General Data Protection Regulations, or GDPR, is the latest law dramatically changing the web landscape.You have probably noticed the flurry of email notifications from your favorite online stores and social platforms notifying you of new privacy policies and user agreements. Wondering why? It’s GDPR.

We have been educating ourselves on GDPR’s impact to our clients and preparing for the challenges and opportunities the new law will create. In addition to being able to answer your questions around GDPR and what steps you will need to take to be compliant, we are also excited to be able to offer resources and tools you may need to take the worry out of making the transition.

What is GDPR?

GDPR is a new data protection law passed in the EU aimed at protecting EU citizens online.  The goal is to protect and empower the individual to an increased degree as they move around the internet. The law does this by putting greater rules in place for how companies collect and use data online, whether or not these companies or their intended target markets are located within the EU border.

The law goes into effect May 25, 2018.

You can read all about the details of the law at www.eugdpr.org

What does that all mean?

It means that companies must get explicit consent to collect any information about an EU-based customer or user. The law considers individual identity data (name, address, ID number, race, political opinion, health stats) and digital data (IP address, cookie data, RFID tags and geolocation) as privacy data under this law. It is on a company, website or platform to receive explicit permission from a user before collecting data on them as well as be forthcoming in plain terminology with how the company intends to use that data. The user must be given an easy way to give explicit consent to use their information.  

All websites that collect data on how many users visit their site, where they go, what they click on, or when they leave, are data collecting vehicles that will need to adjust under the law. If you have Google Analytics on your website, you will need to pay attention. If you drop cookies for advertising purposes when a user comes to your site, you will need to pay attention.

The changes are manageable but significant. Getting corporate buy-in and following some easy steps will ensure compliance happens fast.

This law is new and much of the interpretation of the law will be discussed and debated over the next year. What we know is that the EU is stepping up its oversight of user data and making web companies, data tools, and other software much more accountable to how user data is used, stored, and shared.

I’m a US-based business. Do I need to worry about GDPR?

While US-based companies doing business solely in the United States are at a lower risk of being penalized by the law, the reality is all websites get miscellaneous user traffic from locations around the world, including the EU.  It is Mad Fish Digital’s stance that all websites should put the necessary protections in place in order to meet GDPR compliance. There are innovative solutions for doing this relatively easily for most standard company sites. Stay tuned – we are going to let our client’s know-how in the coming week.

Companies who have a market interest in the EU or who have high and consistent traffic from EU countries must take GDPR policies seriously in order to avoid the 20 Million euro fine that may be imposed.

I’m nervous. What do I need to do?

Luckily, for most companies, much of the initial work to get compliant can be handled with some increased documentation and legal review. Being explicit with how you collect data and what you are doing with it is the first step. This means updating privacy policies, user agreements and web copy where data is collected to meet GDPR criteria.

What is Mad Fish Digital doing to be compliant?

As an agency, we serve a couple of different roles under the GDPR definitions. As such, we are vetting the platforms and vendors we use to provide clients regular services for GDPR compliance.  We are also adding the same protections to our site that we will be recommending to our clients.

Like other companies, we are updating our privacy policy and service agreements to meet GDPR compliance standards. This will ensure that we are open with our users and clients about what we do with the data we collect and are transparent about its use.

Will this change my digital marketing strategy?

Though many online software services and platforms may adjust how they handle data and put safeguards in place, very few of the core tenets of digital advertising and online marketing will change. In fact, we are already exploring some of the interesting evolutions in the industry this will create.

We are here to help you navigate the ins and outs of GDPR. Reach out to us via sales@madfishdigital.com  or (503) 935-5222 if you are looking for help or would like to know more.