GDPR Considerations

  • Nov 30, 18
  • Athena Moseley

Hopefully this isn't the first time you have heard of the GDPR (General Data Protection Regulation) as it went into effect May 25, 2018. If it is, check out our high level overview here. Likely though, you may be thinking that it does not apply to you. Unfortunately, if you collect, store, or use data (and what company doesn’t?) you should be staying on top of this…even if you do not have any company locations in the EU!

Do you have a website, use a CRM, write a blog, send mass emails? If yes, hopefully you have already done your research and are compliant by now.  If not, let’s get moving!


  • First off: we are not lawyers, and this is not legal advice.
  • Second: This will not cover EVERYTHING about the GDPR…Just a few things that are easily overlooked.
  • Third: Keep in mind that the GDPR is still relatively new. It would be safe to expect a continuous update, especially in its first stages.  

What is the GDPR?

In addition to our earlier blog, here are 2 quick and easy resources to get you up to speed:

What Types of Data are we talking about?

This Includes

  • Public comments in blogs (name, email, IP Address)
  • “Contact Us” forms on webpages
  • Email Subscription Services and Email Marketing Campaign Services
  • Traffic Statistics collected for analytics


Have you remembered to update your privacy policy? 

In the early 2000’s, I had a temp-job researching various company policies on websites to help my employer put together a version of their own. That may have been okay back then, but not anymore! There are so many things that a Privacy Policy should cover and disclose that we do not recommend a DIY version. There are many reputable companies that can help you put together a professional and all encompassing Privacy Policy. Here is a blog that outlines a few of these companies.

Are you Updating Your Add-ons?

Do you use a data capturing (or data analyzing) Add-on, Widget, or Extension on your webpage? You should ensure they are updated and GDPR compliant. If you have any that are unsupported, they may be in danger of being non-compliant!

Do You Have a Way to “Forget” Individuals?

In many situations, the GDPR provides individuals with the right to be “forgotten”. Upon the individual's request to be forgotten, the company must erase their data “without undue delay”. Forgetting individuals is not as simple as deleting them from your system. What about your data back-ups and your history tracking? It would be valuable to many companies to perform an audit of their systems to determine where user data is tracked and stored for removal purposes.

Learn more about the GDPR and ensure your organization is compliant.

Need assistance with your Salesforce solution? Contact Us