

After you register using the button above, we’ll send access instruction to your email.

Now let’s dive in to what this is all about…

If you own a website that could potentially get EU visitors (ie. this basically means ANY website), then you need to read this article from start to finish to ensure you know what GDPR is, and that your website is compliant (failure to do so could result in a catastrophic fine).

The cut-off date for being GDPR compliant is the 25th May 2018 so time is of the essence (if you’re reading this after May 25th, then read faster)!

What is GDPR?

GDPR stands for the ‘General Data Protection Regulation’.

Up until now, EU citizens have had ‘control’ over their data via the ‘1995 Data Protection Directive’, however the 1995 Directive isn’t great in practice, because it leads to different laws in different member states.

The GDPR replaces the existing EU Data Protection Directive, and is a fundamental change to the way organizations must approach data privacy, providing consistency and one regulation across all EU member states which applies to all EU citizens.

Why Should You Care?

The GDPR will become law on May 25th 2018, and will impact anyone who lives in the EU, anyone that has subscribers in the EU, or anyone who collects data from people in the EU (for example, via cookies or IP tracking)… that’s a pretty broad net, and covers almost every half-decent website out there.

Therefore if you market to anyone in the EU from wherever you are worldwide (or collect any of their data, like an email address, or use cookies), you will need to adhere to the GDPR regulations, otherwise you could face some very hefty fines.

Wherever your business is located in the world, the GDPR will apply if you:

  1. Offer products/services to EU citizens and/or:
  2. Collect personal information from EU citizens

Hopefully I’ve beaten this to death and made it crystal clear!

Does The GDPR Affect You?

As mentioned above, GDPR affects you if you’re collecting EU citizen data in any way.

Technically speaking, the GDPR affects two groups of people;

  1. The Data Controller
  2. The Data Processor

1. The Data Controller

99% of people reading this will fall into the ‘Data Controller’ category.

If you decide how data is used, then you are the Data Controller within your organisation. In other words, if you’ve got a website, and collect email subscribers (for example), and you control how the email addresses are used, then YOU are the Data Controller (and it makes no difference if you are an individual or a business).

If you are the Data Controller (which you probably are!), you must process all personal data from your subscribers according to GDPR law.

2. Data Processor

The other 1% of people reading this will fall into the ‘Data Processor’ bucket.

The data processor is someone (or a business) that uses data on behalf of the Data Controller, for example, Aweber and other email marketing autoresponders are considered Data Processors.

The definitions of both the Data Controller and the Data Processor are laid out in Article 4 of the General Data Protection Regulation, where further definitions are found also.

Click Here To Access GDPR Software

Subscribers Rights

The GDPR gives your EU subscribers explicit rights, it’s a smart idea to know what these are, so you can ensure you’re protecting them:

1. Right to be informed

Your subscriber can at any time ask how their personal data is being used and why it is being used.

The answer you give may be as simple as: “The personal data we have is your name and email address. It’s being used by me/my company to send you updates about how to build an online business.”

Not exactly rocket science.

2. Right of access

Your subscriber can at any time request a copy of their personal information.

If you’re collecting data via Aweber (an email list), this is pretty easy to access. You just login to Aweber, find your subscriber, and you’ll be able to see all the information you have on file:

GDPR Aweber Info

In the image above, I’ve put red boxes around the information we have on file for this particular subscriber, and also how he subscribed (something else you may need to provide if you were ever questioned by authorities).

Again, nothing too complex if you’re using a system like Aweber.

3. Right of rectification

Your subscriber can update their personal data at any time.

This is normally pretty easy for any subscriber to do, for example, in all the emails we send out, we have a ‘Change Subscriber Options’ button at the bottom of each email, it looks like this:

GDPR Email Subscription Management

And when someone clicks on the Manage Subscription button, they’re taken to a page that looks like this:

Aweber GDPR Data

As you can see, the email address on file can be seen, along with the name on file, where I signed up, and the other lists in the same Aweber account that I’m subscribed to. Clicking on the ‘Edit Contact Information’ link allows me to change my name and email address.

