Missed a GDPR deadline? Worried about getting a huge fine?
Use this free and easy to use service to block all EU visitors from your website until you can figure it out.
Use this free and easy to use service to block all EU visitors from your website until you can figure it out.
How it works?
It works by including a small JS script to your web page. Depending on users' location, it will either immediately stop further page loading and redirect them to a "blocked" page explaining what happened or do nothing.Click here to see demo in action (it will load if you aren’t from EU and redirect if you are) and here to see source of the demo page. As you can see, no other scripts are executed and thus, any and all frontend tracking is prevented.
Banning all EU IPs is a radical decision. Please, read information below to really understand if that is warranted*
*Please, note that I am not a lawyer and I might have missed or misunderstood something. This is not a valid legal advice, this is my personal understanding after spending couple of hundreds of hours educating myself on the regulation and what it means in practice. I also cannot know the specifics of your business. When I say “you’ll be fine” or “you don’t have to worry” it means that, in my opinion, even if you won’t be compliant with all of the dozens or hundreds of requirements, limitations, and the ways they apply to different service types, many of which are vague and uncertain, you will at least be adhering to the most important principles and doing the most important parts. It will reduce your risks significantly and soften the blow if a fine does come.
It may not be enough, so please, consult with lawyers well versed in tech and international law, if you can afford it, or just keep following the GDPR news and pay close attention to case law as it develops. That is generally a good advice even if you are confident that you are compliant or sure that you don't have to be. Whether big or small, business or a private person, we all now have to know some international law if we create anything online. If I have missed something obvious or important - please, let me know.
It may not be enough, so please, consult with lawyers well versed in tech and international law, if you can afford it, or just keep following the GDPR news and pay close attention to case law as it develops. That is generally a good advice even if you are confident that you are compliant or sure that you don't have to be. Whether big or small, business or a private person, we all now have to know some international law if we create anything online. If I have missed something obvious or important - please, let me know.
GDPR is here! Do I still have time to comply while not cutting off my EU users?
If you operate a website that isn’t very popular and vast majority of your users aren’t from the EU - you will almost definitely be fine since regulators will have bigger fish to fry. Just keep calm, educate yourself, and do your best to comply without delaying it.Should I worry about GDPR at all?
If you have a website that has no signup, contact, or subscription forms, no comments or other user submissions enabled, has no analytics installed, uses no cookies, and you are sure that no IP addresses being logged by a server (ask your hosting provider if you are on a shared web hosting), you don’t have to worry about GDPR.I am outside of Europe, should I worry?
GDPR is not limited by EU borders. EU considers that it has a right to fine you even if you are outside EU, as long as you have EU clients. Whether they can enforce it depends solely on your government and how well its relationship with EU is. In any case, you don’t want to have a status of international criminal attached to your name, so you better treat this very seriously.I am building a new project from scratch and don’t want to deal with it
Please, do not block EU and take time to educate yourself on GDPR. Although it does include ridiculous amount of requirements and vague rules, it is based on a set of principles that are good for any business to follow and having the regulation in mind from the beginning will make it much, much easier to implement it in practice.I have a private website which I earn nothing from. Should I be compliant?
GDPR does not apply to “private or household activities”. There is a debate about whether a private website and “private activities” are the same thing, but let’s be honest - you are not likely to be the one unlucky person we’ll get this precedent tested on. Just check the GDPR news once in a while and you’ll be fine.I have a small website with a signup form. It should be easy, right?
As long as you obtain consent by showing non-pre-checked checkboxes near each data item and explain how you are using the data user enters in a signup form - yes. You just need to log when the consent was given and provide easy ways to edit, delete account and export the data associated with the account. It’s a solid week of work, but a peace of mind is worth it. If you are not ready to do this, you might want to block EU users and visitors, at least from your signup form.If you have any backups set up for that data, it gets murkier. You must be able to erase user and all their data completely on request, which means from backups too. There is a discussion whether simple deletion from the disk is enough or you must overwrite it multiple times to make sure it can’t be restored in a laboratory, but we’ll only know that once case law develops. You will only have to worry about it if someone manages to steal HDD and restore data from it, so the risk is negligent.
I operate popular or semi-popular website, engage in online marketing, display targeted ads, use “black box” AI to make decisions about users, store some sensitive data or transfer user data to other services while having not insignificant amount of EU users or visitors.
This may be the case where you should panic and cut off EU users and IP addresses until you get your compliance in order. The more EU users you have, the bigger is a potential fine and the bigger is the risk that one of them might complain about you to authorities.I operate a medium or big business and need something more serious than a generic block notice!
I am working on a more customized solution. Meanwhile, you can buy a geolocation database and set up a block yourself. Be sure to not only ban EU, but also Norway, Iceland and Liechtenstein, since they have adopted GDPR too.I don’t want to block website or certain pages on it completely. Can’t you give me some API endpoint to check if user is from EU or not to enable and disable certain features?
Working on it!I’ve read all that and it still looks like I need to ban EU users for now. :(
Full disclosure - EU visitors will be redirected to this page and shown affiliate links to a few VPN services they can use to hide their location and pretend that they are not from EU. This is how I plan to fund this free service, and you may get some of the people that don’t care about GDPR back as VPN users. By using ban EU users service you agree to the terms.
If that all sounds good and you want to continue, here’s what you should do:
<script type="text/javascript" src="https://ban-eu-users.com/block_eu.js"></script>
1. Paste this code snippet in the beginning of the <head> section of a website template or each html page you want to block.2. Make sure you don’t set any tracking cookies server side on a first visit. You are free to use analytics and tracking cookies, if you set them using front end javascript, since further execution will be blocked by the very first script on a page in case of EU visitor.
3. Make sure a webserver software you are using is not logging visitor IPs and delete existing logs if there are any. Here are the easy ways to disable them for nginx and apache. If you do not have a root access, ask your web hosting provider to check that for you.
4. If you yourself are from the EU, click here to create a cookie that will allow you to have full access to your own website.
You are all set!
Please, don’t leave us, Europeans without an access to your wonderful website or service for too long and become compliant soon :)
It is annoying and will take a significant amount of your time, but if you are not currently abusing user data, it will not limit your business in any way and will enable you to give all, not only European users many new opportunities that they are going to appreciate.