With no doubt, the internet has drastically transformed the way we knew life, and to a large extent, how brands, organizations, and consumers communicate and relate with each other. I mean, more than ever; we are able to seamlessly share documents, send emails, purchase goods, and pay bills online, from the comfort of our homes thanks to the World Wide Web. In the process, we willingly or unwillingly expose our contacts, banking information, social media posts, IP addresses, and even the sites we have been visiting while surfing the internet. But, have you ever sat down for a while and wondered how much personal data you have ever shared online? Or even what happens to such information? Well, companies allege that they collect it to better their customer experience by offering more relevant and targeted information.
Even so, there are still concerns about what webmasters and internet know about their users, and also who else has access to their personal information stored in their private servers. To make the matters worse, these webmasters and internet trendsetters are exceptionally reluctant to give straight answers - even to simple questions like why I’m I seeing this Ad?
In response to this ambiguity and unwillingness to disclose intent, the European Union shifted the power balance in favor of consumers on the 25th of May 2018 by implementing a privacy law that governs how personal information is collected or handled. The law, otherwise known as the General Data Protection Regulation or GDPR seeks to ensure that users are aware of, consent to, and understand the data collected about them.
The General Data Protection Regulation is a privacy law that came into effect on the 25th of May 2018. It has been implemented across the European Union and the EAA region to ensure that users are aware of, consent to, and understand the private information being collected about them. Under this law, all companies and business that sell to, or request personal information to offer services to citizens across the European Union are required to do so under its regulations. The primary goal of the regulation is to give people more autonomy over their personal data, and also ensure that its security and confidentiality is not compromised after being given out.
According to the European Commission Data Protection regulation, personal data includes, personal data is described as any information relating to a person, may it be a photo, name, email address, updates on social media platforms, bank details, computer IP addresses, medical information or even physical address details. The law also makes no distinctions across the roles of individuals, may it be public, private or work. Regardless of the setting, a person is a person and his/her data remains private regardless of their setting. Even in a B2B setting, information is shared with and about each other. And though customers and clients in B2B markets are independent companies, the law recognizes that all business activities are handled by individual people.
In other words, this regulation is handing customers, individuals, prospects, employees, and contractors more autonomy over their personal information, and less freedom to organizations and companies that collect it for monetary purposes.
This is not a mandatory requirement, but also not a bad idea. The law demands that a person’s consent to processing has to be expressed via third-party applications or appropriate browser settings which implies that placing instructions on how to disable and enable cookies is enough. And though you use these instructions without breaching the regulations, it is strongly recommended that you simplify the process by including a pop-up box or text in your footer or header which the visitor can dismiss when not interested.
Technically, GDPR is structured to enhance the confidentiality and security of personal data. This refers to things like email addresses, phone numbers, credit card information and physical location. Nonetheless, it can also refer to online identifiers such as cookie strings and IP addresses. If your site has a cookie-based functionality, including Google Analytics, or fields and forms that collect data, you have to comply with the regulations. Otherwise, purchases and financial transactions with residents of the EU will be blocked.
So, what needs to be done?
Primarily, the regulation also stresses the importance of consent for any data collected within the EU. It demands that consent has to be informed, unambiguous, precise and freely given. So, what does this mean for online marketers who depend on their sites? Well, it implies that your site can no longer contain pre-checked boxes. In other words, individuals have to intentionally opt-in in any of your subscriptions. Moreover, opt-ins for different communication formats have to be separate and not categorized into a single opt-in.
There is no one-size-fits-all approach to ensuring GDPR compliance, which is why it is vital for any business that has contacts or customers in the EU to take steps to become compliant.
These new rules may seem scary, but they reflect some best practices in digital marketing, such as:
Truth be told, there is no magical holy Mary grail approach to making sure that your site is compliant. The new rules may look scary, but they are some of the best practices to ever be introduced in digital marketing. You only have to:
Terms and conditions have to be unambiguous and simple to understand. Complicated jargon and legalese will certainly result to your site being blocked within the European Union. The site also has to have a feature or features that allow subscribers to revoke their consent at any time without warning and the process has to be effortless and simple. To be on the safe side, re-evaluate your terms and conditions, how your site collects consent and tracks data. Most importantly, ensure that individuals can easily opt-in and out anytime they feel so.
In a bid to make it easier for websites to be compliant with the regulation, Google has made changes you should be aware of.
Data is a valuable asset in this age of information. And though GDPR might create new challenges for online businesses, it also creates an opportunity for business to demonstrate how much they value users’ privacy, beyond legal requirements.