Alternatively, a simple email to the website administrator/owner can have data updated at any time. If you want to update data you have with us, just submit a support ticket here, and we’ll do it for you:

Like the first two subscriber rights, this one isn’t overly difficult to understand or manage.

4. Right of erasure

Your subscriber can request that their personal data is erased and any third party involved must cease any further processing of their data.

Pretty simple, give your subscriber a way they can erase their data.

5. Right to object

Your subscriber can unsubscribe from your mailing list at any time.

Also very simple, and for Aweber, it can be done from a link in every email that’s sent out.

So they’re the subscriber rights, in a nutshell. Hopefully this is all making sense.. read on, we’ve still got a lot to cover!

What Customer Data Should You Hold?

The GDPR states that you must document what customer data is used for, so what customer data should you bother keeping?

Obviously the answer will vary depending on the business you run, the key is that you can justify why you’re asking for (and keeping) customer data.

For example, if you have your customers date of birth on record, can you justify why you need that? If not, you probably shouldn’t keep it.

Not only that, we also need to document where we got this information from, for example;

  • Did we buy the data?
  • Did we get the data from a third party?
  • Did we get the data via a web form?
  • Did we get the data from a mailing?
  • Etc.

It’s no longer enough to gather as much information as you want, just in case we might need it at a future date. You have to hold data for an explicit reason only, and it needs to be;

  • Relevant
  • Accurate
  • Limited to what we need

For most websites, and certainly for email subscription lists, you’ll need to collect an email address (at bare minimum), and perhaps a name (for personalization so that you can offer a better service).

These will normally be collected via email optin boxes. It’s unlikely that you’ll need much more than this.

Some websites that are linked to local businesses may collect phone number and address information so that other forms of communication are possible, but again, this is pretty standard practice, and something you can explicitly explain to your subscribers at the time you’re collecting the information.

Click Here To Access GDPR Software

Required GDPR Documentation

To make sure you’re fully protected, it’s critical that you document EVERYTHING for GDPR.

If for any reason the regulatory body or supervisory authority want to talk to you (in the event of a customer complaint that maybe you’ve used their data inappropriately), it’s much more likely that you will be successful defending your actions if you have documented the data you hold, why you hold it, and can demonstrate that you have explicit authority to use it.

I can’t see why this would be an issue for anyone, after all, the Data Processors (Aweber, etc) all do this for you.

The 6 Key Principles of GDPR

The 6 Key Principles are:

1. Data must be processed lawfully, transparently & fairly

In other words, people must know what their data is being used for.

2. Data is collected for specific and explicit purposes

From 25th May 2018, to comply with GDPR we can no longer collect data for the purpose of collecting data in the hope it might be useful at some point in the future.

You must tell people what the data will be used for, this is pretty easy to do on the optin form you’re using to collect the information, here’s an example:

GDPR Optin Box

This form pretty clearly explains how the subscribers information will be used, to deliver “regular information on bushcraft, survival, outdoor life, starting with 20 free videos today”.

Pretty simple 🙂

3. Data held must be adequate, relevant and limited to what is needed

I interpret this to mean… you can get enough of your subscribers data, but not too much, only for what you need.

4. Data must be accurate

Since you’re collecting data from the users themselves, I find it hard to see why your data wouldn’t be accurate, or why you’d deliberately make it inaccurate…

5. Data retained only for the time it’s required

Only keep data for the amount of time that you actually need it, not for months and years ahead in the hope you might use it some day.

6. Data must be processed securely and you must be able to prove this

Data must be processed securely using technical or organizational measures, including the protection against the following:

  • Unauthorized or unlawful processing and against
  • Accidental loss
  • Destruction or damage

These 6 key principles can be found in Article 5 of the regulation

Privacy And Transparency

You need to be 100% transparent with your customers/subscribers, make sure you have unsubscribe links on your emails, and if they ask to be removed manually from your list, make sure you do it.

Make it easy for your customer to read through your terms and conditions and privacy notices, special note of your customers reluctance to do this should be noted.

A simple link in the footer of your website to your privacy policy (and sometimes your cookie policy) will help make it easy for your website visitors to find this information.

Is Your ‘Data Processor’ Compliant?

