New GDPR Law
(General Data Protection Regulation)
Are you wondering if future GDPR legislation will have any impact on how you collect customer data?
We have to warn you, it will certainly have.
This is the most rigorous data privacy law ever introduced. It will affect all businesses dealing with customers within the European Union, not only the EU-based companies. This law is scheduled to enter into force on May 25, 2018. If you want to avoid large fines (in some cases up to 4% of your company's annual turnover or 20 million euros, whichever is big!), It's time to adapt your data processing policy to EU requirements.
What are personal data?
Any information relating to an identified or identifiable individual. An identifiable individual is one that can be identified, directly or indirectly, particularly by reference to an identifier, such as a name, an identification number or a location.
GDPR treats online identification and location data as personal data, so they require that they be protected in the same way as other identifiers, such as information about a person's genetic, economic or psychological identity. Cookies are included in the field of online identifiers as well!
GDPR affirms that all cookies may be considered personal data if there is the potential to use them to identify a person.
Basics GDPR rules:
A person must receive accurate information about all relevant aspects such as the type of data to be collected or processed and for what purpose. The agreement is necessary for the processing of particularly sensitive data.
The right to be forgotten
All subjects have the right to withdraw their data from a database upon request.
Violation of the law may result in fines up to 20 million euros.
If you break the law
The data operator must inform users within 72 hours of data breach or hacking.
Companies can not collect data from children under 16 without verifiable parental consent.
Data Protection Officer
If a company manages a large amount of sensitive data, it will be required to appoint a data protection officer.
The request must be easy to understand
The application for user approval for data processing must be made in an easily, accessible and written form, simple language.
From now on, you will need the users' contribution.
Once the new law enters into force, you will need to provide users with a clear, informative and unambiguous indication through which they can express their consent to the processing of personal data.
In GDPR, there are many clues as to what best practices should look like when looking at web analytics. We will try to summarize them for you and present them as steps you can follow to prepare your web analytics for future legislation:
Your visitors should be able to give up at any time
Even after you have obtained valid visitor approval, you must provide an easy way to change their mind. It should be as easy to withdraw the consent as it is to give it. The person concerned has the right to withdraw his / her consent at any time. This does not affect the lawfulness of the processing on the basis of consent prior to its withdrawal. Before making a contribution, the data subject must be informed of this.
What you need to know now is that the decision on how you want to apply these rules and respond to your users' requests depends on you. But it goes without saying that the best web analytics service provider should assist in fulfilling the obligations that will impose GDPR.
How to Find out if your business partner has an ear on the spot and is properly prepared for future legislation?
We advise you to contact your web analytics distributor and check how they will address this issue. If they can not answer your questions, it's time to think about finding another solution
It's time to act now!