Facebook Pixel

GDPR Compliance: What is It and Should I Be Worried About It?

Posted on by
GDPR compliance header image: keyboard and coffee

GDPR HERO IMAGE

GDPR compliance can be confusing, but Tuna Traffic is here to help you through it

Unless you haven’t been reading your emails for the past couple months, you’ve probably heard something about GDPR compliance. You’ve at least noticed that basically every website you use is updating their privacy policies. So, what is the GDPR? Should you be worried about anything? And what steps should you take before the fast-approaching May 25 deadline? Tuna Traffic has been digging into this regulation, and here’s what we know:

What is the GDPR?

The GDPR stands for the “General Data Protection Regulation.” It’s a regulation in the European Union that will take effect on May 25, 2018. While data protection in the EU has always existed, this is a wider-reaching regulation that could affect any websites that track any visitor behavior from people in the EU, even if they are not in that website’s target market. The biggest changes include: more steps required for consent, individuals being able to more easily access their data, and individuals having the right to ask for their data to be deleted (“right to be forgotten”).

What should you be worried about?

EU Visitors

The regulation mostly applies to people in the EU. However, if even one visitor from the EU comes to your site, they have rights to data protection and can make requests to access or delete their data, and you would need to comply. These are both user rights covered in the GDPR. It’s less likely to happen if you’re not marketing your products or services to the EU, but it’s still a possibility.

Penalties

Organizations will have time to put data together for people who request it and will have time to delete the data. However, failure to comply or ignoring the regulations altogether can result in very hefty fines, up to 20 million euro. Pretending the regulation doesn’t exist isn’t an option.

Updated Privacy Language

One of the biggest changes any website needs to make is an update to its privacy language. There are privacy policy generation tools (like iubenda and termsfeed) that will automatically update the language that EU visitors see with one click. There are also lots of guides floating around the internet from different sources and how they are interpreting what needs to go in compliant privacy policies. While all of these serve as good starts, they are not a substitute for legal advice.

What steps should you be taking?

Take stock of all the tracking tools you use

Make a list of anything that you use to track user data. User data can include anything from an IP, a cookie that tracks their behavior on your site, name, email, basically anything that could be used as identifying information. Some of the tools you might have on your list include:

  • Google Analytics
  • HotJar
  • Mailchimp
  • Facebook Pixel
  • Google Tag Manager
  • Gravity Forms (or any form plugin)

Make sure they are all GDPR compliant

Go to the sites of the vendors to look at their privacy policy, see if they have any recent blogs or posts about GDPR compliance, or even search for the name of the company (example: “Facebook GDPR”) to see what they have said about their own compliance.

Update your privacy policy language

Use a free GDPR-compliant privacy policy template as a guide), or a tool like iubenda or termsfeed to update your language. Also, consult with a legal resource to ensure you have what you need to be compliant.

Use readiness checklists to prepare

The Information Commissioner’s Office in the UK has a wide array of resources to help organizations prepare for GDPR compliance, but they aren’t the only website with checklists. Here are some other checklists you can use to evaluate your preparedness:

Consult legal authorities

We probably sound like a broken record, but no matter how many resources you use to prepare for GDPR compliance, nothing takes the place of legal advice. Consult your legal team, or a lawyer who specializes in regulatory compliance, to ensure you’ve checked every box.

What is Tuna Traffic doing to prepare?

In the last couple weeks, we have been auditing all of our clients to assess their level of GDPR compliance. We have been documenting all tools used for tracking on their websites, in addition to email services and forms. We have been ensuring those tools are GDPR-compliant. Tuna is then updating privacy policies to include the new language that EU visitors are supposed to see.

Tuna has used two tools in particular to capture the vast majority of these trackers and ensure compliant language: Ghostery and iubenda. Ghostery is a tool that will identify the trackers running on any given website. It’s our jumping-off point for creating a list for each client. Iubenda is an Italian privacy policy generator that has had massive updates in the past few months. Iubenda is working to ensure companies can add GDPR-compliant language, cookie policies, and cookie solutions to their websites with the click of a button.

We believe we have a good understanding of GDPR and what will be required of our clients. However, Tuna Traffic is not a legal firm. We recommend that all of our clients consult with their own legal teams to ensure that they are fully complying with these new regulations. Still, we consider it our responsibility to get our clients as prepared as possible for the upcoming changes that will take effect on May 25.

We’re not sure what will come out as a result of the GDPR in the USA, but Tuna Traffic is taking steps to get prepared. What are you doing to prepare yourself for the regulations? What resources have you found helpful? Share in the comments!