You're not allowed to do that!

What is all this racket about privacy and GPDR? It’s actually very important to pay attention, it may apply to you and your business. In this article, you will learn about what GPDR is and what you need to do to make sure that you’re in compliance!

GPDR

gpdrphonewithpadlockHave you been bombarded with GDPR and Privacy Policy emails yet?

GDPR is the General Data Protection Regulation passed in the European Union. It regulates a very controversial issue – who owns the data created by a users’ interactions online. Since GPDR has started, it’s users who now hold ownership, not companies that collect it. Thus, users can now request to see the personal data companies collect about them and ask for its correction or export. As a company, if you don’t comply with the regulations, you are subject to very severe fines (up to €20 ($22.6) million or 4% of the company’s worldwide annual revenue of the prior financial year, whichever is higher.

This regulation affects EU companies and customers. However, companies in the USA should also comply with GDPR. Read this article on Who Must Comply. As a result, Google decided to introduce changes to its Analytics. Now all personal user data expires after 26 months since it was collected. Such data includes demographic and affinity data (earlier kept perpetually) and doesn’t include sessions and goal completions. However, each site owner can change this data collection default period. Alternatively, it’s now an option to delete the data of individual users upon their request.

Action plan:

If you don’t have any European customers:

  • You can use the “do not automatically expire” option in Google Analytics. Beware, this is how Google shifts the user data protection responsibility onto you. Additionally, these user data control efforts may start to extend outside the EU before too long.

If you have European customers or may in the future:

  • Review all the sources collecting user data on your site. This review could include plugins, themes, scripts.
  • Review & Update the Privacy policy on your website to include GDPR requirements
  • Create or Update your cookie consent method. Whether it’s in a pop-up or a notification bar, the user needs to accept the policy before they do anything on your website. It should have the following content: what information you collect, why you do it, where you store it, affirm the info’s protected. To read more visit GPDREU.ORG
  • If you use Google Tag Manager, activate IP anonymization. Read More about Google Tag Manager Compliance Here.

Contact Us

Proudly Sponsored by The Valley List – Get Listed