GDPR Checklist for Businesses
With the General Data Protection Regulation (GDPR) implementation cut off date on the 25th May 2018 fast approaching, businesses need to ensure their websites are compliant to new data laws and that any tracking and data capture meets the needs of the new law.
As an SEO agency we have taken it upon ourselves to ensure that client websites meet the needs of GDPR laws, particularly where Google Analytics and other tracking elements are concerned – and as such we’ve also put together this handy checklist for anybody working online.
Marketers, SEO agencies, PPC managers and digital executives alike will all agree that data is at the core of effective decision making and long-term results – with Google Analytics, Adwords tracking, Google Tag Manager, heat mapping and much more all common practice across websites looking to understand and improve performance.
While most of the data is anonymous, almost all will come through third party tracking – as such privacy policies should be updated to include:
- The software used to track anonymous user engagement
- Where this data is processed
- How to opt out of anonymous tracking
This will look something like:
Google Analytics (Google Inc.)
Google Analytics is a web analysis service provided by Google Inc. (“Google”). Google utilises the Data collected to track and examine the use of this Website, to prepare reports on its activities and share them with other Google services.
Google may use the Data collected to contextualize and personalize the ads of its own advertising network.
Personal Data collected: Cookies and Usage Data.
Turn off any identifiable tracking
GDPR states that any piece of data used to identify an individual user requires consent – this can include tracking IP locations, screen types or browsers.
Within Google it is possible to make this tracking anonymous and while removing the data from insight, it ensures users are not identified by Google at an individual level.
To do this, use GTM to update the anonymous IP address – within your tracking code. Alternatively, work with your SEO agency to do so.
Manage data retention settings in Google Analytics
Google Analytics is asking all users to update Data retention settings to match the needs of the services offered.
To do this:
- Sign in to Google Analytics.
- Click Admin, and navigate to the property you want to edit.
- In the PROPERTY column, click Tracking Info > Data Retention.
- User-data retention: select the retention period you want.
- Reset on new activity: turn the switch on or off.
Data will automatically be removed after the retention date expires – this can be anywhere from 14-50 months but can also be set to never be removed. Based on the service offered by your website, you will need to determine how long it is relevant to keep data retained in an Analytics account.
Build Opt-in options to all forms
Finally, and the most common of all points published over the last 3 months as GDPR comes into effect, you should ensure all forms have an opt-in to say that users are happy for their data to be used based on the form filled out.
For example, anybody filling out a contact form should expect to be contacted and the length of time you will keep the data of the user will be based on the service and the reason for the form fill – this should also be clearly stated.
For example, if a user is signing up to a newsletter then the form can clarify that the user is happy to sign up to the mailing list for as long as emails are sent, or until the opt-out.
This should also be followed up with a ‘double opt-it’ to reconfirm sign up and all data held separately to any sales or contact form data.
While GDPR seems like a major shift in business, taking a few simple steps to ensure you are user friendly ready will ensure your website continues to function in the way it has done for the years previous.