Under The Hood

How we did our GDPR implementation


February 20, 2019

I’m sure many of you, like us, were caught by surprise when GDPR rolled out. In a nutshell, the EU approved a set of laws to protect user personal data, and set a deadline for 5/25/2018. By that date, any company or website serving EU customers would have to be in line with their requirements.

The most relevant requirements were:

  • Full disclosure about cookies and website tracking in place.
  • The ability to request the deletion of all your PII (personal identifyable information) from all company databases.
  • The ability to request what data had been collected and how it was being used.
  • Explicit permission to send emails or serve retargeting ads.

For many companies, including ours, this required us to re-do everything.

For example, even though we had a voluntary email subscribe on our blog, we didn’t have a record/log of the customers agreeing to receive marketing emails, so we literally had to email everyone before GDPR to ask for permission. Obviously, we lost about 90% of our leads.

We ended up using a combination of SumoMe, Typeform, Zapier and Squarespace to keep these logs. Like I said, most of our email lists we had to start from stratch.

We also used CookieBot, to announce that classic ‘This website uses cookies’ to EU visitors. Since it’s not a requirement for US customers, the message is only enabled if the IP matches the UK.

We had to re-write our ToS and Privacy Policy, but that was mostly handled by our lawyers. You can find some templates for those on the FounderHub app.