The GDPR (General Data Protection Regulation) came in to play on the 25th of May 2018 in Europe. At the end of 2019 the ePrivacy act will be enforced. These two EU-regulations are meant to guarantee and protect the personal data privacy of the EU-citizens.
Among other things this legislation means that you need to be fully aware of the cookies and third party tracking scripts that are in place on your website, which personal data is being stored and with whom you share this information. It’s essential that you map, track and explain the use of all the cookies and tracking cookies to your website’s users.
The GDPR and ePrivacy regulations are in place to address the concerns about the use of personal data by third parties and give individuals more control over their personal data. Companies and website owners need to uphold to the law in order to prevent being fined up to €20 million or 4% of their entire worldwide revenue.
What is personal data exactly?
Under personal data the regulations state that it’s all the information that can be used to identify an individual. On the web this information could be generated by cookies and other trackers, for instance by embedded third party services like Google or Facebook but also the IP address of a computer.
What does this mean for website owners?
To be compliant to the GDPR there are dozens of rules which we don’t cover here now. But in short a website owner should:
- Be completely up to date about all the cookies and third party trackingtechnology on his website(s)
- ask for permission to an user before any data processing takes place
- needs to have cookie consent logging in place
- ensure that the website offers the possibility to withdraw or change the consent status
- know which data is being shared with Third Parties and where this date is being send to.