GDPR Compliance Checklist – Is Your Site Compliant?

July 27, 2018 by Cara Stellato

The recent roll-out of the General Data Protection Regulation (GDPR), out of the European Union (EU), has changed the way data was previously gathered and saved, which has meant a lot of adjustments that needed to be made across every industry. The new GDPR requirements are replacing the 1995 Data Protection Direction, which safeguards an individual’s right to privacy to collect, process, store or use any personally identifying information. This broad jurisdiction regulation globally impacts all online businesses who may encounter or collect information supplied by a European Union citizen; even if their residency is no longer within the EU.  


To prepare our clients for this event, we sent out a message detailing the steps-taken to prioritize GDPR compliance. It reads, as follows:

Lumi Agency is committed to ensuring GDPR-compliance for our agency and client partners. For this reason, any personally-identifying and behavioral user information that may be collected, processed, stored and/or used will only be done so with transparency, user consent, and resolute security standards. 

This includes but is not limited to all website forms, and any additional data or behaviors collected through social media, digital marketing, SEO/PPC tracking, and website to third-party tracking and data collection.


The 9 Step GDPR Checklist Lumi Agency is prioritizing to meet the new compliance requirements include:

  1. The improvement of processes centric to data collection, processing, storage, and usage to ensure efficiency and effectiveness.
  2. The development of a form on each client website to allow users to request to move, copy and/or remove any PII data that may have been processed by way of form-fill, download, contest and/or sweepstakes
  3. An updated privacy policy on each client website, with its own dedicated GDPR-compliance section, that will disclose the data collection services used on any Lumi Agency developed a website.
  4. The redesign of client website forms and lead capture assets to include a “Yes” or “No” drop-down option or checkbox for every single use case of data.
  5. The review and update of client data and client Google Analytics accounts to: gauge the percentage of EU users and properly, establish lead generation,  and data collection standards per GDPR-compliance guidelines, set data retention times, anonymize user IP addresses.
  6. The development of Data Protection Agreements that can be utilized with any third-party provider or subcontractor that works, or will work, with Lumi Agency.
  7. The implementation of GDPR-compliant scripts for any website using Facebook Pixel (or, any third-party pixel or remarketing tag) to notify users that data is being collected.
  8. The update and review of ALL third-party vendors, software, and tools: to include new GDPR-compliant data removal request and unsubscribe links where applicable; specifically, for third-party email lists like MailChimp and their respective third-party agreements to ensure they are GDPR-compliant
  9. Identifying and attempting contact with any EU user that may have signed up for Lumi Agency developed forms or mailing lists on client websites to ensure permission for continued correspondence beyond the GDPR-implementation date.

From a marketing perspective, this can definitely limit our ability to learn about our users, preventing us from optimizing our clients’ digital assets to the best of our ability. However, this also presents a unique opportunity to adapt, work smarter, and develop great new disruptive technology to make up for what GDPR limits.

Overall, even those these types of laws may seem like a nuisance to the businesses that have to take these measures, as a society it is nice to see steps being taken to protect users online. Our information should be something that is coveted, collected and used on an individuals terms, and these actions are the start of that.