In most cases, yes, all the main players, such as AWeber, GetResponse, Mailchimp etc., have GDPR plans in place which you can check out on their websites to ensure they are compliant by 25th May 2018.

Should You Use ‘Double Opt-ins’?

There’s no written rule that says you MUST use double opt-ins, but by using them you’ll have an easier job showing that you got consent from your customer to collect their information.

What You Need To Do Today…

Get your business compliant prior to May 25th.

Our software and checklist will guide you through in more detail:

Click Here To Access GDPR Software

Here are a few things you may need to do:

1. Ask your subscribers to re opt-in

Unless you can prove you’ve received consent from your subscriber, prior to the GDPR taking affect, it might be a smart idea to ask your subscriber to opt in again.

Here’s an example of how you might do this (you could format an email broadcast to look like the message below):

Subscriber re-optin

NOTE: Based on everything I’ve read on this topic, I would ONLY ask for someone to opt-in again if I were uncertain as to whether I had their consent in the first place. And remember, this ONLY applies to EU citizens (not your full list of subscribers).

If you’re unsure if you’ve got consent, then dive into your subscriber data and check to see if you’ve got the following:

  • The date your subscriber signed up
  • The time your subscriber signed up
  • The source of sign up
  • A copy of the sign up form used to collect their data

If you haven’t got the above information, then you could send a re-engagement email prior to the 25th May 2018 and request that consent to receive emails is given again.

If you take this path, and get no response from your subscriber by 25th May 2018, you should not email them again, and you must delete not only their email address, but any data you hold on that person.

2. Ask for explicit consent to use personal data

GDPR law states that you need to ask your EU subscribers for explicit consent to use their personal data.

Again, this is only something I’d personally worry about if I was unsure that I had consent in the first place.

Let’s say you’re unsure if you’ve got consent, you could address this by sending a re-engagement email to your current subscribers and explicitly ask for consent to use their name and email (or whatever) to communicate with them. This would be worked into the same communication as the re opt-in, as explained in number 1 above, I wouldn’t send out two different emails to address this.

GDPR states that before collecting any personal data, you need to provide the following information to your subscriber:

  • Who you are
  • Your contact information
  • Why and how you are going to use the subscribers data and the reasons for doing so
  • How long you will keep their data
  • How the subscriber can erase or change their data
  • If you are planning on sharing the subscribers data with anyone else (i.e., with a third party)

Update your policies

As mentioned earlier, you need to make it easy for subscribers to view your policies by making them easy to find, for example by having a link to them in the footer of your website, email, and perhaps in your sign up forms.

Your privacy policy is going to play an important part of GDPR compliance.

You need to communicate information about processing of personal data that’s:

  • Concise
  • Transparent
  • In clear plain language
  • Intelligible
  • Easily accessible
  • Free of charge

You can update your privacy policy by using short, clear sentences and writing with the average user in mind, for example by avoiding overly technical information.

It’s always good practice to keep your policies up to date, so now is the perfect time to do just that.

Here are a few Privacy Policies of big firms who I’ve seen proactively address GDPR:

To check these out for yourself, browse around your favorite websites and hunt for the ‘Privacy’ link.

Revisit your cookie statement

Cookies are classed as ‘personal’ data under the GDPR as they can identify an individual via their device, therefore it’s time to check your cookie statement.

The following cookie statement is no longer sufficient “By using this site, you accept cookies”, you need affirmative action from the subscriber such as clicking an opt-in box, or clicking a preference or setting to confirm consent, therefore visiting a website no longer counts as consent.

Here are a couple of examples:

A €10,000,000 Fine (or more)

At the time of writing this article, €10,000,000 is equivalent to $12.27 million dollars.

Screen Shot 2018-04-20 at 11.27.51 AM

Those found to be in breach of the GDPR, could face fines up to 10 Million Euros, or 2% of their global turnover (whichever is higher).

Needless to say, a fine like this should make being compliant a no-brainer 🙂

If you wish to dive into this rabbit hole yourself and learn more about the GDPR, visit:

To sign off, let me leave you with this final thought:

Legal stuff like this bores me to death, but it’s a small price to pay for the ultimate freedom that running an online business can give you… so battle through it, it’s not that terrible.

