GDPR

[Michael]

What are the best resources available at the moment regarding GDPR besides those posted by the ICO here? https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr

What impact do you think it will have on SEO and other Marketing channels?

[Aran]

We recently attended a talk on GDPR which was really helpful from a very top level perspective, but their advice for anything detailed was to just use ICO and not to look elsewhere as there’s a lot of misguided information out there apparently.

I too am keen to see what effects will be had on marketing going post May.

[James]

Hi Michael,
Great question and a hugely important topic.
There is some useful info here: https://www.itpro.co.uk/it-legislation/27814/what-is-gdpr-everything-you-need-to-know-8
As for impact, initially people are going to have a database shrink because they won’t get everyone to opt back in, but going forwards, it should improve data quality as people won’t opt-in to something they’ve got no interest in.
What’s going to be a challenge is to align marketing like basket abandonment campaigns – do you have opt-in permission to send them?
What’s your take on the likely marketing impact?
thanks
james

[dan]

I enjoyed this: https://blog.ometria.com/expert-opinion-six-things-all-ecommerce-marketers-should-know-about-gdpr

Good job from the Ometria team.

[Joey]

One of our partners did this great piece of analysis on our own demo instance:

https://goo.gl/2jPRp1

They went through each Article of the regulation and applied it to the demo site. Still work for our teams to get this fully compliant but this is by far the most practical post that I’ve seen on GDPR so far.

Joey

[Pierre]

The GDPR is one thing, and it covers a lot of topics we deal with, but the big change for our industry is the proposed ePrivacy Regulation (ePR), the update of the commonly-mocked ‘cookie law’.

The two key points about the GDPR are (1) it expanded the definition of personal data, and (2) it takes a risk-based approach to how personal data is collected and processed. Because of (2), you’ll see lots of snake oil in the industry, and also a lot of head scratching about what it all means. The reality is it means doing a full audit of all personal data you collect, how it’s collected and why, rooting that on one of the six legal bases for processing personal data the GDPR allows, implementing access controls and business processes, and doing all documentation and impact assessments you need for each dataset. A subtle and commonly-missed impact is that retargeting is a form of profiling under the GDPR, and that opens up compliance questions around profiling and automated decision making.

Also, it’s not a one-time exercise, but you will need ongoing monitoring and review.

The ePR… sigh. The current draft basically says do not track users without consent, with a handful of very specific (and sometime controversial) exceptions. The most important one is, IMO, the one about web analytics, or as it’s currently phrased, the means to measure the “reach” of a website. This is causing lots of debate, and so far the privacy advocates are winning.

I can talk about this endlessly, but I’ll stop now 🙂

P

[Author]

Posts