reasonable amount of time. 3. The right to be forgotten and for all websites to offer a method to have personal data del
The General Data Protection Regulation (GDPR) and How It Affects U.S.-based Businesses and Organizations MAKE YOUR MARKETING
Oneupweb | 2018
General Data Protection Regulation Internet users and the internet’s governing body have been pushing for these three things for a very long time: 1. Websites that are clear about what data they collect and how it is used 2. Websites that store and manage data collected securely, only for its intended purpose, and only for a reasonable amount of time 3. The right to be forgotten and for all websites to offer a method to have personal data deleted within a reasonable amount of time MAKE YOUR MARKETING
Oneupweb | 2018
Where did the GDPR come from? Europe! But it affects U.S. businesses too.1 The World Wide Web Consortium (W3C) is the main international standards organization for the World Wide Web.
o They have been striving for the internet to better handle user data and privacy since its inception. o The basis of these new laws is rooted in their recommendations. The new rules replace the original rules set in place in 1995. The European Union (EU), like the U.S., has been overdue for an update to internet privacy and data regulation laws for decades.
MAKE YOUR MARKETING
Oneupweb | 2018
What is GDPR? General Data Protection Regulation2
• Affects all citizens of the European Union (EU) • Replaces the Data Protection Directive 95/46/EC (data protection rules across the EU from 1995) and went into effect 5/25/2018 • The general aim of the GDPR is to give internet users more control over their data and privacy. • Under the GDPR the definition of “personal data” has been broadened to include locations, browsing history, IP addresses, and any other personally identifiable information that can be assigned to a specific user. MAKE YOUR MARKETING
Oneupweb | 2018
What does the GDPR mandate? A host of new requirements have been rolled into the GDPR3 1. 2. 3.
4. 5. 6.
Companies in the EU now have to report data breaches within 72 hours. Companies must allow their users to access the private data that has been gathered on them and find out how it’s being used. Companies must provide a method for users to opt out and have their data removed not only from public view, but from private data storage as well. a) Users have the “right to be forgotten,” allowing them to demand that companies remove certain personal information from the internet. Users are opted out by default. Users must explicitly opt in to have their data used for any purpose. The law cleared up ambiguous rules and definitions, enforcing EU law for any companies who transact with EU citizens— regardless of location—which is key to US businesses. The law also imposes larger penalties for infringements (up to 20 million euros or 4% of global revenue).
MAKE YOUR MARKETING
Oneupweb | 2018
GDPR Challenges GDPR is not an EU issue. This changes the way brands across the globe collect, store and secure the data of their users.4 • These changes are enforced worldwide. o These changes are an issue for any company that markets or sells products and services to EU citizens or American citizens with dual citizenship. • An e-commerce company based in the U.S. marketing or selling products/services to anyone in the EU will have to comply with the GDPR same as any Europe-based company. • This changes the way brands across the globe collect, store and secure user data. o We are already seeing the impact with an influx of email and website notices notifying users of these changes being implemented and privacy policies being updated. o It has also been adopted by Google, a trendsetter in the web space.
MAKE YOUR MARKETING
Oneupweb | 2018
Overarching Effects The rules for GDPR are focused entirely on the protection of EU citizens’ data, but that doesn’t mean the issue begins and ends within the EU borders.5 • These rules are going to ensure that organizations provide a more secure, trustworthy service. • Removes ambiguity within existing rules. • Specifies non-EU business’ responsibility when dealing with EU user’s data. • Standardizes the way personal data of EU citizens is handled globally. o This will have a huge impact on the way users view brands. • Removes the worry about opting in for a series of irrelevant emails or calls. o Make users more open to brands they’re actually interested in engaging with. MAKE YOUR MARKETING
Oneupweb | 2018
GDPR Recommendations Privacy Policy Google Analytics WordPress Email
MAKE YOUR MARKETING
Oneupweb | 2018
GDPR: Get the Word Out
Privacy Policy Make these changes to your website’s Privacy Policy.6 • Remove legalese and use words / terms people can easily understand. • Define how user data will be used. • Define how the user’s data will be kept secure. • Define the rights of the user to access information stored about them. • Define the rights of the user to have all data about them removed . • Define the method to have the user’s data removed or altered. MAKE YOUR MARKETING
Oneupweb | 2018
GDPR: Get the Word Out
Google Analytics Google Analytics data captured / stored adheres to GDPR.7 • Google Analytics (GA) sent notice to account holders that they can and should update their data retention settings. • GA relates to user-level data and event-level data associated with cookies, user identifiers and advertising identifiers. o Unable to access information about one specific user. • Aggregated data will not be impacted. • Still able to access acquisition metrics (sessions, pageviews) and behavior metrics (bounce rate, pages per session and time on site) even after the data retention period is set. • Configure your account to reflect your organization’s internal data retention policy. o For most, the default of 26 months is just fine. MAKE YOUR MARKETING
Oneupweb | 2018
GDPR: Get the Word Out
WordPress Get the WordPress 4.9.6 update.8 • Update WordPress to version 4.9.6 o Focuses heavily on privacy enhancements • Addition of Privacy tab on the successful update screen o Informs user that their sites may send data to WordPress.org for plugin info and then updates with a link to the WordPress.org privacy policy • Create a Privacy Policy page o Information displayed is unique to the individual site o Template has suggestions on what information to display o Privacy Policy page to include information on where to send requests for user data • Once a request for data export or removal is received, the site
administrator can send to the requester a verification request from WordPress.
• Cookies save data each time a user leaves a comment o Users will be informed of this data storage. o Users will need to check mark a box to opt-in. MAKE YOUR MARKETING
Oneupweb | 2018
GDPR: Get the Word Out
Email Notify users … 9
• Where to access the updated Privacy Policy • The secure means used to protect user data • Where to go to retrieve user data • Where to go to have user data removed
