On May 25th, the General Data Protection Regulation (GDPR) went into effect, providing European Union residents insight into how their personal information is collected, stored, and used by websites. Just being located outside the EU does not relieve your company from having to comply—the regulation protects any user accessing your website from within the EU.
Under GDPR, personal data is defined as information that can be used to identify someone, directly or indirectly. This includes IP and email addresses, cookies, location data, and names. We recommend you take the following four precautionary measures, and, of course, seek legal counsel.
1. Update Google Analytics’ Data Retention settings to 50 months
Google Analytics users are now required to set the length of time user-level and event-level data is stored on its servers before that data is automatically deleted. This update will not affect aggregated data currently used in dashboards, but will affect components such as “Custom Segments” that rely on advertising user IDs, cookies, etc.
3. Add a pop-up to your website that requires user consent
Example of a user consent pop-up
4. Add a disclaimer to any lead capture forms that explain the exact use of a user’s email address and contact information.
If you have questions about GDPR, how to ensure you’re compliant, or want help executing the steps above don’t hesitate to reach out.