GDPR: What Is It? Does It Apply To Me? And So What?

By Beacon News | Published July 19, 2018 | Categories: Google Analytics , Ecommerce , Beacon News

If you work in digital marketing, you probably couldn't help but notice the GDPR (General Data Protection Regulation) mania sweeping the internet earlier this year. Indeed, before the new regulations became enforceable in May 2018, there was breathless anticipation and countless "What You Need To Know" blog posts promising the low-down on all the important compliance implications.

Any new regulation is bound to create a few headaches as affected parties figure out the new landscape and work out the kinks. But, a law as sweeping as GDPR promised to be -- impacting the very foundation of how e-commerce works -- has the potential to thoroughly disrupt the status quo, and everyone's comfort level along with it.

So, has our digital existence been turned upside down since May? Are we really living in a whole new internet reality?

Here, at Beacon, we were very much interested in the potential of GDPR to impact our ability to collect and analyze consumer data via Google Analytics (our preferred data aggregation platform). So, after a couple of months under the new regulations, as the dust has begun to settle, we decided to take a look around at the brave, new, GDPR-compliant world and see what's what.

What Is GDPR?

Let's start by defining what GDPR does. According to the European Commission website, the body that created the legislation, GDPR governs:

"the protection of natural persons with regard to the processing of personal data and on the free movement of such data."

In simple terms, the new rules aim to protect the personal data of all European Union citizens by explicitly granting them greater control over how their personal digital data is used and stored by others. GDPR applies to any company, person or entity that has the potential to gain access to personal data of EU citizens for non-personal use.

Yeah, But Does GDPR Apply to My Organization?

Because there are no national borders on the internet, EU residents (and everyone else) can easily access websites hosted in other countries. As such, the practical implication of GDPR is that it applies globally, no matter where your company or organization is legally headquartered.

If your website can be accessed by someone in the European Union -- and if it's up and running, it absolutely can be -- then you should be paying attention. So, if you haven't already, make sure your organization undertakes a review of how your site's visitor data is collected, compiled and stored in Google Analytics (or, whichever platform you use).

What Does GDPR Impact?

There are three major areas of emphasis with GDPR: data collection management, data protection and visibility, and restrictions on data use.

The new regulations affecting data collection management require companies to get consent from consumers before collecting and storing their personal data. This means that when you visit your favorite online store, the retailer will have to ask you for explicit permission to track your shopping session and see what jeans you're interested in buying. More than that, consumers have the choice to opt out or limit how their online behavior is tracked.

If you grant permission to track your shopping experience, or choose to share any other personal information -- like your address and contact information when you sign up for a store rewards program, for example -- the retailer has the responsibility of protecting that collected information from falling into the wrong hands. Not only that, because EU consumers have the right to request that their data be deleted, businesses have to know exactly where they store your personally identifiable consumer data in order to comply with any consumer requests.

In addition to requests to delete their data, under GDPR, consumers are enabled to exercise more granular control over what data is collected and how it is used. Consumers are empowered to rescind their data collection permission at any time they want. They can also request that your company turn over their data to a third-party or another retailer.

All of this means that, going forward, companies doing business online should have a sophisticated, flexible and responsive system of collecting and managing consumers' personal data.

What Should I Be Doing?

To understand exactly what your company should be doing to accommodate these new consumer-centered protections, speak with your legal team. Your attorneys should be able to provide guidance tailored to your industry and circumstances.

If that entails a re-imagining of your data collection and management processes on your website, or through Google Analytics, give Beacon a call. We'll be glad to walk you through the platform and recommend a course of action. Give our experts a shout at 866.964.5590.