GDPR Compliance for US Companies: What Website Owners Need to Know

gdpr compliance for us companies

There’s a lot of confusion about GDRPR compliance for US companies.

People are generally divided into two groups when it comes to the new regulations. The first think that GDPR doesn’t apply to them because they’re in the US. The second group is fearmongering, believing and saying that if US companies don’t comply, the EU will fine them 20 million EUR.

Start your blog today with a special OnBlastBlog discount from Bluehost. Only $2.95/mo with a free domain name and email address. You can't beat this offer!

Both groups are misinformed. The fact is that GDPR does have an impact on US-based companies. The EU won’t go after companies if they don’t comply with the laws right away.

Read on to learn the facts about GDPR and what you need to do to meet the requirements.

GDPR Summary

What is GDPR? It’s the general data protection regulation that was adopted by the European Union in April 2016.

It was enacted as a way to protect European consumers and give them control of their online data, stating that control of their data is a “fundamental right.”

At the time of the signing, there was a 2-year grace period for companies to adopt the new policies. That grace period ended on May 25, 2018.

On that date, websites need to be fully compliant with GDPR regulations.

What Exactly are GDPR Regulations?

GDPR gives privacy laws an overhaul. The biggest shifts you need to be aware of are as follows.



  • You have to be transparent as to what information you’re collecting, what it’s used for, and if that information will be shared with anyone else. The information that’s collected must be used as intended. If you use data for another purpose that’s not specified, that you need to get permission from each person.
  • How you disclose this information falls under GDPR, too. It’s not enough to have this information in a privacy policy. It needs to be written clearly in plain language.
  • EU Consumers have the right to see the information your company has about them. They can also ask for information to be corrected, export their data, or withdraw permission for data to be stored.
  • You have to prove the steps you’re taking to be compliant. Get in the habit of documenting how people opt into your lists and how that information is protected.
  • GDPR also has requirements as to how consumers data is stored and protected. If your data is hacked or breached in some way, you have to notify people within 72 hours.
  • Cookies are still handled under the ‘Cookie Law,’ but you will have to be more explicit as to what those cookies are and how they are handled.

Who does this apply to? Pretty much every website that has visitors from anywhere inside the European Union.

What if you don’t do business in Europe? That doesn’t matter. It’s whether or not European citizens can access your website and you collect data from those visitors. If they can, then GDPR compliance for US companies applies.

What if you’re a small retailer and you only do business in a small local area in the U.S.?

No, GDPR wouldn’t apply. You just need to make it clear on your site that you serve a specific geographic area. If your site is in English and you make no attempt to get business from Europe, then you’re OK.

On the other hand, if you’re an affiliate marketer and you get visitors from around the world, and you’re actively seeking their business, then GDPR applies to you.

What if you’re somewhere in the middle? Err on the side of caution and comply with the regulations. It’s always best to seek legal counsel to be 100% sure. The worst case scenario is that you spend time and effort getting compliant and you give your users a way to control their data. It can increase the trust that your users have in your business.

Some websites, like the LA Times and Chicago Tribune, chose to block European readers when the new law went into effect because they weren’t compliant.

What can you do? You can get your website up to speed and within the new regulations, or you can do what the LA Times did and block European users. If you do decide to go this route, know that it may or may not impact your SEO.

What iI You Don’t Comply?

It’s not clear if European regulators are going to be lenient early on. At the very least, it will be about two months until the first inquiries occur.

Your best bet is to get your site compliant as soon as you can if GDPR regulations apply to you.

The fines can be severe, up to 4% of global revenue or 20 million EUR.

How Can I Get My Blog Compliant?

If GDPR applies to your blog, there are ways you can get your site up to code pretty quickly. Fortunately, the WordPress community is on top of it and there are a number of plugins available to help you be GDPR compliant.

Keep in mind that this is not legal advice. For that type of information, you should consult with an attorney that’s knowledgeable in GDPR regulations.

WP GDPR Compliance: This free plugin will give you features like timestamps for data, privacy policy link, user data requests, consent and it’s compatible with WooCommerce.

GDPR: This is another free plugin that helps you manage data and add consent options for personal data and cookies.

GDPR Premium Plugin: For only $19, you have everything you need to be GDPR compliant. The great thing about this plugin is that it is integrated with Google Analytics, AdWords, Facebook, MailChimp, and WooCommerce. It’s also available in multiple languages, which means that you’re pretty well covered.

GDPR Compliance for US Companies

There are a lot of myths circulating about GDPR that have had a lot of bloggers scared to death of 20 million EUR fines.

The facts are that privacy laws are changing and it’s good practice to give your readers as much control over their data as possible. Being GDPR compliant is one way to do that.

There are plenty of plugins available that will help you achieve compliance and build trust among your readers.

For more information about blogging, check out our blog.