You would think that running social media and digital accounts for clients would have prepared us for the massive amount of email that has come in over the past month in the wake of the GDPR… but you’d be wrong. We’ve gotten quite the stack of notifications, and we’re betting you have, too. The GDPR represents a sea-change in how we collect and store data online, but there’s been such a flood of information coming out that it’s hard to keep track of it all. Here’s our quick summary of what you should know.
What is the GDPR?
The General Data Protection Regulation, or GDPR, is a regulation in EU law on data protection and privacy for all individuals within the European Union. It extends the scope of EU data protection law to all foreign companies processing data of EU residents—whether or not those companies are located in the EU.
Who does it apply to?
The GDPR applies to any business that either offers products or services to the citizens of the EU or collects personal information from citizens of the EU. Personal identifying information includes things like IP addresses, email addresses in query strings, and data inserted into forms.
What does this mean for my web presence?
While we advise you to speak to a legal representative about your company’s specific requirements under the GDPR, we recommend the following changes for all websites.
- Create/update your privacy policy and make sure it is easily accessible from the footer of the website. This privacy policy should include data on what information is being collected, who is collecting it, why it is being collected, and how it will be used. Good examples can be found here: https://www.econsultancy.com/blog/69256-gdpr-how-to-create-best-practice-privacy-notices-with-examples
- If your website collects any form data, update the form to gain consent from the user. This consent needs to be explicit and opt-in, rather than opt-out. Requirements for the GDPR require companies to prove that consent has been given, so we recommend logging this action as a Google Analytics event.
- If your website does collect any personal information, we recommend adding an opt-in cookie banner to the website that pops up upon initial load of the site and asks for consent to use cookies and tracking data. If you use a WordPress site, here are some possible options: https://wplift.com/cookie-consent-plugins
It’s also important to note that if you use Google Analytics, you may see some slight changes in the geographical data you can access, as it has been updated to better ensure personal privacy. Log into your Google Analytics and your Google Search Console platform and check the settings about storage of data to see how long Google Analytics is set to keep personal data and ensure it makes sense for your business.
For those of us who work in data analytics, things are a bit more complicated. Most of the tools that we use daily are also changing what kind of data that they display. For example, Crimson Hexagon, Sprout Social, Kissmetrics, MailChimp, and Facebook and Twitter Analytics are all changing as well. Be sure to log into your tools and see what changes are in place—and how you will have to adjust to the new regulations.
Luckily, we’re almost through the storm. After the 25th of May, the email hurricane will finally die down. Just batten down the hatches, and we’ll all get through this together.