GDPR Compliance: Does it Matter?

GDPR, the EU’s General Data Protection Regulation, came into force on May 25th of this year. Updating an earlier directive, its purpose is to enforce protection for all who reside in the EU/EEA from unwanted use of their data and/or breaches of privacy.

In today’s world, data plays a role in almost every aspect of our daily lives, from shopping and banking to news consumption. But just as this part of our lives has exponentially increased, so has the question of who should or should not have access to this information.

For what purposes should such knowledge be used?

But what if your business isn’t in Europe, but based elsewhere? What if your business is small – does any of this really impact you? The short answer is: yes, it can, if you have site users/visitors in regions that fall under GDPR protection.  Being compliant with GDPR may not have been something you’ve considered – and it may not apply to you. But if it does, it’s important to avoid misinformation and feel confident in your company’s approach.

Q: I read that if I’m a small company, GDPR doesn’t apply to me. Is this true?

This is not the case. There has been a great deal of misinformation about this, perhaps due to Article 30, which makes a distinction between companies with more or less than 250 employees.  However this isn’t about smaller companies not HAVING to comply, but rather the level of detail that must be applied to how your data is stored to achieve compliance. In short, company size matters in terms of what is kept on your users, how it is stored, and for how long, etc. While there is some measure of flexibility for those whose EU interactions are minimal, it is important to be aware of the specifics and review them with the appropriate counsel to see where you may fall on this spectrum.

More here: Article 30

Q: If I don’t use ads on my site, do I still need to worry about GDPR regulations for my visitors?

If you have visitors from EU or EEA countries, then yes.   GDPR isn’t aimed specifically at advertising, but rather all cookies used that impact your users in terms of data collection or storage.  Advertising may rely heavily on these, but ANY cookies used for EU/EEA visitors technically falls under this umbrella. If you run a website with logins for users, then you’re using cookies. If you’re a retailer, your shopping cart uses cookies, and so on.  GDPR compliance means informing your EU/EEA visitors in a clear and concise manner about your cookie use – what you keep, and why – and giving those visitors a choice in how that data (or even what data) is used/stored.

Even if you’re a smaller brand there are numerous online resources, many of which are free or open source, out there to help navigate these questions and more, so it’s worth looking before buying. The links below are just to get you started.

Cookie Choices – An excellent place to start, it includes everything from suggested text for publisher’s use, and links to open source tools and scripts to help with compliance.

“7 Steps for Businesses” – This EU Commission document aims to simplify compliance for those businesses whose primary purpose is not “data centric” – such as retailers or service providers.


More about Kristin: Kristin Nousu is Director of Ad Operations for With 22 years of experience in ad operations, she has a particular interest in creating adserving strategies/taxonomies for publishers, and programmatic adserving.



Niche Media has the best events, education, and training in media! Our super niched-out events & content give target-audience publishers in the B2C, hobbyist, B2B, city & regional, and association markets the tools they need to build revenue, audience, and more.