Europe's Genereal Data Protection Regulation (GDPR) and how it affects you

May 25 is less than a month away. That's when the European Union's new privacy law, dubbed GDPR, comes into effect. What does this law change for web site owners and what steps should you take? We have summarized what you need to know, and what we should work together on in the upcoming days.

User consent is required

We typically see cookie popups on web site with an "OK" to simply dismiss the message. Cookies were being placed on users' browsers without asking them first. This is EU Cookie Law dating back to 1995. Today, this is no longer the case. Here's a quick list of key things to note regarding user consent:

1. Consent must now be clear, affirmative, and unambiguous.
2. Consent must be given separately. and not combined with terms of conditions.
3. Consent should not be a pre-condition to using a service (meaning you must continue to allow users to use your service without consenting).
4. You should not pre-tick approval boxes.
5. Granular controls must given to the user to choose if they allow different categories of cookies. For example, only allow analytics and block marketing.

User's privacy rights have expanded

If you have collected personal information about a user, they have new rights under GDPR:

1. A user should be given the possibility to withdraw consent at any time.
2. A user may has the right to be forgotten, where we should delete their personal information or anonymize it.
3. A user should be able to request a copy of all their personal information stored in your system.

Jurisdiction

This law applies to all EU citizens and residents of the EEA (European Economic Area). Therefore, we are technically obliged to present consent forms to all users. If a user does not say that they are an EU citizen, we might violate GDPR without knowing.

What should you do?

Starting May 25, 2018, you are required to request such consent from users. Since most ad providers automatically track users, and have not yet implemented or announced their intentions to comply with GDPR, you should be presenting the consent form before allowing any advertisements to appear. This includes other third-party tracking and analytics tools too, such as Google Analytics, Effective Measure, and Chartbeat. For Google Analytics, compliance steps differ in case you have enabled marketing and advertising tracking in your Data Collection settings in Google Analytics.

Take action today

WhiteBeard is currently developing a cookie consent solution that allows your site to comply with GDPR consent collection and recording. We are offering a special pricing for all our clients that register their interest before May 10, 2018. Please contact your account manager for more details.