Skip to main content
Customer acquisition

How to collect customer data legally

10 min readΒ·IntermediateΒ·8 steps

What you'll learn

  • β†’The three laws every US/EU business must follow
  • β†’Consent vs. legitimate interest
  • β†’What you must disclose in your privacy policy
  • β†’Data minimization (collect less, sleep better)

Before you start

  • β–‘A website that collects any user data
  • β–‘An attorney for the final review (this guide isn't legal advice)

This is not legal advice β€” get a lawyer for your specific situation. But here are the foundational practices every small business should follow.

The steps

  1. Step 01

    Map every data point you collect

    Email, name, IP, payment, behavior. You can't protect what you haven't inventoried.

  2. Step 02

    Collect only what you need

    Data minimization. Birthday isn't required for a newsletter. Less data = less liability.

  3. Step 03

    Get explicit, granular consent

    Separate checkboxes for marketing, newsletter, analytics. Pre-checked boxes are illegal in EU.

  4. Step 04

    Publish a clear privacy policy

    What you collect, why, with whom you share, how to delete. Plain English.

  5. Step 05

    Add a cookie banner that respects choice

    EU/UK requires opt-in for non-essential cookies. CCPA: opt-out for sale.

  6. Step 06

    Honor deletion and access requests

    Build a process to retrieve and delete a user's data within 30 days.

  7. Step 07

    Secure data appropriately

    Encrypt at rest and in transit. Don't store passwords in plaintext. Don't email spreadsheets of customer data.

  8. Step 08

    Include unsubscribe in every marketing email

    Required by CAN-SPAM, GDPR, and basic decency.

Common questions

+Does GDPR apply to US businesses?

Yes β€” if you have EU users. Geolocation doesn't help.

+Do I need a cookie banner?

If you have EU/UK users or use non-essential cookies, yes.

+What's the fine for non-compliance?

GDPR: up to 4% of global revenue. CCPA: per-violation fines.

+Can I send a cold email?

B2B is often allowed; B2C usually requires opt-in. Region-dependent.

+Where do I host my privacy policy?

Footer link, accessible from every page.

What to do next

Social Perks turns happy customers into a marketing team. Free 14-day trial. No card required.

Start free

More guides in Customer acquisition

How to get your first 100 customers (without ads) β†’

A scrappy, repeatable playbook for hitting the magic 100-customer milestone organically.

How to run a successful giveaway (without attracting freebie-hunters) β†’

The framework that grows real customers β€” not contest-hopping accounts who unfollow the next day.

How to start an affiliate program (zero to first sale) β†’

Set up tracking, commission, and recruitment in a week. No agency required.

How to launch a referral program (that customers actually use) β†’

Give-X-get-X mechanics, friction tradeoffs, and the messaging that drives 30%+ acquisition from referrals.

See all 30 how-to guides β†’

Site directory

Explore Social Perks

Sixty deep links into the parts of the site most people miss. Pick a category and start digging.

Industries

Marketing playbooks tailored to your kind of business.

Cities

Local insights for the metros we serve.

Tools

Free calculators and generators.

Guides

Step-by-step playbooks.

Compare

How Social Perks stacks up.

Resources

Everything else worth reading.

Full site map β†’Β·XML sitemapΒ·All blog postsΒ·All case studies