Written by Gabrielle Keller
The General Data Protection Regulation, or the GDPR, is the new European Union data privacy law. It is meant to give the people more control over their personal data. It is a safety measure against companies who must now regulate the way they collect, process, and store data in a way that protects the customers. It is meant to replace the 1995 EU Data Protection Directive to improve the safety of online users data. Personal data can include but not limited to names, phone numbers, and IP addresses. If you’ve ever been on a website that mentioned its using cookies, that will be changed too.
In short, this is the regulation of the way cookies and online tracking are used. People will now have to give their consent to their personal data being stored and used.
Everything the GDPR protects:
The new law comes into effect May 25th. Most companies have already prepared for the law and changed their privacy settings already.
The law will affect any organization or company that collects or actively uses data on peoples inside the EU. No matter where the organization is based, if someone in the EU can visit the website or make a purchase from a website than that organization will be affected. Even if a company supports a business that directly works with the EU, they will have to abide by the new rules when dealing with said company.
This all includes most Fortune 500 Companies who have estimated spending about 7.8 billion simply to prepare for the new laws. Regularly used websites that are accessed around the globe, such as Google, Facebook, and Twitter, also had to prepare. They have all changed their privacy settings in preparation of the law being passed. Businesses will have a lot more work to do in regards to security.
They will have to constantly check that they don’t have someones data for too long or for no acceptable reason. If the businesses fail to comply, they can be fined up to 4% of annual global sales, or 20 million dollars, whichever is greater. Customers will also be affected by the numerous emails they will most likely receive and having to go through privacy settings once again on their favorite websites.
The GDPR was implemented to protect online users. In this day and age of data leaks, cyber hacks, and identity theft, it’s very important that online users know they are safe when surfing the web.
According to Adprofs.gov, the most important four things you can do are:
Many companies have been freaking out in regards to the new laws due to confusion. They have been sending out emails asking their customers to give consent again and doing so in some cases may be illegal as it’s a breach of privacy. The GDPR is not telling companies they need to get consent again to collect data.
If a company has already gotten consent in a way that complies with the new rules of the GDPR then it does not need to get that consent again. Consent is only one of six legal grounds to collect personal data. The other five are contract, legal obligation, vital interests, public interest, and legitimate interests. As a company, you have to decide which legal ground you want to rely on to process personal data.
Even if your company does need to rely on consent, it doesn’t mean you have to ask again if the consent you received exists within the line of the GDPR requirements. The only catch is you need to make sure the consents are properly documented. In many cases of websites their consents are not documented, they just received consent (or didn’t) and put someone on an email list. Those are the people that are most likely in trouble with these new GDPR rules. You can’t confirm if you got consent the right way if you don’t have any record of it at all.
The illegality of it comes in when “In many cases the sender will be breaching another set of regulations, the Privacy and Electronic Communications Regulations, which makes it an offense to email someone to ask them for consent to send them marketing by email.” If you do end up having to send out emails asking if you can have someone’s consent, you also need to give them an easy option to take away their consent in the email.
Recently, Theguardian.com came out with an article stating that the National Health Service was worried they would no longer be able to send alerts or warnings to their patients and have been frantically trying to get their consent. Three days later, the Guardian came out with another article explaining that the NHS was wrong to believe they had to do this. Richard Stallman, President of Free Software Foundation, and Jon Baines, Data Protection Adviser, try to explain why in the article, but don’t really explain much of anything. (Source 1 | Source 2)
The real issue with the GDPR is their lack of communication and explaining effectively to companies working with or in the EU. Companies all over have been freaking out over this while it seems it’s quite simply a way to ensure people are protected from now on.
Google Analytics: Google Analytics is Google’s popularly used traffic analytics tool. It gives insight to its customers on how their websites are doing and it gives insight into who goes on the website, how much they go on the website, and how the site is being used. With this, they can also tell you which parts of your website attract a certain demographic. This can be based on age, location, gender, and more.
The google analytics team has been pretty compliant with GDPR and they expect to be fully compliant by May 25th. They have released a Google’s EU User Consent Policy. However, it is up to the website owners to change their websites to comply with the GDPR. If you use Google Analytics are your user data processing tool, you should check out these five steps to becoming more compliant with the GDPR and Google Analytics here.
Facebook has already updated it’s privacy settings, but people aren’t particularly happy with how they show their terms and conditions. They are complying with the law, but are trying to turn you off from taking away any of your personal data. Firstly, if you don’t accept, they send you automatically to the delete your account page.
They also make it so things like sexual preference, religious views, political pages, and personal info can either be on your page and used for data and ads, or can be removed. You are not able to keep it on there and not allow them to use it. In regards to the terms and conditions page, there’s a huge accept button, and no not accept button. The only way to say no is to click a tiny button that says see your options, and that’s when you are only able to delete your facebook account.
More information on how that can affect you and your facebook business can be found here.
Woocommerce is WordPress’s most popular Ecommerce app, and something we’re all to familiar here at the greatest advertising agency of all time. And the WooThemes crew have been compliant and transparent since the news of the GDPR. In December, their website released a post about the GDPR and what you need to do as a WooCommerce Shop owner. They state that if you “sell any products to customers based in the Eu, or have EU visitors to your site, you need to make sure your site complies with GDPR.” Some may already be depending on how they were set up, but some may not.
They list several websites to help: “Code in WordPress has put together their Complete WordPress GDPR Guide.
Willow Consulting in Ireland has put together a fantastic post on compliance. Additional resources we put together:
Delete Me plugin allows users to delete their accounts.
GDPR For WordPress is a project setting up a GDPR validation framework for WordPress plugins.
Mailjet’s GDPR Journal: On The GDPR Track, Our Compliance Roadmap and FAQ.
WP Tavern is regularly sharing information about GDPR. “
Our agency has a number of custom Shopify apps out including Louis Sherry’s wholesale portal, E-Alternative Solutions impressive multi-store vapor shop and a custom subscription ordering app for Shopify’s backend.
WordPress has become fully compliant with the GDPR rules & regulations. As of the 4.9.6 update, their core software is compliant. If you have a website using wordpress, you also need to become compliant too. With this new update, there are plenty of opportunities for online users to control their data. In the comments section, there is a button allowing the website to save their name and email.
However, depending on your own particular website, there may be other things you have to do. Many WordPress Plugins have already become more GDPR compliant, but not all of them, so you need to check carefully on your plugins. Our Jacksonville advertising agency has launched thousands of wordpress sites, with support from our sister company Dark Horse Labs. We know first hand what it’s like to manage plugins and themes, and keeping them up-to-date for complaince should be its own blog entry.
Hubspot as well has changed their platform to be GDPR compliant. They listed out everything they have in full detail in regards to the rules set by the GDPR. Those topics would be “Lawful Basis of Processing, Consent, Withdrawal of Consent, Cookies, Deletion, Access/Portability, Modification, and Security Measures.” Below is the link that includes all their information on these topics.
GDPR Image Source
Cookie Image Source
Compliance Image Source
Cost of Compliance Image Source
Mark drinking water via GIPHY
Ninja via GIPHY