It’s now been three months since GDPR was enacted, and it’s time for a follow up since our last commentary.
Remember that period when your inbox was flooded with emails from companies cheerfully announcing that they had updated their privacy policy? Consumers were confused, corporations were panicking and many a digital consulting company had to overhaul their strategies.
ICYMI: That happened because of the European Union’s General Data Protection Regulation, commonly referred to as GDPR. The GDPR, which came into effect officially in May 2018, was implemented to give web users control over how their personal data is used and stored. The new laws impact almost every website, including those that store large volumes of data such as Google and Facebook.
Wondering just exactly what this means for the Internet? Here’s a breakdown.
General Data Protection Regulation – main changes
Transparency matters
Under the new rules, you have the right to ask companies what information about you they have on file, as well as request that they delete or correct it. This applies to any site you may have come in contact with that stores data – including social media platforms, tech monoliths, retail stores and media outlets. You now have a right to complain if you believe your data has been unlawfully collected or misused.
Organizations are also required to provide proof that they are complying with these rules. Data collection is a billion-dollar industry, so giving consumers the control to limit the way their data is used in algorithms is poised to have a significant impact.
It’s more global than you think
Though the regulations apply to users in the 28 countries of the European Union, it’s not that simple. Many corporations are choosing to make changes globally because it’s a much simpler overhaul than creating multiple systems for different demographics. Furthermore, many organizations are viewing Europe’s GDPR as an indicator of what is to be expected from other nations in the near future. As a digital consulting company that develops websites and cloud applications, Vordik takes this into account when working with organizations anywhere around the globe.
Putting the choice in users’ hands
Although this particular law has been in the works for years, it really kicked into gear after the Cambridge Analytica scandal, which saw unethical data mining contribute to both the Trump and Brexit campaigns. Under the new regulations, users now have to manually “opt-in” to have their data stored and used, as opposed to having it automatically collected and having to “opt-out” to avoid it.
Yes, digital marketing is affected
In the digital consulting & web development world, this is a question we’re increasingly being asked. While from a consumer standpoint you might be relieved by stricter data policies, as a website owner, you may be wondering how this will impact the data your own business collects.
Firstly, Google is, in fact, a data processor, so if you – or your digital consulting company – use Google Analytics, you will need to ensure your account meets the GDPR requirements. Luckily, Google has made some adjustments to make this somewhat simpler. For example, you now have the ability to delete information from individual users, should they ask you to.
A major factor of compliance is making sure the information you are collecting is a) considered relevant as per the new law and b) you are not collecting personally identifiable information and sending it to third parties (e.g. Google), even unintentionally. This can easily be audited, so it’s best to be proactive than reactive.
The good news? Even without tracking personally identifiable information, you can still use analytics to track insights. By activating IP anonymization in Google Tag Manager, you can track partial IP addresses, which will still give you some demographic information about your site visitors. Another useful tool is Piwik, a Google Analytics competitor that has always maintained data anonymity.
Your email or automated marketing might be impacted too. Most companies who have already been upfront about informing users that they’re subscribing to email lists will not be impacted negatively by the new regulations. However, it might not be a bad idea to look over your contact list and either remove your European contacts or send them an opt-in email. This is definitely a case where it’s better to be safe than sorry.
***
The GDPR was launched with good intentions, and at its core is a drive to help users understand and consent to how their personal data is used. Who could argue with that? That being said, when major policies like this roll out, it can be a time of uncertainty for both consumers and businesses. If you’re concerned about how your business can best comply with the GDPR, get in touch with the Vordik digital consulting team today.