Why you need to care about GDPR: abandoned markets, lawsuits and clever implementations

The General Regulation on Data Protection (GDPR) in the European Union finally came to life. It applies to companies that monitor or process personal data of EU residents and citizens, even if they are situated outside the EU. GDPR concerns businesses engaged in online trading and SaaS providers monitoring user’s behavior in the network.  As we’ve already mentioned, violation of the new law can cost up to €24.8 million or 4% of the company’s annual turnover.

Many companies have already abandoned European traffic

Under GDPR, companies must provide client support in the EU to continue working with European users, otherwise they would have to face a fine. Many western companies, and even American media giants like New York Daily News, Chicago Tribune, NPR, USA Today, have already sacrificed traffic from the European Union to avoid fines. Other projects working with user data, for example, the popular postponed reading service Instapaper suspended work in the EU. Instead of the usual content, European users now bump into hundreds of parked web pages about temporary suspension of services.

Google and Facebook sued for $8.8 billion

Commenting on the GDPR, Mark Zuckerberg said that Facebook is playing fair, and the new law will not affect the social network. “We have been preparing for this last 18 months. Facebook provides control, accountability and transparency about how data is used”, Zuckerberg explained at the Viva Technology conference in Paris, “These are values that we’ve always shared for Facebook’s whole existence.” Just a few hours after the GDPR came into force, both Facebook and Google have received the first lawsuits for 3.9 and 3.7 billion dollars, respectively. Both companies are accused of forcing users to share personal data.

How to work with the GDPR? The case of Google Analytics

According to GDPR, personal data constitutes all information that allows third parties to identify an individual – be that your name, the fact of union membership or an IP-address. Personal data may identify a particular person directly or in combination with other information, such as an email address, home address, date of birth, postal code, or IP address.

Google Analytics is, in fact, a data processor for people from all over the world, which is why it needs special measures to comply with GDPR standards. Because Google Analytics users work with data, according to GDPR they become so-called “controllers”. Now Google Analytics not only allows you to delete information about yourself upon first request. Users can also specify how long the data about website visitors will be stored before automatic removal. The default setting is 26 months.

Make sure that the information you collect in Google Analytics meets the stated goals. In general, collecting personal data breaks the Google Analytics Terms of Use. If you are passing such data to Google Analytics, ask your developers what can be done to fix it. Sometimes using filters to block the data transfer is not enough. Admins in Google Analytics have to enable IP anonymization, so they could still track the location of site visitors.

Get a 30-day free trial to be sure your data is used with caution and respect, even if you’re not a EU citizen