And before you go, don’t forget to register for free access to our GDPR software and checklist:

Click Here To Access GDPR Software



Like what you’ve read?

If so, then click the “GET STARTED” button below. I’ll send you my SEVEN Passive Income Blueprints' and more great content (100% FREE, no strings attached).

121 Comments so far:

  1. Jason says:

    I’ve been hearing quite a bit about this, but this is the first time I feel I understand what it all means, thanks Aidan

  2. Hillary says:

    thank you Aidan and Steve.

  3. Phil says:

    Aidan, right now I only sell on amazon (private label), will this affect me? I don’t have a website, but am thinking of building one so I can register a list of my buyers.

    • Aidan says:

      If you don’t have any websites, then no, nothing you need to do. If you do eventually build a website, then yes, make sure you follow the guidelines in this post 🙂

  4. Tim says:

    Great article.
    It’s awesome that you have taken the time and effort to explain and provide software to manage the situation.

  5. Lisa Chapman says:

    Aidan, Your posts are ALWAYS solution-driven, straight to-the-point, and HIGHLY action-oriented. I learn SO much and really trust your advice – implicitly. BTW, I especially love your Content Marketing Masterplan You Guys Rock!

  6. Joe says:

    This will be interesting because my data is held in the US and I’m in the US. Does the law come with a special extradition treaty? I find the whole, state attempt to regulate something larger than itself interesting.

    • Aidan says:

      Hey Joe, it’s not so much about where your data is held, but where the people are from that are using your website.. if they’re in the EU, and you’re collecting their data, then you’re expected to comply.. will certainly be interesting to see how this all shakes out!

      • SN says:

        I was thinking the same thing. What about the business’ nexus etc. If you are not google or facebook how will they go after you and if they go after USA businesses only and will not go after the ones in China can they(gdpr enforcers) be sued for discrimination and unfair practices?

        • Aidan says:

          I wouldn’t worry about what they might or might not do.. I’d just get the basics in place to stay in line and out of harms way 🙂

  7. Pardhuman says:

    what about if say you are selling as an affiliate (and don’t have a website) where you are collecting email address of people who optin to your affiliate offer.
    There is no website in this case but you are still building an email list. Does this require to be GPDR compliant as well?

    • Aidan says:

      As I understand it, sincd you don’t have a website, you’ll just need to make sure your auroresponder messages give people ability to unsubscribe or change/update their details (which is standard practice anyway). The wording on your option forms will still need to comply.

      • Pardhuman says:

        Thanks Aidan

        • Pardhuman says:

          If say you advertise your offer/product/services only to non-EU buyers, should that be sufficient not to be GPDR compliant?

          • Aidan says:

            If it’s POSSIBLE that EU people may buy/subscribe, then you’ll need to use the recommendations I’ve mapped out..

  8. Pardhuman says:

    Hi Aidan,
    I subscribed to ‘Passive Income Blueprints’. Got an email from you to click the links which just says “THIS LINK IS FROM A NON-ACTIVE ACCOUNT”

  9. Didier says:

    I have a website using shopify, when somebody buy a product should I add a button asking him/her if they consent me to keep their data (name,email, adress) and if they refuse the information is still kept on shopify I assume. No sure what to do. Thanks

    • Aidan says:

      It wouldn’t hurt to do that. You could also specify on the checkout page that you’ll be delivering promotional material, etc

  10. Elizabeth Escandor says:

    Aidan, thanks very much this awesome explanation about this requirement. We appreciate you taking time to explain in such a simple manner. I am just at the early stage of creating websites, though I have domain names that are parked.

  11. Jay says:

    This is interesting, Aidan. I understand that your business is worldwide, and this would apply to you and your efforts specifically. But to those of us outside the EU, who do not target EU citizens (at least not yet), to me, this has no meaning. I feel like saying something such as , “If you are from the EU, you cannot use this website as we do not comply with the GDPR.” would be appropriate. As a US Citizen, this EU overreach sounds like exactly that, and should only apply to EU citizens and EU websites. Any thoughts?

    • Aidan says:

      I think if you have a “page gate” that states that (something that people need to read before they see your site), then you’d probably be fine.. I totally get where you’re coming from though.

