Under The Hood

How we did our GDPR implementation

Caya

February 20, 2019

I’m sure many of you, like us, were caught by surprise when GDPR rolled out. In a nutshell, the EU approved a set of laws to protect user personal data, and set a deadline for 5/25/2018. By that date, any company or website serving EU customers would have to be in line with their requirements.

The most relevant requirements were:

  • Full disclosure about cookies and website tracking in place.
  • The ability to request the deletion of all your PII (personal identifyable information) from all company databases.
  • The ability to request what data had been collected and how it was being used.
  • Explicit permission to send emails or serve retargeting ads.


For many companies, including ours, this required us to re-do everything.

For example, even though we had a voluntary email subscribe on our blog, we didn’t have a record/log of the customers agreeing to receive marketing emails, so we literally had to email everyone before GDPR to ask for permission. Obviously, we lost about 90% of our leads.

We ended up using a combination of SumoMe, Typeform, Zapier and Squarespace to keep these logs. Like I said, most of our email lists we had to start from stratch.

We also used CookieBot, to announce that classic ‘This website uses cookies’ to EU visitors. Since it’s not a requirement for US customers, the message is only enabled if the IP matches the UK.

We had to re-write our ToS and Privacy Policy, but that was mostly handled by our lawyers. You can find some templates for those on the FounderHub app.

LEARN MORE

How we did our GDPR implementation

Feb 10, 2019
Caya
More from Our Blog
See All Posts