Over the last few months, there was a revolutionary change in how you collect data on the web. On May 25, 2018, the European Union started enforcing the new GDPR regulations.
The General Data Protection Rule (GDPR) now penalizes companies that do not ethically use data. The new rule places restrictions on how you collect data, what information to share with customers, and when you need to delete the data.
Companies that ignore the GDPR rules could receive a 4% penalty on all global revenue. To be clear, the fines use gross income; not net revenue.
For example, Amazon had gross revenues of $178 billion last year, yet a slim profit of $3 billion. The new GDPR rules state Amazon could receive a fine of up to $7.12 billion for any missteps; one mistake makes the business unprofitable that year. It is a bit excessive, but these are the protections consumers want moving forward.
Amazon is not the only company concerned about the new regulations; the European Union hefty fines terrify many of the major technology companies.
How does the GDPR work?
The General Data Protection Regulation holds two parties responsible for the data. The first party is the data owner/collector (your company) and the second is the processor. Common processors include companies like Google, Facebook, and WordPress.
The processor helps you collect the data. The EU reasoned this makes them responsible for data collection and management integrity.
GDPR is different because the processors are as responsible for the data as the data collectors. The GDPR makes sure both parties notify the authorities of data breaches and protecting consumer access to their data.
The law also ensures companies take reasonable steps to protect their users and customers data. One highlight is not requiring specific data that does not pertain to the transaction. For example, gaming apps do not need to know all a user’s Facebook friends to operate.
How can you comply with the GDPR laws?
Advertising platforms made giant leaps over the past decade utilizing audience data to improve their response rates.
Facebook leads the charge by giving advertisers more data to find the right prospect with the right product or service. The social network is a fountain of data to help you target the highest value prospects for your business.
However, the Cambridge Analytica data breaches forced the social network to update their consumer protections. These protections reduced the flow of data for advertisers.
Facebook started by shuttering partner categories. Most companies did not even know what partner categories were before they closed even though advertisers used the tool for years to improve their ad targeting.
Data partners helped advertisers target groups like new moms, homeowners, or loyal brand customers.
The partner data improved the ad quality but led to some thorny privacy issues, which is why Facebook shuttered the program.
Advertisers now need to collect more of their data because processors like Facebook and Google do not want a 4% penalty.
Google Analytics provides a wealth of data on how visitors to your website behave. The challenge is the GDPR now requires you to give users access to the information you collect from Google Analytics platforms.
Google now gives you the ability to decide how long you keep your information. The search giant also has software to help you delete user/client information from your website. It reduces the burden on sharing data between sites and Google.
Furthermore, stop including personally identifiable information (PII) in your analytics. PII was already against their terms of service, but the new laws make Google enforce this more actively.
#3. Content management platforms
52% of websites use a content management system to operate their site. Unlike in the early days of the internet, you do not need to have technical skills to run a website if you use a platform such as WordPress, Joomla, or Drupal.
Platforms like WordPress already developed tools to help you stay in compliance with GDPR laws.
For example, WordPress new privacy page explains the information you track and how users can request their data.
When users then ask for information or request the website deletes it, WordPress added an export and erase personal data tool to help you do this.
WordPress developers plugins also add cookie reminders and other privacy components to your site. Plugins like WP – GDPR and the Cookie Law/GDPR Info keep your email and data collection in line with current laws.
Whether you use WooCommerce or Shopify, it is essential to know how to handle your client data. Shopify took an active role in this process. They created a guide to understand what steps you to take to protect yourself, and then also send or delete information per user requests.
Shopify even put protections in their platform. They want to make sure you cannot erase contacts with pending orders or those who purchased an item within the last 180 days.
Some users could game the new laws to claim they never made a purchase. When they ask the credit card company to reverse the charges after they received the product, no evidence of their deceit would be available. These restrictions prevent this fraud.
#5. Email marketing
Email marketing automation services must collect and manage contact lists within the confines of GDPR laws.
For example, HubSpot added tools to their platform to help you manage your contacts.
The tools help you stay in compliance during the sign-up process and abide by the privacy laws in the new regulations.
Is your digital marketing strategy GDPR-ready?
With any new law, it is hard to understand everything you need to do to stay in compliance. We should get a stronger picture of what pitfalls to avoid and how to remain compliant while collecting data in the weeks and months to come.
If you have any questions about how the GDPR affects your company, feel free to leave a comment below.