DISCLAIMER: All data and information provided in this blog post is for informational purposes only. Evolve Creative Group makes no representations as to the accuracy, completeness, currency, suitability or validity of any information contained herein. We recommend consulting with a legal professional for any legal advice pertaining to GDPR compliance.
Like many of you, we’ve recently seen notifications about companies updating their privacy policies and informing users of how data they collect is stored and used. This is because of the GDPR (General Data Protection Regulation) that went into effect on May 25, 2018. So what exactly is GDPR and what does this data regulation mean for your website? Learn more below about what is required under GDPR law.
What is GDPR?
The GDPR is a legal framework created to set guidelines for the collection and processing of users’ personal information and how it’s collected, stored and used. Under the GDPR, there are strict requirements for companies that collect and/or store the personal data of individuals who live in the EU (European Union).
What Is Required Under GDPR?
Under GDPR, personal data is defined as any information that can be used to identify someone, directly or indirectly. Examples of personal data include IP address, cookies, location data, name and email address. The GDPR may require significant changes in how a company discloses and obtains consent to collect and/or store personal data.
If you’re collecting any personal data from an EU resident, or a citizen of any country who is living in or visiting a country in the EU, you must have explicit consent, which means that consent should be:
- Specific and informed. Make sure people are aware of what you’re collecting, how it’s being used and with whom it may be shared
- Unambiguous. Keep the explanation simple. Don’t use overcomplicated legal jargon that’s hard to understand
- Voluntary. Have the user take affirmative action or give them the option to opt out.
To meet GDPR Standards, you must:
- Require a positive opt-in from the user (no pre-ticked boxes or inaction).
- Explain how the user can withdraw their consent.
- Provide a clear statement of consent, using plain language that’s easy to understand.
- Have this statement of consent be separate from other terms and conditions.
- Name any third-parties that will rely on the consent.
- Not make consent a precondition of service.
- Explain why you are requesting the data and what you will and won’t do with the data.
What Does This Mean for My Website?
Although the GDPR applies only to those located in the EU currently, the U.S. is already seeing a push for this type of data protection. Plus, it’s always better to be safe than sorry when protecting website users.
Here’s What Evolve Recommends:
- Adjust the Settings in Your AdWords Account. Consider excluding remarketing ads from audiences in AdWords that are located in the EU. Even if a U.S. citizen is visiting a country in the EU and visits your website, they are protected under the EU.
- Update Forms. Any forms on your website that require explicit consent will need to include a check box for the user to opt-in. None of these check boxes may be pre-checked.
Keep in mind that standard aggregated Google Analytics reporting is not affected. The user and event data managed by this setting is needed only when you use certain advanced features, like applying custom segments to reports or creating unusual custom reports.
Effective immediately, organizations that do not comply with GDPR’s requirements could face large fines (up to 4% of a company’s annual global turnover or €20 million.) The fines will vary based on the severity of the infraction.
With the seemingly endless changes in the web design and digital marketing world, it’s important to stay on top of the latest policies and regulations. Contact our experienced digital marketing team for more information on GDPR regulations and potential changes for your website, or check out the additional resource links below.