      • SN says:

        For those of us in the USA. Why can’t we follow USA rules/laws and just include in the privacy policy the things that we have to have why EU rules should even apply here? Since US legislature wasn’t passed and business doesn’t have nexus in Europe why even bother with it?

        • Aidan says:

          It’s because EU citizens are involved… the USA probably tries to protect its citizens in similar ways (in other areas). You could block all EU traffic if you wanted to and you’d probably be fine then 🙂

      • Gab says:

        Not sure about this page gate. IP address is also personal information. How do you block someone without knowing their IP address is from the EU?

        • Aidan says:

          It can be done from the hosting level… before that info even gets to you. Ask your host about it 🙂

  12. Ellie Strand says:

    Thanks, Aidan. What I’d read was that it only affected folks in the EU. I didn’t realize it meant anyone who collects info from an EU citizen. Your timely email saved my bacon!

  13. Shelley says:

    As a solopreneur, I could never keep track of all the changes in the world–like this one. Thanks for being here for us Aidan, and all the work you do!!

  14. Charles says:

    Great articke Aiden ,what about if you are marketing emails on behalf of a client ? example I wil be sending emails on behalf of my clients ie do their email marketing !

    • Aidan says:

      Without knowing more specifics, then you wouldn’t be affected. The data processor would be Aweber (whoever the autoresponder is), and your client the Data Controller

  15. Thank you Aidan for this valuable information. No wonder You are the head of 7FC. I really appreciate you. All the Best.

  16. Brian Parsons says:

    Thanks Aidan & Mr Steve… I can now add you to the list of Internet Gurus who have been paying attention… and appreciate the info… something to note, GDPR isn’t just email… some of the legal experts I am tracking suggest it can also potentially extend to Push Notifications and FM Messenger… so you are being advised to glance over these areas of your business too… and if you are using autoresponders, kind of your responsibility to ensure they are GDPR compliant as well… yes, changes… but you can then promote that you are GDPR compliant… which I see many online doing now.

    • Brian Parsons says:

      One thing I would also stress a little more for people… and been tracking GDPR for some time know… the whole “how you are planning to use their email thing” is crucial… at the moment, you can get someone’s email, and then use it however you want… but with GDPR you need to be upfront about all the different ways you will use it… ie. Monthly Newsletter + Sales emails + Product launches… and then the Consumer agrees to all that when they sign-up… IF you then use that email in a way they have not previously agreed to… such as selling it on to a 3rd party… that’s OK, if you have gone back to them and got their OK… but if you don’t that’s when you are in breach, and for anyone inside EU, penalty is 4% of annual turnover as potential fine… this new law has teeth. So bottom-line, you have to think of all the ways you currently use the emails you have, get people to agree to all those uses, and if you add a new use in future… then you have to go back to people, get their sign-up again… and if they say no… then you can’t go ahead and use it… so GDPR requires that the Data Manager has done their internal research, and understands all the ways that their company uses people’s data… PLUS in UK, and other EU countries… people have to be officially registered… which means you have to go to an official website and register and pay a fee… you can’t just call yourself a Data Manager, you have to be officially registered… in UK, cost is currently £30.

    • Aidan says:

      Yup, absolutely.. it’s any kind of data that is collected.

  17. Annie McGuire says:

    Wow, thanks Aidan. You’ve provided an excellent explanation and clarification. I’ve bookmarked this page to share.

  18. Noel says:

    Hi Aidan, many thanks for the article/checklist. Does this have any impact on websites who collect information via a contact form, eg when a prospect is looking for a quote/making an enquiry (not attached to autoresponders). The information is only used for follow ups apart from replying with quote details.

  19. Evelyn says:

    What if we’re selling on shopify? Are we bound by the GPDR?

    I truly think the EU has gone overboard on this Cambridge Analytica debacle. The penalty is crazy.

    Awesome stuff, your blog post by the way. Thanks much for the education, the software and the free stuff!

    • Aidan says:

      Hi Evelyn, if there’s a chance someone in EU will go to your site and subscribe, or buy something, or that you capture their data… then GDPR will apply to you.

