With no doubt, the internet has drastically transformed the way we knew life, and to a large extent, how brands, organizations, and consumers communicate and relate with each other. I mean, more than ever; we are able to seamlessly share documents, send emails, purchase goods, and pay bills online, from the comfort of our homes thanks to the World Wide Web. In the process, we willingly or unwillingly expose our contacts, banking information, social media posts, IP addresses, and even the sites we have been visiting while surfing the internet. But, have you ever sat down for a while and wondered how much personal data you have ever shared online? Or even what happens to such information? Well, companies allege that they collect it to better their customer experience by offering more relevant and targeted information.

Even so, there are still concerns about what webmasters and internet know about their users, and also who else has access to their personal information stored in their private servers. To make the matters worse, these webmasters and internet trendsetters are exceptionally reluctant to give straight answers - even to simple questions like why I’m I seeing this Ad?

In response to this ambiguity and unwillingness to disclose intent, the European Union shifted the power balance in favor of consumers on the 25th of May 2018 by implementing a privacy law that governs how personal information is collected or handled. The law, otherwise known as the General Data Protection Regulation or GDPR seeks to ensure that users are aware of, consent to, and understand the data collected about them.

What is GDPR?

The General Data Protection Regulation is a privacy law that came into effect on the 25th of May 2018. It has been implemented across the European Union and the EAA region to ensure that users are aware of, consent to, and understand the private information being collected about them. Under this law, all companies and business that sell to, or request personal information to offer services to citizens across the European Union are required to do so under its regulations. The primary goal of the regulation is to give people more autonomy over their personal data, and also ensure that its security and confidentiality is not compromised after being given out.

According to the European Commission Data Protection regulation, personal data includes, personal data is described as any information relating to a person, may it be a photo, name, email address, updates on social media platforms, bank details, computer IP addresses, medical information or even physical address details. The law also makes no distinctions across the roles of individuals, may it be public, private or work. Regardless of the setting, a person is a person and his/her data remains private regardless of their setting. Even in a B2B setting, information is shared with and about each other. And though customers and clients in B2B markets are independent companies, the law recognizes that all business activities are handled by individual people.

Under GDPR, individuals have:

1. The right to access - This implies that consumers can ask for unlimited and unrestricted access to their personal information and also demand to know how it is going to be used after being gathered. If such a request is made, the company is obliged to provide a copy of the personal information in a universal digital format.
2. The right to be forgotten –If consumers cease to be customers of a certain company, or they demand that their information is taken down, it is their right to have it permanently deleted from the company’s database.
3. The right to data portability - People have the right to have their data transferred from one company to another and this has to happen in a typically used way and in digital format
4. The right to be informed –This regulates how data is gathered by companies. Individuals have to be informed in advance before their data can be collected. It is the right of consumers to opt in or out and consent has to be given freely, as opposed to being implied.
5. The right to have information corrected – Consumers hold the right to have their information updated in case they feel that it is incorrect, outdated or incomplete.
6. The right to restrict processing – Consumers can demand that their information should not be used for any kind of activity. The record of their data remains with the company, but it can’t be used for any purpose without authorization.
7. The right to object –This implies that individuals can halt the processing of their data if it is going to be used for direct marketing. No exemptions are provided to this regulation and any activity with the data has to stop after the request is received. Moreover, individuals have to be informed about this right from the very beginning of the communication.
8. The right to be notified – In case of a breach that compromises the security or confidentiality of an individual’s personal data, he/she has to be notified within 72 hours of being aware of the breach.

In other words, this regulation is handing customers, individuals, prospects, employees, and contractors more autonomy over their personal information, and less freedom to organizations and companies that collect it for monetary purposes.

How GDPR is affecting websites

Cookie policy

Cookies are also a subject of concern in the GDPR. The argument is, since they can be used to identify individual devices, it is possible that they can potentially expose someone’s personal information. For this reason, if your site uses cookies, you have to add a cookie opt-in for surfers to choose whether to, or not to subscribe to your cookie policy. Luckily, Google has created a dedicated website to handle this issue. There are also other applications and tools that can be used to notify your site visitors about your cookie policy and give them the chance to decline or accept their use.

If you take a look at websites that have already complied with the cookie policy, you will notice a whole new dimension of framing cookie policies. For instance, theupdated cookie policy on Pinterest is clear and direct in such a way that you don’t need a dictionary to comprehend it.

