December 4th, 2017 AI Insight
Cookies and GDPR compliance, perhaps you haven’t thought about how regulation changes could impact the way you market? Find out everything you need to know about how GDPR will affect the way you use web analytics tools like cookies in your business.
Cookies have become a familiar fixture for most web users. Web analytics tools allow businesses to track visitor engagement on their website and follow up with marketing activity. Useful for your marketing team? Certainly. GDPR compliant? Well, that’s where the waters get a little muddy.
Cookies are only referenced once in the GDPR guidelines:
‘Recital 30: Natural Persons may be associated with online identities…such as internet protocol addresses, cookie identifiers or other identifiers…This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them.’
Not all cookies are used in a way that could identify users, but the majority are. This means cookies used for analytics, advertising and functional services such as surveys and chat tools are at risk of non-compliance under GDPR. A risk that comes with a hefty penalty.
Cookies often contain pseudonymous identifiers (e.g. strings of numbers or letters) to give them uniqueness. Under GDPR it is this uniqueness that qualifies them as personal data. So, any cookie that is capable of identifying an individual, or treating them as unique without explicitly identifying them means your business is processing personal data.
To cut a long story short, using cookies in the established way is going to become increasingly hard. Cookies are not banned under GDPR. However, if you can’t prove consent on an individual basis you’re at risk of non-compliance.
If you can prove that your business has a lawful ground to collect and process the data in question then you can continue to do so. However, since most businesses rely on implied or opt-out consent it will be increasingly hard to prove lawful consent under the strengthened requirements of GDPR.
Additionally, The Privacy and Electronic Communications Regulations (PECR), aka the ‘cookie law’ is being updated and brought in line with GDPR. Tightening this up will mean more restrictions on how and when data analytics tools like cookies can be used.
The solution is this: make it easy for your leads give that consent, and give them an equally clear opt-out. You can then continue to process their personal data (name, email address etc.). Going forward this could mean that your lead quality increases and you can begin engaging with people who are genuinely interested in your products or services.
That’s a great question. There’s a lot of information out there about what you have to do to be GDPR compliant, but less about how to actually do so. At Automated Intelligence we’re dedicated to helping businesses understand GDPR and achieve compliance.
That’s why we built GDPR Powered by AI.DATALIFT. This dedicated software takes the complication out of GDPR compliance; hosted on Microsoft Azure, it anticipates all of your GDPR needs. If you’re interested in getting a demo or simply want to find out a little bit more about GDPR compliance, get in touch today.