The General Data Protection Regulation is coming into effect in May 2018. All online data collection will need to be compliant to these new rulings. You can read the Cobb Digital guide to GDPR.
What does this mean for your website?
It’s all about getting users to ‘opt-in’.
Gaining and storing personal info
If you request any personal information on your website e.g. a newsletter sign up, you need to be explicit on what you will do with their data at the point of the capture.
If you already hold data on your customers, you will need them to confirm what data you have consent to keep. Many retailers, ecommerce sites, forums and social media sites will have identifiable information including names, addresses, email addresses and phone numbers. These sites will need to gain explicit confirmation from their users on what data can be kept, and a record of this consent must be stored as ‘proof’.
One final aspect is not keeping data longer than you should. If you hold data that you don’t need anymore, this should be deleted.
Cookie policies and terms & conditions
Customer profiling and behavioural insight
User surveys, third party testing software, heatmap software and dynamic merchandising can all collect user behaviour or demographic data, typically via cookies. In addition, if processing personal data for profiling purposes, you must ensure that safeguards are in place. This includes recently viewed items or storing similar purchases and sizing.
It is important that users are aware of this kind of analytics happening in the background and what it might mean for their privacy. If surveys and user testing is a part of your conversion rate optimisation strategy, ensure that any personal data collected has full consent to be used for analysis, and that it does not contain any data that can be used to identify a person.
User IP addresses
IP addresses can be used to personally identify a user. Many ecommerce systems perform automated security checks against IP addresses and location data to detect spam orders. If your website system collects IP addresses, location information or cookies, you might be liable for ensuring the consent of your user.
What does it mean for search engines?
Analytics data and demographics data
Google Analytics is a powerful analytics tool that can collect traffic data, user location, user behaviour and website performance data. Google Analytics also collects demographic data, based on a user’s browsing history.
GDPR defines special category data as including sensitive data to do with race, health, religion and sexuality. Google Analytics collects data on gender, age and interest, which fall under that special category. What will happen to this data?
Google has stated that all G Suite products are within compliancy to GDPR, however this statement has not yet been extended to Google Analytics Solutions.
Search engine data
Search engines store search data. They collect data according a person’s IP address (location) and device and use this to personalise search results, which is why not everyone sees the same results for the same searches. This data is stored, but there is never explicit consent gathered from the user when they click Search.
Search data can be sensitive, and can be used to identify political interests, demographic data, health concerns and other sensitive information. With personalisation being such a huge part of search, that personalisation data might soon become illegal to keep.
Could GDPR compliancy become a ranking factor?
Search engines aim to provide their users with the best possible websites for their queries. With HTTPS, site security and user experience being part of ranking algorithms, it could well be that clear, consent-driven data collection could have an influence on rankings in the future. We’ll have to wait and see!
Have concerns about your site, data and policies? Contact the Cobb Digital team for website optimisation help, or for information on GDPR compliancy.
Note: This post reflects Cobb Digital’s views from our own research.