  20. Laorin says:

    Thank you so much ,you have put it very clear to understand and act.

  21. sam says:

    Thanks Aidan for the useful information.

    I have a website with affiliate links both for US and EU amazon. I am not generating any list from the website visitors.

    Does GDPR affect me in your opinion?

  22. Stacey Davis says:

    I don’t have a website at the moment.
    Total newbie question….I’m soon to open a Shopify store… is that considered a website?

    • Aidan says:

      Hi Stacey, yes, your Shopify store will be considered a website. Don’t let any of this stop you getting started though, the checklist and our tool should make things nice and easy for you

  23. Mark says:

    Hi Aidan

    Thanks for the great information and tools. Your last comment mentioned the use Of FB pixels. I have not used these yet but was planning on it, could you please shed some more light on how a visitor or even my self could go about deleting this information if requested to, by a visitor to my site?

    Thanks in advance 🙂

    • Aidan says:

      You make a good point Mark, you cannot delete individual FB pixel data without deleting ALL you data. I’ll look into this some more. Thanks!

  24. Sarah says:

    Thank you, Aidan and Steve! The only article on GDPR that explained things clearly and didn’t bore me to death! Now to implement your advice. 🙂

  25. Kevin Young says:

    Hi Aiden, Great article – thank you. We have been in 100K for some time and not succeeded and have now restarted in Commission BluePrint and preparing for our website, so very timely. As I see this it will a plus to most visitors for a site to be GDPR compliant… so what a good way to start.

  26. Claude says:

    Hi Aidan
    Your Privacy Policy states that you do share data “Who we share your data with…” and “Sharing your data with other 3rd parties…” On your offers you state “I hate spam. Your email address will never be shared with anyone”, could this statement be considered misleading?

    • Aidan says:

      The privacy policy is new, whereas the statement on optin forms is old (I need to update that). The reality is that in over a decade of running an online business and collecting subscribers, we’ve never ever shared that data. The privacy policy is just a bit broader to offer greater protection. But you’re right, it’s not all aligned as well as it could be!

  27. Danielle Brown says:

    Thanks Aidan for explaining in great detail. What if a EU person purchase from your website or clicks on a ad but dont collect emails.

    • Aidan says:

      If they purchase from you, then they’ll most likely be giving you their data (for example, email address) and will likely be added to a mailing list.. so in that case you’re holding their data and I would definitely make sure you’re compliant with GDPR. Clicking on an ad on Facebook isn’t a consideration, FB takes care of GDPR requirements for that part.

  28. Ken says:

    Hi Aidan,

    Thanks for that great article, education and heads-up!

    I’ve a Shopify store and I haven’t started collecting emails yet (planning on that next to build a list). But what about those from EU that lands on my store and goes on to make a purchase … and they have to provide their personal data in the buying process – does the GDPR comes into effect for this portion?

    • Aidan says:

      Hi Ken, here’s what I replied with on a similar comment: “If they purchase from you, then they’ll most likely be giving you their data (for example, email address) and will likely be added to a mailing list.. so in that case you’re holding their data and I would definitely make sure you’re compliant with GDPR. Clicking on an ad on Facebook isn’t a consideration, FB takes care of GDPR requirements for that part.”

  29. Ronaldo says:

    Hi Aidan

    My name is Ronaldo and I wanted to ask you a question regarding online business, which might be going off topic within this blog so apologies. But I wanted to mention that I am a completely new beginner to online business and I am really interested in starting a business online mostly within Ecommerce. I have heard alot about you and you really seem to be a top expert within Internet Marketing and Online Business, and I am really interested to learn from you as a mentor or coach.

    So I wanted to find out will you be creating or releasing a new training program or course later on this year or early 2019 to do with Ecommerce for example to do with Amazon or high ticket drop shipping. Because I heard your most recent program was 7 Figure Cycle which back then I didn’t really know much about you and your training courses, since I was still doing alot research on the Internet regarding making money online.

    Also If I wanted to ask you more questions, what will be the best way to get in contact with yourself.

    Kind Regards

  30. Jean Max Constant says:

    Thanks Aidan for the clarification.
    This opens my eyes.