The London School of Economics’cookie policy is also one of the best examples of compliance. It defines what cookies are, how they are used on their website and even leverages on third-party resources to provide more information on how to enable and disable cookies on your browser.

Do you Need an Automated Notification/Pop-Up About Our Cookie Policy?

This is not a mandatory requirement, but also not a bad idea. The law demands that a person’s consent to processing has to be expressed via third-party applications or appropriate browser settings which implies that placing instructions on how to disable and enable cookies is enough. And though you use these instructions without breaching the regulations, it is strongly recommended that you simplify the process by including a pop-up box or text in your footer or header which the visitor can dismiss when not interested.

If you can’t figure out how to be compliant with your cookie policy Cookielaw.org provides some models and insight forcookie law consent, which includes but not limited to:

• Explicit Consent: This model gives site visitors the chance to opt in or out of your cookie policy. Users can accept or reject them using a pop-up box.

• Soft Opt-In: Notifies the user that your website uses cookies and he/she responds by dismissing or accepting the message.

GDPR Privacy and Data collection

Technically, GDPR is structured to enhance the confidentiality and security of personal data. This refers to things like email addresses, phone numbers, credit card information and physical location. Nonetheless, it can also refer to online identifiers such as cookie strings and IP addresses. If your site has a cookie-based functionality, including Google Analytics, or fields and forms that collect data, you have to comply with the regulations. Otherwise, purchases and financial transactions with residents of the EU will be blocked.

So, what needs to be done?

Update your privacy policy

To be on the safe side, your data privacy policy has to be at per with the new regulations. Take time to reevaluate your privacy policy and ensure that everyone in your team follows it. Here are some of the things you can add.

• Include a clear and unambiguous description of the data your site collects
• Explain to your customers their data rights including the freedom to withdraw consent to process their personal information.
• Explain to them how your company handles security breaches in case the data is compromised.
• Last but not the least, always include your contact information so that users can contact you when need be.

Consent

Primarily, the regulation also stresses the importance of consent for any data collected within the EU. It demands that consent has to be informed, unambiguous, precise and freely given. So, what does this mean for online marketers who depend on their sites? Well, it implies that your site can no longer contain pre-checked boxes. In other words, individuals have to intentionally opt-in in any of your subscriptions. Moreover, opt-ins for different communication formats have to be separate and not categorized into a single opt-in.

Consumers demand transparency, and GDPR requires it

There is no one-size-fits-all approach to ensuring GDPR compliance, which is why it is vital for any business that has contacts or customers in the EU to take steps to become compliant.

These new rules may seem scary, but they reflect some best practices in digital marketing, such as:

Truth be told, there is no magical holy Mary grail approach to making sure that your site is compliant. The new rules may look scary, but they are some of the best practices to ever be introduced in digital marketing. You only have to:

• Come clear on how personal data is collected, stored and used
• Include opt-in consent for the storage and use of personal information.
• Provide subscribers with the chance to be deleted from your database when need be.
• Promptly notify your subscribers in case of a breach that could compromise the security and confidentiality of their data.

Terms and conditions

Terms and conditions have to be unambiguous and simple to understand. Complicated jargon and legalese will certainly result to your site being blocked within the European Union. The site also has to have a feature or features that allow subscribers to revoke their consent at any time without warning and the process has to be effortless and simple. To be on the safe side, re-evaluate your terms and conditions, how your site collects consent and tracks data. Most importantly, ensure that individuals can easily opt-in and out anytime they feel so.

Other Google Changes

In a bid to make it easier for websites to be compliant with the regulation, Google has made changes you should be aware of.

1. Update to Consent Policy – As of May 25th, 2018, Google adopted a new EU User Consent Policy. This policy dictates that if you are employing Google products and services like analytics, you have to be providing an opt-in and a chance for users and also be tracking user consent.
2. New Data Retention Controls – A control setting has been added on Google Analytics within the Admin panel so that you can determine how long user data can be stored on their servers. You can choose any period from 14 months to never expire.
3. New User Deletion Tool – A user deletion tool has also been added to make it possible for website owners to delete entire sets of information belonging to a specific user.
4. Contract Changes – Regular prompts have been added in Google Analytics so that site owners can view and accept updated terms and conditions.

Conclusion

Data is a valuable asset in this age of information. And though GDPR might create new challenges for online businesses, it also creates an opportunity for business to demonstrate how much they value users’ privacy, beyond legal requirements.