GDPR compliance can be confusing, but Tuna Traffic is here to help you through it
Unless you haven’t been reading your emails for the past couple months, you’ve probably heard something about GDPR compliance. You’ve at least noticed that basically every website you use is updating their privacy policies. So, what is the GDPR? Should you be worried about anything? And what steps should you take before the fast-approaching May 25 deadline? Tuna Traffic has been digging into this regulation, and here’s what we know:
What is the GDPR?
The GDPR stands for the “General Data Protection Regulation.” It’s a regulation in the European Union that will take effect on May 25, 2018. While data protection in the EU has always existed, this is a wider-reaching regulation that could affect any websites that track any visitor behavior from people in the EU, even if they are not in that website’s target market. The biggest changes include: more steps required for consent, individuals being able to more easily access their data, and individuals having the right to ask for their data to be deleted (“right to be forgotten”).
What should you be worried about?
The regulation mostly applies to people in the EU. However, if even one visitor from the EU comes to your site, they have rights to data protection and can make requests to access or delete their data, and you would need to comply. These are both user rights covered in the GDPR. It’s less likely to happen if you’re not marketing your products or services to the EU, but it’s still a possibility.
Organizations will have time to put data together for people who request it and will have time to delete the data. However, failure to comply or ignoring the regulations altogether can result in very hefty fines, up to 20 million euro. Pretending the regulation doesn’t exist isn’t an option.
Updated Privacy Language
What steps should you be taking?
Take stock of all the tracking tools you use
Make a list of anything that you use to track user data. User data can include anything from an IP, a cookie that tracks their behavior on your site, name, email, basically anything that could be used as identifying information. Some of the tools you might have on your list include:
- Google Analytics
- Facebook Pixel
- Google Tag Manager
- Gravity Forms (or any form plugin)
Make sure they are all GDPR compliant
Use readiness checklists to prepare
The Information Commissioner’s Office in the UK has a wide array of resources to help organizations prepare for GDPR compliance, but they aren’t the only website with checklists. Here are some other checklists you can use to evaluate your preparedness:
Consult legal authorities
We probably sound like a broken record, but no matter how many resources you use to prepare for GDPR compliance, nothing takes the place of legal advice. Consult your legal team, or a lawyer who specializes in regulatory compliance, to ensure you’ve checked every box.
What is Tuna Traffic doing to prepare?
In the last couple weeks, we have been auditing all of our clients to assess their level of GDPR compliance. We have been documenting all tools used for tracking on their websites, in addition to email services and forms. We have been ensuring those tools are GDPR-compliant. Tuna is then updating privacy policies to include the new language that EU visitors are supposed to see.
We believe we have a good understanding of GDPR and what will be required of our clients. However, Tuna Traffic is not a legal firm. We recommend that all of our clients consult with their own legal teams to ensure that they are fully complying with these new regulations. Still, we consider it our responsibility to get our clients as prepared as possible for the upcoming changes that will take effect on May 25.