Are you ready for GDPR – There’s Still Time

by Nik Wahlberg | May 14 2018

The chatter about GDPR compliance is getting louder. There are cookie notifications popping up all over sites we visit, but why? More and more companies are implementing required changes to be compliant with the GDPR. Is your company ready? Let’s start by answering, “What is it?” The GDPR, or General Data Protection Regulation is a regulation in EU law that regulates data collection, usage and sharing. The biggest change is how the use of cookies is considered the collection of personal information and requires updates to privacy policies and website disclosures. Nearly every site on the web uses cookies for things like website analytics, personalization, or marketing campaigns, and therefore subject to the new regulations. While adopted in 2016, the grace period for implementation ends on May 25, 2018. 

If you just thought, “My company is not headquartered in the EU, this doesn’t apply to us,” you may be incorrect. The regulation applies to ALL companies collecting, processing, or storing data of individuals who live in the EU, regardless of the location of the company. What does that mean? If you are getting traffic, or business from the EU, you do have to care and comply.

If you do have an audience from the EU, you need to determine if your site is ready for the 5/25 deadline. There are a few key elements that need to be taken into consideration and accounted for on your online properties.

First: Does your site display the necessary GDPR cookie disclaimer? The regulation requires that users must be:

  • Informed about how, and why personal information is being used.
  • They must be able to opt-in and opt-out of various types of cookies.
  • Users choices must be adhered to. If they opt-out of specific types of cookies, your site must comply with their choice.
  • Opting-in must be an active choice, not a default pre-selected action.
  • All consents and opt-ins must be recorded and documented.

There is a variety of ways this can be displayed to users when they visit your site. Our client, Binary Tree, selected this treatment to display the message, gain consent and provide access to the relevant privacy policies.

Second: Have you assessed the data you store, and updated your Privacy Policy to include GDPR elements? Your assessment and updated policy need to include:

  • Your data retention policies, including the time periods data is stored, how it is used and how data is shared.
  • You need to include a right to be forgotten policy. In this, you must address how users can contact you to request their data be removed, even after they’ve actively opted-in.
  • Third party language that include the fact that any 3rd parties who you share information with adhere to the same data usage rules that apply to your site.

Third: Are your forms updated to include more specific language about how collected information will be used after the form is submitted. You should be sure you update the disclaimer language on any lead generation forms, contact forms, email/newsletter sign ups and any form that collects the user’s personal information. Consent here must also be active, and not default opted-in to be compliant.

While the 25th is near, there is still time to comply with the GDPR regulations. If you do not have the internal bandwidth to implement the required changes fast enough, our team is here to help you configure and deploy the necessary changes to your website.

This article is only a summary of GDPR information. It is not intended as legal advice, nor does it replace the need to consult an attorney to understand how this law applies to your specific circumstances. Reading this does not replace legal advice, nor does it constitute legal recommendations.

All Insights