On May 25, the European Union’s General Data Protection Regulation (GDPR) will come into force, replacing the EU E-Privacy Directive. Are you ready?
GDPR includes harsher penalties, better defines an individual’s ownership/access to data, and synchronizes data protection regulations across the EU. The new rules also expand the definition of personal data: it is now considered to include information such as location data, online identifiers (such as IP addresses) and other metadata.
Funnelback is a longtime champion of privacy and data protection across the globe. With the advent of GDPR, our team is pleased to see new clarity around individual privacy rights. While Funnelback does not offer legal advice, this informational post provides insights gleaned from our own work implementing GDPR internally.
“The objective of this new set of rules is to give citizens back control over of their personal data, and to simplify the regulatory environment for business,” according to the European Commission. “The reform will allow European citizens and businesses to fully benefit from the digital economy.”
In short, there will be new rules to follow when it comes to collecting, tracking or handling the personal data of visitors, prospects and customers in the EU.
In this brief overview, we take a look at GDPR and how it might impact you.
If you interact with, or process the data of, individuals in the European Union, it’s likely that GDPR applies to you.
Not ready? You’re not alone. According to recently published research, as of January 2018 less than 39% of organizations globally were prepared.
The Funnelback website will be GDPR-compliant globally. Many other companies around the world, including Facebook, are following suit instead of regionalizing their data collection practices. Many marketers have argued that following GDPR is actually good for those who follow marketing best practices already.
The European Data Protection Supervisor has created a website (here) intended to help companies become GDPR compliant. It’s a great starting point on the path to GDPR compliance. Note that Funnelback cannot provide legal advice. We highly recommend that you consult your legal counsel to learn more.
GDPR compliance features, including a component for storing the notification and consent request within Funnelback, are targeted for launch with our May release. (Note that many administrators will opt to turn on a notice of data collection site-wide and not depend on a separate notification on each search page.) However, third-party integrations some customers may be using may not be GDPR compliant by that date. We recommend that those with questions consult with legal counsel regarding GDPR.
When location-based analytics are enabled in your Funnelback instance, the IP address of search users is collected. The IP is then cross-referenced with a geolocation database to infer information on that location (organization name, organization type, size). By default, Funnelback does not collate location data directly from search users. (In any solution as highly customizable as Funnelback, certain features may be added or enabled that will have an impact on data collection.)
Whether or not you’re physically located in the European Union, if you collect, process or handle any data from the EU you’ll likely need to comply with GDPR.
The United Kingdom is an EU member state until March 2019. During that period, businesses based, or collecting and processing data, in the UK must be GDPR compliant.
GDPR is a new regulation and an extremely complicated one. Funnelback does not provide legal advice and this blog post should not be construed as such. We encourage you to consult your attorney for details.