4 Changes You Need to Make Now to Comply With the EU's Tough New Data Law

Opinions expressed by Entrepreneur contributors are their own.

You have probably heard about the European Union’s (EU) General Data Protection Regulation (GDPR) Rules. Even if your company isn’t based in the EU, these regulations will apply to you if you collect any information from people located in the EU.

If you are collecting information about your website visitors through a form, or even through cookies, you will need to adhere to these regulations, which go into effect on May 25, 2018. Non-compliance can subject you to fines of at least 20 million euros.

What exactly does GDPR entail, and exactly how do you stay compliant?

Related: Facebook’s Data Scandal and Europe’s New Data Privacy Rule Have Massive Implications for U.S. Entrepreneurs

This is a question nearly every business is asking right now. In this article, I will mention the key actions that we have been recommending to our clients as a content marketing agency. However, I am not a lawyer or a data privacy expert, and my input should be viewed as marketing recommendations only and not legal advice.

1. Opt-in forms.

GDPR regulations begin to apply the moment you collect any data from your visitors through a form — whether it’s to make a purchase or just download a whitepaper.

The two key principles to follow are consent and transparency. You need explicit consent for collecting data. When someone makes a purchase from your website or even downloads an ebook, you can’t just add them to your email list and send them newsletters or promotional emails without explicit consent. If you keep a checkbox asking them for permission, make sure that it’s not checked by default. That amounts to GDPR violation.

You must also explain exactly why you are collecting each piece of information, such as a phone number or an address, and how you will use that data. That’s why it’s a good idea to ask for as few data fields as possible. Avoid asking for phone numbers, addresses and other personal information, unless you absolutely need to.

Your forms should also have links to your Privacy…