Who must comply to the GDPR?
This is a very good question. By now you’ve likely heard about the General Data Protection Regulation which is now in affect. Does it impact your organization?
The answer appears to be pretty straightforward, but as you dive a little deeper it suggests a nuanced interpretation. Overall there are two groups that must comply:https://www.gdpreu.org/
The first point is pretty straightforward — your firm is either in the EU or it’s not.
The second point is a little less straightforward. Does your firm offer free or paid goods or services to EU residents? Does your firm monitor the behaviour of EU residents?
If your firm is a global business, or has any European presence you will likely be liable, and need to become compliant.
Google Analytics and the GDPR
Chances are that your organization is using Google Analytics. If you are, will it create problems with GDPR compliance? Are you tracking personally identifiable data in your URL parameters? Are you tracking users IP addresses?
We’ve curated a couple of good resources to help you get your head around the GDPR compliance question.
As a website owner, you’re responsible for all of the data processing activities going on on your website.
The article on Cookiebot gives a well rounded introduction to:
- Google Analytics in this context of the GDPR
- What the legal requirments of the GDPR actually mean for your website
It also provides a checklist of how to get started addresses the issues with Google Analytics and the GDPR.
If you’re using Google Analytics then Google is your data processor and you’re obliged to conform to the GDPR.
This article provides great instructions in terms of 5 actionable that you can take to become GDPR compliant with Google Analytics.
Disclaimer: GDPR is complex, interpretations vary, and we’re not legal experts. This article is based on our own research into the General Data Protection Regulation (GDPR) and e-Privacy Regulation. You should seek legal counsel that specializes in the GDPR and e-Privacy Regulation to ensure that your organization conforms to these regulations.
- Some good information about cookies and consent in terms of the GDPR.
- Excellent advice on how you can evaluate your organization's use of Google Analytics, and Google’s new consent policy.
Main Photo by Dayne Topkin on Unsplash