Who must comply to the GDPR?

This is a very good question. By now you’ve likely heard about the General Data Protection Regulation which is now in affect. Does it impact your organization?

The answer appears to be pretty straightforward, but as you dive a little deeper it suggests a nuanced interpretation. Overall there are two groups that must comply:

Source: https://www.gdpreu.org/

The first point is pretty straightforward — your firm is either in the EU or it’s not.

The second point is a little less straightforward. Does your firm offer free or paid goods or services to EU residents? Does your firm monitor the behaviour of EU residents?

If your firm is a global business, or has any European presence you will likely be liable, and need to become compliant.

Google Analytics and the GDPR

Chances are that your organization is using Google Analytics. If you are, will it create problems with GDPR compliance? Are you tracking personally identifiable data in your URL parameters? Are you tracking users IP addresses?

We’ve curated a couple of good resources to help you get your head around the GDPR compliance question.

Is my use of Google Analytics GDPR and ePR compliant?

As a website owner, you’re responsible for all of the data processing activities going on on your website.

The article on Cookiebot gives a well rounded introduction to:

  • Google Analytics in this context of the GDPR
  • What the legal requirments of the GDPR actually mean for your website

It also provides a checklist of how to get started addresses the issues with Google Analytics and the GDPR.

5 Actionable Steps to GDPR Compliance with Google Analytics

If you’re using Google Analytics then Google is your data processor and you’re obliged to conform to the GDPR.

This article provides great instructions in terms of 5 actionable that you can take to become GDPR compliant with Google Analytics.

In Conclusion

Even if you decide that there is no need to become GDPR compliant ePrivacy isn’t something that you should just ignore. As time goes on users are going to expect more transparency from the brands they interact with. It can be as straightforward as updating your privacy or cookie policy to provide transparency about the data processing on your digital experience.

Disclaimer: GDPR is complex, interpretations vary, and we’re not legal experts. This article is based on our own research into the General Data Protection Regulation (GDPR) and e-Privacy Regulation. You should seek legal counsel that specializes in the GDPR and e-Privacy Regulation to ensure that your organization conforms to these regulations.

Other Resources

Main Photo by Dayne Topkin on Unsplash