General Data Protection Regulation is a European Union (EU) data privacy regulation that allows customers or individuals being incharge of their information. GDPR is implemented on May 25, 2018.
Actual purpose is to consolidate privacy regulations across the EU.
If you are not yet aware of GDPR, and how it effects your business, blog or private website you should for sure take actions right on if you are targeting users from EEA/EU.
Personal data:
Could be defined as every single piece of information that can lead to the identification of an individual. Either in a direct or indirect way. Personal data can be defined in following categories:
- Name and contact details
- Address
- Location data
- Personal identification number
- Website, apps and/or software identifiers
- Cookie strings
- IP address
If you are no business guys but a developer running websites and apps including Google Analytics and ads, you must be GDPR compliance.
I am not a legal adviser, but sharing how I understood for my usage being a programmer.
What to do:
Make transparent Privacy policy page, that explains what is being recorded, created or stored when user visits your website/app.
ie:
- Creating cookies.
- Storing user personal data in local storage or database.
- Pushing data to any third party for statistics like Google Analytics or .displaying ads via Google Adsense or AdMob.
Using Google Analytics:
If you are using only Google Analytics, you must watch following video from jeffalytics.com. He well explained it the whole process.
Article: Link
Using Youtube Embeds?:
Youtube create a cookies to track user even if you just embeded a Youtube video in your blog.
But now it’s possible to use no trackable Youtube embeds.
And URL now looks like youtube-nocookie.com.
Screenshot from Youtube
Quick Highlights of GDPR:
- Monetary administrative penalties of €20 million or 4% of worldwide revenue if your organization is not in compliance.
- Subjected to GDPR even if you don’t have a physical presence in the EU; if you provide goods or services to EU citizens, you are impacted.
- The definition of personal data is expanded and clarified to include IP addresses, cookie identifiers, and GPS locations.
- Explicit consent and transparency is required; this means that inactivity and pre-checked boxes are not considered consent.
- EU citizens have the right to be forgotten and personal data must be erased upon request.
- GDPR is an opportunity to build trust and help your brand stand out.
- https://ico.org.uk/ controllering evething about GDPR.
