GDPR is coming: New privacy requirements will impact your work

The EU's General Data Protection Regulation (GDPR) will have a global impact. Are you ready?

On May 25, the European Union’s General Data Protection Regulation (GDPR) will come into force, replacing the EU E-Privacy Directive. Are you ready?

Note that this should not be construed as legal advice: consult your attorney if you have questions or concerns.

GDPR includes harsher penalties, better defines an individual’s ownership/access to data, and synchronizes data protection regulations across the EU. The new rules also expand the definition of personal data: it is now considered to include information such as location data, online identifiers (such as IP addresses) and other metadata.

Funnelback is a longtime champion of privacy and data protection across the globe. With the advent of GDPR, our team is pleased to see new clarity around individual privacy rights. While Funnelback does not offer legal advice, this informational post provides insights gleaned from our own work implementing GDPR internally.

“The objective of this new set of rules is to give citizens back control over of their personal data, and to simplify the regulatory environment for business,” according to the European Commission. “The reform will allow European citizens and businesses to fully benefit from the digital economy.”

In short, there will be new rules to follow when it comes to collecting, tracking or handling the personal data of visitors, prospects and customers in the EU.

In this brief overview, we take a look at GDPR and how it might impact you.

Why do I care?

If you interact with, or process the data of, individuals in the European Union, it’s likely that GDPR applies to you.

Not ready? You’re not alone. According to recently published research, as of January 2018 less than 39% of organizations globally were prepared.

What do I need to do?

The Funnelback website will be GDPR-compliant globally. Many other companies around the world, including Facebook, are following suit instead of regionalizing their data collection practices. Many marketers have argued that following GDPR is actually good for those who follow marketing best practices already.

The European Data Protection Supervisor has created a website (here) intended to help companies become GDPR compliant. It’s a great starting point on the path to GDPR compliance. Note that Funnelback cannot provide legal advice. We highly recommend that you consult your legal counsel to learn more.

If Funnelback is GDPR compliant, does that automatically make me as well?

GDPR compliance features, including a component for storing the notification and consent request within Funnelback, are targeted for launch with our May release. (Note that many administrators will opt to turn on a notice of data collection site-wide and not depend on a separate notification on each search page.) However, third-party integrations some customers may be using may not be GDPR compliant by that date. We recommend that those with questions consult with legal counsel regarding GDPR.

What data does Funnelback collect?

When location-based analytics are enabled in your Funnelback instance, the IP address of search users is collected. The IP is then cross-referenced with a geolocation database to infer information on that location (organization name, organization type, size). By default, Funnelback does not collate location data directly from search users. (In any solution as highly customizable as Funnelback, certain features may be added or enabled that will have an impact on data collection.)

We use cookies to enable ‘saved results’ and ‘search history’ functionality. The content of the cookie is a randomly generated number sequence which is used as a key in the backend database. The backend database only stores search term history and pinned search results.

For more information on the types of data Funnelback collects, please see our Privacy Policy.

Will businesses outside the EU need to be GDPR compliant?

Whether or not you’re physically located in the European Union, if you collect, process or handle any data from the EU you’ll likely need to comply with GDPR.

What about the UK?

The United Kingdom is an EU member state until March 2019. During that period, businesses based, or collecting and processing data, in the UK must be GDPR compliant.

To reiterate: this isn't legal advice.

GDPR is a new regulation and an extremely complicated one. Funnelback does not provide legal advice and this blog post should not be construed as such. We encourage you to consult your attorney for details.

Share Article on: