On May 25 a new law will be passed in the European Union, one which will shake up online business around the world.

The General Data Protection Regulation (GDPR) will make the consequences of failing to protect personal data far more serious.

It may be a European Union law, but it will apply to anyone selling in the EU, regardless of where they are based, so Kiwi businesses are also affected.

What is the GDPR?

Passed back in 2016, the General Data Protection Regulation is a stricter set of laws for how companies manage and share personal data.

The EU is taking the matter very seriously, and the new law means that any company collecting personal data on an EU citizen needs their explicit and informed consent first. Users can also withdraw their consent at any time and can request all the data a company has on them.

Companies will be obliged to clearly inform individuals about why they are collecting their personal data, how it is going to be used, and with whom it is going to be shared. With the recent Cambridge Analytica scandal, the timing of the regulations seems to be more pertinent than ever.

What’s going to change?

The biggest change it may have on Kiwi businesses is on advertising, specifically Google AdWords.

Google uses advanced algorithms to target people based on things like their age, location, occupation, hobbies … all of which might now be illegal to collect on EU citizens. It is yet unclear how this is going to affect AdWords, but companies are scrambling to make sure they’re not caught with their pants down come May 25.

You might not even know it if you’re not tech-savvy, but your own website can collect info on the people who visit. Companies can inadvertently fall foul of this is when they pass variables (such as email address, first name, etc) from form completion data being placed in the website page address that is then passed to Google Analytics.

IP addresses are another piece of personal information that Google Analytics collects. We suggest you alter your tracking code so that this is masked within your account. This can also be achieved within Google Tag Manager.

How we can help

These stricter laws may be good news for consumers, but they’re bad news for businesses.

The regulations can be confusing and difficult to implement, especially for companies outside the EU, and a breach of the law can result in severe penalties, set at 4% of a company’s global turnover (or €20 million, whichever is larger).

This can be handled by the larger companies such as Facebook, but for some smaller businesses it could mean struggling to stay afloat, or even folding altogether.

If you’re unsure what your website is collecting, and what, if any, changes you need to make before the May 25 deadline, then contact us today. We can complete a full audit of your site, and let you know exactly where you stand in regard to the new General Data Protection Regulation.

Check out the following resources if you would like to know more about the GDPR.

https://en.wikipedia.org/wiki/General_Data_Protection_Regulation

https://www.eugdpr.org/eugdpr.org.html

https://ec.europa.eu/info/law/law-topic/data-protection_en