General Data Protection Regulation United StatesIf you’re not familiar with the acronym GDPR, it stands for “General Data Protection and Privacy Regulation”, and it stems from a law passed in the European Union (EU) and European Economic Area to protect the privacy of their citizens. The EU adopted GDPR in mid-2016 and it took effect on May 2018.

Just like HIPAA patient privacy rights have protection, the EU created GDPR to control how websites can use the personal information of visitors. The regulation applies whether the website is domestic (in the EU) or abroad, such as in the United States.

The main reason addiction treatment and rehab centers should care about this law is that you may find yourselves in a pickle and subject to potential lawsuits if your site doesn’t have a clear privacy policy in place for EU visitors. This policy needs to cover privacy statements that comply with GDPR.  

But don’t freak out if your facility doesn’t have one of these disclosures just yet. It’s not too late to get one added to your site that will cover your center’s heinie. 

Chances are, most people visiting your website from abroad aren’t proactively looking in your privacy policy section for GDPR disclosures, but just in case they do, PLEASE make sure you state your site’s privacy policy clearly for visitors that may be from EU.

GDPR compliant privacy policy example:

Serene Beginnings’ site offers an excellent example of a GDPR compliant policy…

“Notice to Users Outside of the United States

This Online Privacy Policy is intended to cover collection of information on our Sites from residents of the United States. If you are visiting our Sites from outside the United States, please be aware that your information may be transferred to, stored and processed in the United States where our servers are located, and our central database is operated. The data protection and laws of the United States and other countries might not be as comprehensive as those in your country. By using our services, you understand that your information may be transferred to our facilities and those third parties with whom we share it as described in this Notice.”

[credit source:

As you can see above, Serene Beginnings treatment center does a good job of warning international visitors about what their facility does with the information they collect. Their statement covers ANYONE from outside the USA. This type of disclosure satisfies GDPR and will theoretically cover any additional regions that adopt similar legislature down the road. 

Meet the Requirements With Help From Our Marketing Agency

Again, if you don’t have the proper language to address visitors to your site from outside the US, it’s not too late to get that in the queue for development and implementation into your privacy policy section. If you’re not sure what to disclose or how to write it, just give our addiction marketing agency a ring and we’ll help get you covered: 855-876-7238


Reviewed by:

Matthew Travers
Rehab Marketing Expert

Screenshot 2024 03 08 at 9.59.20 AM

Your Website is Costing You Admissions

Find out how many admissions your website SHOULD be getting through our Traffic Projection Analysis.