The General Data Protection Regulation is a European law that assigns rights to an individual’s personal data.
Who can be fined? Anyone.
While the GDPR applies to the collection and processing of personal data of European Union residents, it can be enforced with some huge fines against any organization anywhere in the world that happens to touch the personal data of anyone inside the borders of the EU.
In fact, these fines can be up to 4% of your annual global turnover, or 20 million euros, whichever is greater. And the GDPR defines personal data very broadly. Much more broadly than many marketers are used to under familiar working definitions of PII or Personally Identifiable Information.
What is PII or Personally Identifiable Information
PII is not the same as personal data. And the GDPR widens the definition of personal data to include some pretty common non-PII things, like anonymous IDs and cookies.
GDPR Applies to everyone regardless of location
So no matter where you are, if you have nothing more than a website that could possibly be accessed by someone inside the European Union, or you have any modern web analytics or tracking tool installed, then the GDPR applies to you. If this comes as a bit of a shock, you’re not alone. Forester has predicted that 80% of companies will fail to comply with the GDPR in 2018. And since this has technically been the law for over two years, before the enforcement date, any grace periods or leniency is tough to justify.
- Achieve Customer Consent.
- Hire A Data Protection Officer (DPO)
- Perform A Data Protection Impact Assessment (DPIA)
- Sound The Alarm On Data Breaches.
- Respect The Right To Be Forgotten.
Need help implementing GDPR?
GDPR implementation requires that a user must be given the option to consent to any kind of tracking, this includes Google Analytics. When a user lands on your website, and before any tracking/cookies etc is activated the user must be able to click on accept.
3 Ways to implement GDPR
1-block all traffic coming from the EU
2-give all users that come from the EU the ability to turn off tracking.
3-give all users regardless of where they originate the ability to turn off tracking.
Option 3 is the best option and it just a matter of time before GDPR is a law in the US as well.
This means when a user lands on your website, no tracking should be on until that user accepts tracking. This means when a user lands on your website, Google Analytics tracking code should not be installed until the user explicitly agrees to be tracked.
What to do if a user does not accept tracking?
As of now, the plugins I have personally tested do not turn off tracking in real time, in fact, the page has to be reloaded to turn off tracking.
What Cookies are tracking you right now on this website?
The below list details the cookies used on our website.
|CloudFlare||third party||11 months||The cookie is set by CloudFare. The cookie is used to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information.|
|Cookie Law Info||persistent||1 year||Stops the pop up on the bottom of the screen once a user accepts cookies|
|Google Analytics||session||2 years||Used to distinguish users.|
|WordPress Sample Cookie||session||1 hour||A sample test cookie|