Bill Hartzer

What is GDPR And Why Should You Care?

GDPR Compliance

What exactly is GDPR, and if you have a US-based business with a website, why should you care about the upcoming deadline of May 25, 2018? I recently talked to a few businesses, and they didn’t know anything about it. And, they’ve never heard of it. As someone who is involved daily with digital marketing and search engine optimization of websites, I have to tell you that if you’re an EU-based business then you’ll need to comply with the new GDPR regulations by May 25, 2018. If you’re not in the EU, then you actually should care about it, as it will have an affect on your website–at a minimum, your Google Analytics data.

What is GDPR?

To answer that question, it’s best answered by my friend Jenny Halasz, who wrote an article about it in Search Engine Journal:

“GDPR is short for General Data Protection Regulation, and it’s going into effect on May 25, 2018 in the European Union and the associated countries. Its purpose is to finally make good on a legal question from several years ago about how data is used and whether individuals own the data that they create by interacting with websites online. The courts ruled that individuals are the owners of their data, not the corporations (or websites) that collect the data. Therefore, it must be deleted on a regular basis so that customers don’t have to constantly contact websites they may have visited and ask them to delete their data.”

While the GDPR is specific to businesses with websites in the European Union countries, most websites don’t currently block visitors from visiting their websites from EU countries. Even US-based businesses should consider whether or not they need to delete that data or not. Of biggest concern at this point is how Google Analytics deals with the data that’s collected, and if a setting isn’t changed in the GA account by May 25, they could lose all of the Google Analytics historical data older than a certain number of months, which is 26 months.

After consulting with a few of my legal contacts, they basically told me that the biggest concern for US-based companies is that someone in the US could sue a business with a website for not complying with GDPR-like regulations. In my professional opinion, even though a US-based company doesn’t do business in the EU, they do get EU-based website visitors. We don’t know how EU regulators are going to enforce these regulations at this point. Regardless, US-based companies with websites should be aware of GDPR, and consult their legal team before deciding whether or not they will retain the data or not.

For US-based websites, there are choices, as I personally see it:

Those are few options—at this point, for US-based business I recommend that you DO continue to collect the data via Google Analytics and update the GDPR settings. You can find out more information here: https://support.google.com/analytics/answer/3379636. Here’s a screen shot of what the Google Analytics settings looks like:

GDPR Questions and Answers for US-Based Companies

Here is a list of several different questions and answers, along with data points that explain the GDPR implications for US-based companies. However, even if you are outside the US, then you still will want to understand these points.

Does GDPR affect US companies? YES

Exit mobile version