  31. Eugene says:

    Hello Aidan,

    Thanks for providing the software, guideline, and checklist. Although I don’t sell to EU businesses or citizens this is good information to know. Because this impacts the use of an autoresponder; can landing pages and or video usages be impacted as well?

    • Aidan says:

      Hi Eugene, landing pages will really only be affected in that you’ll need disclaimer/privacy links, and to use certain verbiage around optin boxes/buttons

  32. Julie says:

    Hi Aidan,

    I do not have a website and not selling in the EU. If someone from EU were to buy from Amazon Buy Box under my account, would this regulation affect the biz.


    • Aidan says:

      Nope, no issue there, as it’s up to Amazon to be compliant, not you (since it’s their website)

  33. Hank says:

    Excuse Me but who died and left the EU in charge of the internet. These new rules may apply to those living in the EU or those using a hosting service in the EU but I seriously doubt they would apply to countries outside the EU. They think they can fine some lone solo website owner in Thailand or Columbia? Good luck with that.Just how does the EU plan on monitoring every wed site on the internet?

    • Aidan says:

      It’s to protect the rights of people who live in the EU and use websites… I guess if you don’t like it or don’t want to comply, you could just block all EU visitors… I get where you’re coming from though. The reality is it may be hard for fines to be followed up, and I doubt they’ll go after the “small guy”.. in saying that, it’s really not hard to be compliant, so not a huge downside really.

  34. Federico says:

    Thanks for a value info it’s really important to keep every data on safe place to avoid futures fines

  35. Marguerite says:

    Thanks Aidan for such timely advice! I have 100K Factory Ultra and Revolution with your privacy pages will this do? I also have OMC and i expect we will be compliant with the new money pages. Further I have a WordPress blog site that people sign into with their email addresses only (no first names etc.,) do I have to put privacy pages on this too? Thanks for all your great products. Marguerite

    • Aidan says:

      Hi Marguerite, you’ll be getting more info as part of OMC. You’ll need to make some modifications to your 100k Factory sites to ensure they’re compliant. Register for the tool and checklist here for more info.

  36. Vini says:

    thank you for the very detailed information. I have two domain names and hosting, but nothing “live” yet. So I assume nothing to be concerned about YET.
    Also, have tried several times to download the GDPR software and checklist, but no success so far. Seems to get stuck at the 50% point.
    Any idea why….?


  37. Vini says:

    Finally, able to download the software. Thanks again for looking out for us!

  38. I am grateful to be on your email list, Aidan, as you’re only one of two lists I am on that have taken the time to prepare something as in depth, easy to read and comprehensive as this.

    Thank you for the care and attention you pay to your subscribers (and friends!)

  39. Anthony says:

    Hi Aidan, simple and spectacular information on the GDPR. Thank you
    My situation, I have a niche website that deals with “diet and nutrition” and health in general, plus I collect emails via module optin with mailchimp.

    This site is monetized with clickbank and amazon products (ie as an affiliate), in particular and aimed at a US, Canadian and Uk audience.

    I live in an EU member state, so inevitably I will have to adapt to the GDPR.
    I’m working on it, if I need help I can contact you?

  40. Lisa Benjamin Erez says:

    HI. I have added an Acceptance CHeckbox to all the forms on my site with this content “By using this form, you agree with the storage and handling of your data by this website”

    Is this enough?

    • Aidan says:

      It’s a good start, but you’ll need more, such as a message saying what folks will get, details in how to unsubscribe, etc. The best thing to do (which I’m sure you’ve done) is to register to get the checklist and tool, they’ll answer your Q in more detail.

  41. Robert Kunst says:

    Thanks for the article! It is informative.

    Signed up for the software and all I get is a PDF saying you’re running the software through final checks. When will we be able to download it?

  42. Walda Woods says:

    Aidan and Steve – thanks to you both for having our best interests at heart — again. Man, you guys are so cool. Thanks again –

  43. Ron says:

    Stuck on download, won’t move past 50%, awesome info though, just wish I could make use of the download.

  44. Laurie says:

    Hey Aidan,
    It seems others have gotten the software and checklist.
    What I received was merely a pdf stating you are still checking it out. Is this correct, or did I get into some odd loop?

