What is GDPR?
GDPR stands for General Data Protection Regulation. It is a regulation by European Union and has already gone into effect on 25 May, 2018 which was the GDPR compliance deadline! The purpose of GDPR is to protect the privacy of consumers as well as empower them by letting them choose, whether any company can collect their data online or not. Or if they allow data collection, they can also control how their data is being used. All this pertains to the customers who fall within the European Union (or European Economic Area). So, if you have any website traffic (or App users) from this region (irrespective of whether your business is located inside European Union regions or not), or you handle personal data of consumers in this region, then your company should be concerned about GDPR compliance. GDPR implications are going to change the processes of data collection, advertising, analytics and remarketing altogether.
GDPR Compliance Checklist for Digital Marketers in India
Although it will not impact the Digital Marketers in India directly, websites being global in nature, almost each and every website in India draws traffic from European Union region. So, Digital Marketers in India, who have website traffic from European Union should definitely be concerned to adhere to GDPR regulation. Here are the three areas upon which GDPR will impact Digitial Marketing in India:
1.) GDPR Implications on Google Analytics
Google has introduced Granular Data Retention Controls which will allow you to manage how long your user and event data is held on Google’s servers. All of you who use Google Analytics in any form, must have received an email by Google announcing this change. As per Google, this data pertains to cookies like “user-identifiers (e.g., User-ID) and advertising identifiers (e.g., DoubleClick cookies, Android’s Advertising ID, Apple’s Identifier for Advertisers)“. Here’s a screenshot of Google’s mail announcing that:
Here are the two important Google Analytics settings which you can implement immediately for GDPR compliance:
a.) How to Set Google Analytics’ Data Retention Duration
Here are steps to set data retention duration on Google Analytics:
- Login to your Google Analytics account.
- Now Click on the ADMIN
- In the Property Column, choose the desired property (your websites which you have integrated with Google Analytics) from the menu.
- Click on the Tracking Info, a pop-down will emerge.
- Now click on the Data Retention, and choose the desired duration, as shown in the following screenshot. That’s it!
b.) How to Accept Google’s Data Processing Amendment
Here are the required steps:
- Login to your Google Analytics account.
- Click on the ADMIN
- In the ACCOUNT column, choose the account wherein you want to update settings. At the top of Account column, is the search box wherein you can select your desired account in case you have multiple accounts.
- After selecting the desired account, click on the Account Settings option.
- Now you will see the Data Processing Amendment on this page. Click on Review Amendment option underneath it. At this stage, you will see the following popup:
- After your review this amendment, click on Accept and then on Save to save the settings.
2.) User Consent Policies
a.) Google’s User Consent Policies
All the major internet houses including Google are updating their User Consent Policies. As per Google’s policy, you as a Digital Marketer must ensure that:
Certain disclosures are given to, and consents obtained from, end users in the European Economic Area. If you fail to comply with this policy, we may limit or suspend your use of the Google product and/or terminate your agreement.
Google has clearly stated the important aspects of end users’ legally valid consent for GDPR Compliance. Just read the points with pointed arrows carefully!
b.) Facebook’s User Consent Policies
Facebook has also announced its GDPR compliance terms. As per their statement, Facebook along with its affiliates like Instagram, WhatsApp and Oculus, will comply with GDPR regulation. The cases where Facebook serves as a Data Controller to Advertisers and Users, the onus is on Facebook to comply with GDPR whereas there can be few cases wherein it acts as a Data Processor rather than Data Controller. In such cases, the onus is on Advertisers (attention Digital Marketers!) to comply with GDPR guidelines, as it is you who are sharing the data wtth Facebook. And such cases are as shown in the following screenshot:
Facebook has also introduced two new tools for Digital Marketers to comply with GDPR guidelines:
i.) Personal Data Deletion Feedback
Facebook has launched the callback URL, wherein Marketers can receive a user’s request to delete their information (like Name, Email, Phone etc.) which your app or website received on Facebook. In the Apps and Websites section on Facebook Settings, users can delete any of the Apps to which they provided access throughout their Facebook history. They can also request removal of all the data about them collected by these Apps in the past. And once you as a Marketer receive this user request, you will have to delete it permanently to adhere to GDPR guideline. In case you have a malafide intent to keep a copy of the original data or to misuse it in any way, you can be persecuted as per the GDPR laws! So, be wise.
As per Facebook offering callback URL has following benefits:
The experience on Facebook will inform people when they sent a request and when it was acknowledged by your service. It will also provide them with a confirmation number you supply and a way to check the status of their request. Offering this option to people can help you automate customer service requests, demonstrate that you’re handling their information responsibly, and help meet your compliance requirements, such as for the GDPR.
To activate this option, you need to provide a callback URL to Facebook, where Facebook can send you the users’ requests. Add the callback URL to your app’s settings page in the app dashboard. It is compulsory to use HTTPS in your callback URL due to security and trust issues.
ii.) Data Protection Officer Contact Information
There’s a particular GDPR guideline, which requires companies to designate a Data Protection Officer (DPO) and publish DPO’s contact information, who will be responsible to assist in matters related to the processing of user’s personal information.
So, if you have lots of dealings with customers in European Union, like you sell products directly in that zone or even if you get lots of website traffic or app installs/usage from there, it is time for you to consider the position of DPO in your company. This is going to be one of the most important aspects of GDPR compliance for companies around the world.
And once you have a DPO, you can update DPO’s contact details in the App Dashboard, under Settings tab as shown below:
It’s Action Time
I have tried to provide you all the important information which is of utmost importance to Digital Marketers. Now it’s your action time to apply all this in practice. I would say that GDPR being so new, there are going to be so many more angles to it from Digital Marketer’s perspective. I have mentioned just two networks, Google and Facebook. There are so many other marketing platforms and social networks where you generate personal data of users. So, do an audit of all the tools which you are using. See, if you are getting any information from users in European Union region. And then you know what you have to do. Comply with GDPR Guidelines. And finally, my advise is, GDPR implications being so exhaustive, read as much as you can about it!