Note: This article does not constitute legal advice or recommendations. The following article is for informational purposes only.
Now that the May 25 deadline is looming, business owners with Websites everywhere have been feverishly writing and publishing new privacy policies and notifications.
Should you, a small or medium size business owner whose target market resides solely in the U.S, be concerned about the EU’s General Data Protection Regulation or GDPR?
Who is Impacted by the GDPR?
The GDPR applies to businesses that specifically market to European Internet users within EU borders. A U.S.-based company selling in India whose Website is visited by an Austrian on holiday in that country will not be subject to the EU rules.
This article by Yaki Faitelson, published by Forbes Technology Council, outlines how the GDPR rules impact U.S. businesses that market their products or services in any EU country, regardless of where the company is located.
In addition to ethical best practices in collecting Website visitors’ information, it is entirely possible that a similar law could pass in the United States, despite the Internet Privacy Law rollback by Congress last year.
As Exterro writer Tim Rollins noted earlier this year, after the Facebook Cambridge Analytica scandal broke, U.S. Senator Ed Markey (D-MA) in an NPR interview mentioned that the U.S. needs an Internet “privacy Bill of Rights.”
Cookies are small data files that collect information about a visitor and their actions, such as pages visited or links clicked, on a Website. The data is installed on the visitor’s browser once a Web page loads. Some cookies expire once a browser is closed. Others are stored in a browser for a defined period.
If you have Google Analytics tracking code or Facebook pixels installed on your site, you have cookie tracking on your Website.
The EU implemented a cookie law in 2011 that requires precise and straightforward notice that cookies exist on a site, what information you are collecting and how you will use it. A Website visitor must give consent to the tracking, or the cookies must be disabled.
The cookie notice—those pesky pop-up notices with an Accept button— is how most Website’s deal with the informed consent (or non-consent) of the tracking.
As with the GDPR, cookie consent is only legally required in the EU, so it is up to you to decide whether it is necessary to install a cookie notice. I installed it on my site “just in case,” which many marketers are doing.
If you use a platform like Shopify, Weebly, or Wix for your Website, you might want to consult with that platform’s customer support about installing a cookie notice.
Some, like Weebly, already include the option to enable/disable cookie notices on your Website, and soon will provide it in banner form.
If a Web developer custom-built your site, contact them for help to install a cookie notice or hire a professional.
How to Install a Cookie Notice on a WordPress Site
WordPress site owners have several simple options to install cookie notices, the easiest of which is using a plugin.
I use the EU Cookie Law plugin on this Website, which is super simple to set up.
After installing and activating the plugin, you can customize the message that pops up. The plugin can also be set to automatically disables cookies until a visitor gives consent.
There are other options such as choosing scrolling consent. If a user continues scrolling down a page, they have automatically permitted the cookie tracking. But you must inform them about this type of approval in the popup notice.
It is not entirely clear if this plugin conforms to GDPR rules. But it is an excellent way to be upfront with your Website visitors about how you use their information.
I have signup forms installed throughout my Website in various formats. Some collect only email and a name, others require a phone number and other information.
Along with those forms, I now have written notices about what it means to submit your information on my Website. These notifications are another way to give details on how a user’s data will be used.
Here is the notice I use:
I customize the message per form.
Email Privacy Notices
If you use email marketing platforms, most, like MailChimp and Zoho, have already notified customers how they are helping with GDPR messaging.
Here’s a great outline from MailChimp about the messaging and consent checkboxes that are available on that platform.
While the GDPR may not directly impact how your business operates its Website and marketing efforts, it is still a good idea to set up your data collection practices to inform visitors about what type of information you collect and how you use it.
This will make your Website visitors feel safe and establish trust. You will also be ready just in case the U.S. decides to go GDPR style with its citizens’ Internet privacy protection.
Over to You
What do you think about Internet privacy laws and the methods that companies use to collect information about Website visitors? Let us know in the comments section.