  45. Greg Vasil says:

    Hi Aidan, loved the article!

    Quick Question: If my site has a Facebook Pixel installed… do i need to say or show anything?


    • Aidan says:

      Hi Greg, I’d go with a privacy policy for sure, and a cookie statement (similar to what I use here).

  46. Alex says:

    Hi Aidan,

    You said that 100 k Ultra sites need to to be modified a bit to comply. Could you tell us how and what needs to be put in there, or will the software and checklist solve that for us?


    • Aidan says:

      Hi Alex, the software and checklist will solve it.. but if you read this post from start to finish, I think it’ll become quite clear what you need to do 🙂

  47. Gerald says:

    Hi Aidan,

    If I’m selling on shopify why not just block all EU traffic/visitors and be done with it. I’m seriously thinking of doing this since I mostly get US visitors. Can Shopify Customer service help me do this?

  48. Chris Thomas says:

    Hi Aidan,

    If the cookie statement “By using this site, you accept cookies”, is no longer sufficient, do you know of any ‘simple’ workaround for this?

    Re your examples:
    MailChimp seems to have an application or plugin (beyond my technical skills to implement) and I can’t really see how HuffingtonPost is doing it other than directing users to a Yahoo website.

    And, unless I’m mistaken, your Privacy Policy on this site is simply telling users to disable cookies via their browser. Is that all that is required?

    Any further clarity on this would be most appreciated. Thanks.

    • Aidan says:

      Hey Chris, if you haven’t done so already, register for access to our tool and checklist, that’ll spell things out with examples.

  49. Kirsten Reupke says:

    Hi Aidan,
    I also see a lot of websites not disclosing their owner’s information. Especially in Europe, you need to have the company legal information on your website with who is responsible for the website’s content, how to contact etc. Interestingly, even having similar legal requirements many US websites and e-commerce stores do not provide this data.

    • Aidan says:

      Yup, who you are, what you do, why you keep info, how to contact you, etc. Majority of sites will not update this at all..

  50. Hey Aidan,
    It seems others have gotten the software.
    What I received was merely a pdf stating you are still checking it out. Is this correct, or did I get into some odd loop?

  51. Blake Stamler says:

    Not much time left, is the software really coming soon?

  52. Sab says:

    Very good article! Thanks for sharing your knowledge/research. (Maybe this site could update sign-up form GDPR compliant tho)
    Have a great day!

  53. Hooshmand says:

    Great article! Thanks Aidan for providing such informative and helpful post! I’ve signed up to get the checklist and software. However, I have not received anything yet. Could you please help me?

  54. Max says:

    Hi Aidan, I act as a consultant/expert witness for divorce solicitors – lots of personal information on the lay parties, obviously, albeit my clients are strictly the solicitors (sometimes on behalf of one party, sometimes joint). I don’t have a website or an online presence. I imagine I will typically be a data processor, but often also a controller. My professional bodies have been useless in providing proforma engagement letters or privacy notices for this kind of situation. Can you comment on who-does-what-and-with-which-and-to-whom? Or point me to where I can find useful templates for suitable privacy notices/engagement terms etc? I plan to retire quite soon, and the cost of professional advice would be disproportionate.

    • Aidan says:

      Hi Max, if you don’t have a website, then I don’t think you really need to worry… I’ve studied up a LOT on GDPR, but not on privacy requirements for other data channels… for example, if someone gives you their info over the phone, I’ve got no idea what you’d need to do or say there. Is this what you’re after? Sorry I can’t be of more help here!

  55. Thanks for this quick and easy way to handle this. I do have a question Aidan, Do you think it is necessary to add this to site of local clients, such as dentists?

    • Aidan says:

      Hi Robin, if your client is in the USA and is not targeting EU visitors at all, I would still do it, but I’d set it up so that the Cookie Notification is only shown to people who are browsing in the EU. The privacy policy is pretty standard anyway, they they’ll need one of those… so there’s no real conflict there, just update that too.

Leave a Reply

Your email address will not be published. Required fields are marked *



Get The Passive Income Cheatsheet (And Free Updates)...