As regular internet users, you’ve probably been told over and over that the sites you visit are using cookies to enhance your experience. As a marketer, you likely know that it’s in response to the GDPR taking effect.
But what is GDPR and does it affect your business? Read below for our guide to GDPR in 2019.
What is GDPR?
The General Data Protection Regulation is one of the biggest data laws to come into effect in 20 years. The regulation is meant to protect the personal information and data of individuals on the internet, and create airtight consent for websites that collect information on you. Previously, there were few regulations on how businesses could share data about their site visitors. This meant that your personal information that you used on a form, could be freely shared, sold, or otherwise transmitted to other organizations without your knowing.
With GDPR in place, if an organization modifies your web experience or shares your information based on any data that they collect, they must now notify you what they are collecting, how they are sharing it, and how it may be used. GDPR replaces the 1995 data protection directive.
Is my Company affected by GDPR?
In short, yes. If your website can be visited by any user located within the European Union (“EU”), then you could be affected. Specifically those website that have an EU audience and are collecting data, whether through payments, forms, or through retargeting and Facebook pixels, you are liable for transparency in letting them know how the data will be used.
To find out if you have an audience from the EU, take a look at your Google Analytics account, and segment by location.
What type of data should be protected?
Virtually anything collected about a user or individual should be protected and how you use the data should be disclosed to a user.
Basics such as name and address may seem like information that seems safe, but under the regulations even sites requesting these items should adhere. Collecting more sensitive data such as IP address, genetic data, information about religious and political views, sexual orientation should also be disclosed ahead of time, and giving the user the option to opt out is recommended.
How do I know if I’m collecting data on my website?
Most businesses are collecting data on their users from the first click, all the way to a purchase. This data helps digital marketers make smarter choices on marketing spends, and it’s invaluable data to any business to understand how a user interacts with you online.
With that said, most websites are collecting data, even if they aren’t asking for personal information! Are you using any of the programs listed below? If so, you’re collecting data on your users.
- Google Analytics - used to track user behavior
- Facebook tracking pixel - tracks web visits from activity on the social network
- Tools such as Hotjar, Inspectlet, Kissmetrics, etc. - help digital marketers understand how their site is interpreted and used by consumers
- Forms and Newsletter signups - which collect personal data that allow you to continue speaking with a user as a business lead
How can I be GDPR Compliant?
In the recent years, there have been countless data breaches, ranging in size from small at scale to massive attacks impacting millions. These breaches have been linked to top tier organizations such as Yahoo, LinkedIn, MySpace, CitiBank and more, and have put the personal information of their users at risk for being compromised. Under GDPR, the “destruction, loss, alteration, unauthorised disclosure of, or access to" people's data has to be reported to a country's data protection regulator where it could have a detrimental impact on those who it is about.
If you’ve experienced a breach, following the correct protocol listed above is important. If you haven’t been targeted in a breach there are a few steps you can take to safeguard your company and your company’s website:
- First, make senior business leaders aware of the regulation and why it’s important to adhere.
- Determine which information collected is necessary to your business, and update your storage procedures around subject access requests, and what should happen in the event of a data breach.
- Stop collecting unnecessary data from your users, if it’s not being used. This removes some of the burden; are you asking for addresses, with no intent to mail information? Are you asking for phone numbers, when you’re trying to get them simply to answer an online questionnaire? Take a few moments to review the information you’re collecting and its purpose.
- Understand that protecting your users may mean loss of marketing resources. Think about long-term marketing goals and before eliminating data, look at what abilities you’ll lose in destroying the data.
- To continue using third-party tools, understand how those companies are using the data being collected. Reach out to your web team to understand what needs to happen so your website is compliant.
Do I need to make changes to my existing contact forms and newsletter signup forms?
Most likely, yes. First, start by updating all forms to provide clear communication on the reason for collecting the information; what can the customer expect from providing their personal data? Also, ensuring that all forms and other data collection methods are explicitly set to make the user opt-in (a pre-checked agreement is non-compliant).
It’s also important that users understand how to unsubscribe or how to contact you should they wish to have their information removed from your database. Add a note to your forms that indicate they can be removed and provide them the right way to contact you if that need arises.
What’s the penalty for non-compliance?
Since the regulation came out two years ago, the shock and awe has worn off, and compliance is being enforced more heavily. One of the biggest, and most talked about, elements of the GDPR has been the ability for regulators to fine businesses that don’t comply with it.
If an organization doesn’t process and individual’s data the correct way and take measure to protect the data, it can be fined. If there’s a security breach, the organization can be fined.
Can Speak help my website become GDPR compliant?
Our team of designers and developers have created an easy-to-use notification that can be applied to your website - the notice allows a user to accept or decline the collection of personal information. The popup can be designed to fit your brand and has proven to be a user-friendly option that protects organizations of any size. Additionally, the popup is mobile friendly, so it has your user covered no matter the device they are using.
While the ins and outs of what a compliant site looks like are different for everyone, we’re happy to help you sort through the regulations. A few valuable resources that have helped us are below. If you’re not sure how compliant your site is, but know you need to get there, we can help! Reach out to talk with our business development team, and a strategist will be happy to take a look at your website and put our best recommendations into place.