How to be GDPR compliant as a Squarespace user


GDPR has been confusing, baffling and overwhelming people since the deadline was announced. And yes, the deadline has been and gone, but for for those of us residing outside of the EU, you're going to be okay if you quickly make some updates to your website and business right now. Breathe in, and get to work!

How to be GDPR compliant as a Squarespace user-03.png

So first things first, what is GDPR?

In layman's terms, the GDPR laws (General Data Protection Regulation) is a new law in the EU that will be regulating how data is collected and used from people in the EU. It came into effect today, May 25th 2018, and if you happen to collect email addy's, personal data, or similar from people who are in the EU then you need to be compliant.


To know if you are affected by these laws you need to ask yourself

  • Could anyone from the EU visit my website (yes...!)

  • Do I store their date in any way? (through analytics, a newsletter, or sales of products or services)

The new laws being put into affect simply require us to be very clear about what data we collect from people, and what we do with it. So if you have a newsletter, or sell products or services to anyone online, then you will be receiving a certain amount of data about those people, and you need to be very clear with them what you do with the data and when/ how you will be contacting them via email.

If you have zero people sharing their data or buying from you in the EU then this law will not affect you, but double check your analytics to find out where people are visiting your website from to be sure of this first!



The main thing that's changing is how online marketing functions in regards to opt-in's or lead magnets. If you don't use any of these and are unsure as to what they are, they are essentially a free resource that someone gets emailed to them. The idea is that you offer your freebie and in return someone gives you their email address, which you can then add to your mailing list and email them about other things to sell your products and services to them. 

Well, that's no longer allowed with the new GDPR rules. 

From now on you can only email those people if they have received your freebie AND consented to receive emails from you. And this is where the transparency piece comes in; consent must be given by someone saying yes to emails, whether that's with a double opt in email that confirms their subscription, or with a check-box that says yes, please email me. 



If you've determined that you have some users in the EU, then it's best to make these changes now and start being very transparent about the information you take from people who visit your website or sign up for your mailing list. Here are some basics that you can change on your Squarespace website to make sure you're compliant with the new GDPR law:


1. Create a Terms and Conditions page that includes a Privacy Policy.

This should include information the explains what you do with their information when they purchase through you, and should also link or explain what happens to their information when they use your third-party payment system (like Stripe or PayPal). For ours, we used a template from The Contract Shop, a company we're proud to be affiliates for!


2. Ensure your newsletter or checkout options have double-opt ins for emails:

If you sell products, services, programs, or similar on your website

Go to Settings > Checkout > Select a Mailing List

Tick the box that says "Require double opt-in after subscribing" to be sure that everyone (regardless of where they live) gets the option.


If you have a newsletter or mailing list:

Promotional Pop-Ups

Go to Settings > Marketing > Promotional Pop-Up

Tick the box that says "Require double opt-in after subscribing" to be sure that everyone (regardless of where they live) gets the option.


Newsletter Blocks:

Find the newsletter block(s) you need to edit and click "Edit"

With all email marketing, the updates you'll need to make most is being transparent. So in here change any information you need to in order to clearly state when you'd be emailing someone and why. Be very clear and link to your Privacy Policy too! Most of these changes can be done in the Description box or the Disclaimer that goes underneath it. We do also suggest ensuring the double-opt in is ticked and that your emails include a welcome email or something else that gives subscribers an easy way to confirm that they want emails, and to unsubscribe if they change their mind.


3. Consider adding a Cookies Banner

A Cookies Banner gives visitors the option to choose whether or not they want their information shared via cookies. When a visitor clicks the "continue" button, your website can then collect information about the visitors activity on the website (and more!) Here's some more info on Squarespace cookies.

To add a Cookie Banner on your Squarespace website

Go to Settings > Cookies & Visitor Data

Tick the box that says "Enable Cookie Banner and add in your own custom message. If you also need to prevent Squarespace from sending analytics cookies to visitors until they've clicked Continue (suggested for GDPR compliance) then you also need to tick the "Disable Squarespace Analytics" option.


If you use MailChimp (or something similar) for sending emails you will have options in there for being compliant too, and in the settings panel of each list you can choose to make your list GDPR compliant. 

Our suggestion is that you email your list (if you have one) and let them know the updates you're making and where they can find more information from you, where your privacy policy is, and where they update their info with you or unsubscribe. 


From there you've got a lot more bases covered than you had before, and you'll have to consider your email marketing tactics a lot more and stop sending people emails if they sign up for a free resource with you, if they are in the EU. If you're unsure, it's best to apply these rules to everyone. Better safe than sorry!


[This post does not constitute legal advice in any way, but is intended as a guide based on our learnings, experience, and the updates we've made to our Squarespace website to be compliant. Best to check with your own lawyer to be sure that you are complaint.]

P.S to give credit where credit's due, we found this blog in particular very helpful and you might too.