Is my website compliant with GDPR requirements?

Yes. If you sell to people in the European Union, the GDPR applies to you. It doesn’t matter where your business is based. Under Article 3, the law extends beyond Europe to cover any company that offers products or services to EU residents or tracks their behavior online. So if you accept orders from the EU, you're legally required to follow GDPR rules. The GDPR lays out key principles in Article 5. In simple terms: • You must have a lawful basis before collecting personal data (lawfulness). • Data must be collected and used fairly and transparently (fairness and transparency). • Only gather the minimum data necessary and for clear, legitimate purposes (purpose limitation and data minimisation). • Keep personal data accurate and update or correct it when needed (accuracy). • Don’t keep data longer than required for the stated purpose (storage limitation). • Protect data with appropriate technical and organizational safeguards (integrity and confidentiality). • Be able to show regulators that you comply with all of these rules (accountability). You also need to be able to prove you're doing all this if a regulator asks. When Are You Allowed to Use Customer Data? For things like shipping an order or taking payment, you’re covered by what's called the “contract” basis under Article 6(1)(b). You need info like names, addresses, and payment details to complete a sale. That’s allowed. For email marketing, things are stricter. Consent is usually required. That means a clear opt-in, like an unchecked box the customer has to actively click. Some EU countries allow limited “soft opt-in” for existing customers, but the rules vary by country. If you’re unsure, it’s safest to get clear consent before emailing EU customers with promotions. What Rights Do Customers Have Over Their Data? Articles 15–21 give EU customers a lot of control. They can: • Ask what data you have on them • Correct wrong info • Ask you to delete their data (in certain cases) • Tell you to stop using it • Opt out of marketing • Ask you to send their data to another company You need systems in place to respond to these requests quickly and efficiently. What About Cookies? The EU’s top court (in the Planet49 case) made it clear: you can’t assume consent for tracking cookies. That means: • No pre-checked boxes • No vague “we use cookies” banners • You must let users actively choose which types of cookies to allow • You need to record and prove that consent was given Your cookie banner should be easy to use and offer equal choices for accepting or rejecting cookies. How to Keep Customer Data Secure You’re expected to take technical and organizational steps to protect people’s personal data. That includes things like: • Using SSL/TLS encryption • Restricting access to databases • Having solid contracts with vendors who handle customer data If there’s a data breach, Article 33 says you must tell the relevant EU authority within 72 hours if the breach could put someone’s rights at risk. If it’s a serious risk to individuals, Article 34 says you also need to inform the affected customers. What If You Use Outside Vendors? If you work with third parties such as payment processors, email services, or cloud providers, you’re responsible for what they do with customer data. The GDPR requires you to sign Data Processing Agreements (DPAs) with them. These agreements must cover: • How they protect the data • Their legal obligations • How they’ll help you stay compliant You can’t skip this part. It’s not optional. Do You Need an EU Representative? If you regularly sell to EU customers, the answer is yes. Article 27 requires most non-EU businesses to appoint an official representative inside the EU. This rep acts as your point of contact for EU regulators and customers. You only get an exemption if: • You rarely process EU data • It’s low-risk • It doesn’t involve sensitive data But if you're actively targeting or shipping to EU customers, that exemption likely won’t apply. What Happens If You Don’t Comply? Regulators can fine you up to €20 million or 4% of your global annual revenue, whichever is higher. That said, small businesses aren’t usually hit with huge fines right away. Most EU regulators aim to help companies comply, especially if you’re clearly making an effort. But ignoring GDPR isn’t a good strategy. Being able to show you’ve taken real steps toward compliance is your best protection. Attorneys on Contracts Counsel are ready to help with GDPR compliance, including privacy policies, vendor contracts, and other legal obligations tailored to your business needs.

You can submit the project on Contracts Counsel for lawyers to bid on.

I would need a lot more info to answer this question.. is she directing how you do your job? Is there a contractor agreement in place? Just having you sign a contract is not illegal, however.

Yes. Many businesses choose to incorporate in Delaware because Delaware has favorable laws to business entities as well as a detailed history of how cases will by decided by their courts. For this reason Delaware is a good option to consider for incorporation. You can then register with the State of Florida as a foreign corporation doing business in Florida.

Without seeing the contract, there is no way of knowing.