Apr 21, 2018

What you Need to Know About the GDPR

What is the GDPR?

In short, the General Data Protection Regulation (GDPR) is the European Union regulation of informing website visitors about the data you are collecting while they are using your website and how that data will be used.

The core of the GDPR revolves around being open and honest with your website visitors about what data you are collecting and what you are using that data for. The GDPR also encourages companies to only collect information that they will use. For example, if you don’t plan on using people’s birthdays to market to them or offer coupons off on their birthday etc., don’t collect that information because it is not something you need.

What Does This Mean for My Business?

If your website is accessible to any citizen of the EU, the GDPR applies to you. The GDPR was adopted on April 27, 2016 but starting on May 25, 2018 the GDPR becomes enforceable.

To ensure that you are ready here are some steps you can take:

  • Complete an audit of what information you are collecting on your website and what tools you are using to collect that information. Some examples of tracking tools on your website might include:
    • Google Analytics - because all of the data that is tracked through Google Analytics is anonymous, the GDPR will not impact Google Analytics. If you would like to read more about Google’s commitment to the GDPR and other data protection laws, you can do so here
    • Google Tag Manager
    • Hotjar
    • CallRail - no further information available at this time but it is something that they are actively working on as a company moving towards regulations
    • Facebook Pixel
    • Visual Website Optimizer
    • MailChimp
    • Constant Contact
    • Your website’s payment processor
  • Make sure your privacy policy and terms of use statements are both up to date and detail the type of data you are collecting, what it will be used for, who it will be shared with and how long you intend to keep the data.
  • Make sure you have contracts with any third-party that has access to the data you are collecting to ensure they understand their responsibilities related to that data.
  • Let your website visitors know what you are tracking immediately when they land on your site. Make sure you are also giving them the option to opt-in, change the settings of what is being tracked or opt out. It is important to note that silence, pre-ticked boxes or inactivity does not constitute consent.

An example of what IKEA has added to their website to inform visitors of cookies are being tracked

  • Review forms on your website to make sure that boxes to opt-in to newsletters, or indicate contact preferences are not automatically checked.

An example of IKEA’s request a catalog form that allows you to opt-in to inspirational emails and updates along with mobile text messages but does not have any boxes pre-ticked.

What if I Choose Not to Comply With the GDPR?

If you choose to ignore the GDPR and are collecting EU citizen’s data, fines could be as high as 20 Million Euros (about $24,752,800.00) or 4% of your global annual revenue, whichever is higher. Long term, you could also lose trust from your website visitors as data collection notifications across competitor websites becomes more common and expected.

OK, My Website is GDPR Compliant, Now What?

Let your customers know! Data protection is a huge concern for today’s customer. You’ve put a lot of work into protecting your customer’s data and becoming GDPR compliant so use it as a differentiator from your competition.

  • Add a note to your footer that you are GDPR Compliant
  • Send an email blast out to your email list letting them know about your commitment to data security
  • Add a blog post about the steps you took to become GDPR Compliant
  • Post on social media about being GDPR Compliant

To learn more about the GDPR and how it might affect your website, reach out to the team at iBec Creative or conduct some research of your own. Below are some helpful links to get you started: