The online world is once again experiencing changes in how consumers and their personal data are being treated. Due to yet another privacy affair from Facebook and their misuse of personal data the European Union has decided to enforce regulations that will protect personal and sensitive information of online consumers, namely EU citizens who browse the Internet. This new regulation is called the General Data Protection Regulation or the GDPR in short.
What’s interesting about this new regulation is that your business entity doesn’t have to be based in the EU, in order to violate regulation policies. In other words, how marketers collect and store data about their customers is about to change drastically. Moreover, you’ll have to redesign your marketing campaigns so that they’re not based on the collection of big data. Simply put, you’ll have to make do with the information your customers are willing to share with you voluntarily. In light of those events, here are a few SEO KPIs you have to track on your website, in order to remain GDPR compliant.
Redesign the privacy policy
Whether or not you’re operating within the borders of EU, you’re bound to have customers that are in one way or the other, citizens or residents of the EU. That means that you can’t ignore GDPR compliance, unless you want to face hefty fines for data breach. You’ll have to redesign your privacy policy and track the KPIs that will indicate that your policy statements are clear, understandable and well-written. Under the GDPR, you must ask for consent from users to track and process their personal data.
In addition, you must inform them about which information exactly are you collecting, how you are using it, how long are you storing it and so on. You must also focus on the consumer rights under the GDPR, such as the right to be forgotten, the right to access, the right to object and so on. In other words, you must minimize the data your website collects and ensure that you track the process so that it doesn’t accidentally leak any sensitive information.
Don’t collect any personally identifiable information (PII)
Personally identifiable information or PII collection is prohibited by the GDPR. What’s more, it’s against the terms of use for Google Analytics as well. PII is information, such as users name, address, social security number, email address, phone number, IP address and so on. Under the GDPR, it’s advised that you restructure your website, mobile app and any other source to protect this data by default.
In addition, you must ensure that you’re not sending any PII to Google Analytics server as well. You’ll have to check URLs of your pages, titles and tags to ensure they’re not collecting any PII data. You can also craft SEO reports to analyze your or client’s website and determine if any aspect is collecting or sharing PII data either accidentally or on purpose. That includes any information users disclose in forms that is collected by Google Analytics.
Track website traffic
Marketers have always focused on the KPIs that portray website traffic. However, now you must track website visitors that are citizens of the EU. The main reason is that processing or collection of sensitive data is prohibited under the GDPR. Sensitive information includes political and religious views, skin color, race, sexual orientation and so on.
Only in certain cases is processing of sensitive information allowed under the GDPR and you must ensure that your website isn’t violating the regulation by processing such data other than how it’s allowed. That’s why it’s important to track which website visitors are from the EU and ensure that their rights are not being abused in any way on your website. As mentioned before, fines for such data breach are significantly high. In fact, the fines go from € 10 to €20 million or 2% to 4% annual global turnover depending on which is higher.
Enable IP anonymization
The GDPR clearly states that an IP address is considered PII information. Many marketers track IP addresses of users for geo-targeting and geo-location marketing. In order to stop tracking the IP addresses of your users and ensure that you remain GDPR compliant, you’ll have to enable IP anonymization feature in Google Analytics.
What this feature does is that it anonymizes the IP address early on during the collection process and as soon as it’s technically viable. It turns the last octet of IPv4 and last 80 bits for IPv6 addresses into zeroes. That way, the full address is never actually written to disk on Google Analytics Collection Network. You must also track if your website is tracking any IP addresses regardless of the feature and restructure the code to prevent it.
The GDPR is designed to protect user privacy and sensitive information. That means that marketers and businesses alike will no longer be able to leverage the full potential of big data. That’s why it’s important to track the right KPIs on your website in order to ensure that you’re not violating this new regulation in any way.
