What’s GDPR and what does it mean for your website?
It’s been in the news, and you’ve likely been getting notifications from your favorite websites about accepting or acknowledging new privacy policies. GDPR has seemingly sent a bolt of changes across the web, but what exactly is it? Not to be confused with the common economics term GDP (Gross Domestic Product), which I won’t get into in this article, GDPR stands for ‘General Data Protection Regulation’ which was enacted by the EU effective May 25th, 2018. The new GDPR replaces the old Data Protection Act which has been in effect since 1998.
See, back in 1998 (and 2003 when it was revised), the European government enacted policies to protect users’ information online. However, back then, social media wasn’t really a normal thing. The act of sharing much information beyond your name, email, and address wasn’t common practice. These days, that’s definitely changed. As we’ve seen with the debacle surrounding Facebook’s invasion of user’s privacy, the internet’s gathering of information, from interests, social stances, and political leanings for individuals has gotten to a point where new policies had to be put into place. Companies have a ton of information about us, just look at what information Google and Facebook collect. Drafted in 2016, these new regulations are aimed at making online businesses more accountable for the information they gather from their businesses – for the sake of all us internet users.
These new protections are causing some ruckus for online businesses and ad platforms as they scramble to comply with the new regulations. Some of the new requirements introduced include 1) organizations much have clear consent to collect a user’s data, 2) the user must be notified within 72 hours if there has been a serious data breach, 3) the user must be able to see all data collected by websites free of charge, 4) the data collected must be deleted if requested by the user, 5) the EU privacy law applies to all companies that process data for people in the EU, regardless of whether the company is based.
Overall, these new laws are applying to businesses that service any of the 28 member states of the EU. So what does this mean for you? Well, if you only do business with customers residing in the USA, likely not much at all. Many of the popular websites and social media platforms do business globally, hence their new prompts requesting your consent for any data gathering. If you do happen to do business with residents of the EU, it’s time you start looking to see how to become compliant. While there’s several guides online, here’s a quick checklist we found useful to reference.
It’s still too soon to see how GDPR will really affect the way business work online. It’s been causing confusion and struggle for large companies to figure out how to be ‘compliant’, but it does not appear to be damaging the small websites of the world. From an advertiser’s perspective, there has been early signs of changes in the digital ad buying landscape. For example, Google (parent company Alphabet) has seen an increase in advertising since the introduction of GDPR, due to their networks becoming complaint faster than smaller networks that are struggling to adapt.
Time will tell how these new restrictions will affect marketing in general. For now, be wary of how you gather data, and make sure you’re up to date on regulations and security requirements. What are your thoughts on the new laws?