GDPR. Anyone figured this out?

[Andy Black]

My head hurts trying to figure this out, but it’s something we have to do.

Can anyone link to good resources that clearly explain what we need to do?

 

Don't like ads? Remove them while supporting the forum: Subscribe to Fastlane Insiders.

[jon.M]

My head hurts trying to figure this out, but it’s something we have to do.

Can anyone link to good resources that clearly explain what we need to do?

I don't know how much you know already, but I just throw these videos in here for everyone who's no idea of what GDPR is.

Here are some of my takeaways. Take it with a pinch of salt, though. Not completely figured it out myself.

But the meat and potatoes seem to be that you've got to be clear about what you'll do with their data, and give users control over theirs. For example when you're offering a lead magnet, you NEED to tell users -- and get their active consent -- that you will use their e-mail adress to contact them with additional offers in the future (if that's what you do).

You can't longer do the "By using this site, you accept cookies" trick. Users must have the choice to either accept or reject that data collection.

Users will need the option to opt out from your data collection. That's why Google Analytics just launched a couple of new functions that allows us to, for example, delete all data associated with an individual user:

Today we introduced granular data retention controls that allow you to manage how long your user and event data is held on our servers. Starting May 25, 2018, user and event data will be retained according to these settings; Google Analytics will automatically delete user and event data that is older than the retention period you select. Note that these settings will not affect reports based on aggregated data.

Action: Please review these data retention settings and modify as needed.
Before May 25, we will also introduce a new user deletion tool that allows you to manage the deletion of all data associated with an individual user (e.g. site visitor) from your Google Analytics and/or Analytics 360 properties. This new automated tool will work based on any of the common identifiers sent to Analytics Client ID (i.e. standard Google Analytics first party cookie), User ID (if enabled), or App Instance ID (if using Google Analytics for Firebase). Details will be available on our Developers site shortly.

Addition: I also think that if the data you're collecting is hacked, lost etc, you are obliged to report the incident to your country's data protection regulator. But only if it has a detrimental impact on individuals whose data is collected.

For example if it could lead to lost money, confidentiality breaches, damage to reputation.

What is GDPR? The need-to-know guide | WIRED UK

 

[Everyman]

As far as I am concerned another 'dead' law.

EU is useless regulating the curve of a banana and light bulbs. This is another adding, to the pile of horse*@t they produce and we let them.

How is google or other giants going to adhere? Answer. They won't.

'Our' company owns more than 5 data centres across the world. Is 'EU' going to raid them to check if they don't keep excessive data? Or else?

Disregard any ridiculous law they produce and move on. This is what we should do. It's not about data protection but to waste your time and give you a headache.

 

[Limitless4Life]

Www.cvent.com/gdpr

 

Don't like ads? Remove them while supporting the forum: Subscribe to Fastlane Insiders.

[Sanj Modha]

It's just a tightening up of laws. I'd say it's more transparent which is a good thing.

 

[Thoelk]

As far as I am concerned another 'dead' law.

EU is useless regulating the curve of a banana and light bulbs. This is another adding, to the pile of horse*@t they produce and we let them.

How is google or other giants going to adhere? Answer. They won't.

'Our' company owns more than 5 data centres across the world. Is 'EU' going to raid them to check if they don't keep excessive data? Or else?

Disregard any ridiculous law they produce and move on. This is what we should do. It's not about data protection but to waste your time and give you a headache.

I wouldn't call it dead, rather passive. EU won't investigate by themselves actively, but you as a consumer will get the support through these laws. Just ask yourself the question, if cliënt X sends me a mail with the question to give all his data.. and afterwards delete it. Am I able to do that, yes or no? Because you should be. But I agree, it's all a bit fuzzy. And if you want some nice freelance opportunities, getting ''hired" as a DPO to prepare for GDPR is a good choice.

I wouldn't simply wash it away. Comparing yourself to a Silicon valley gigant is never a good idea..

 

[theag]

I'm throwing up in circles over GDPR.

 

Don't like ads? Remove them while supporting the forum: Subscribe to Fastlane Insiders.

[Everyman]

I meant no disrespect @Andy Black . Although my language is direct and harsh. Andy, you touched my nerve here, but it's mine, not yours to deal with.

I wouldn't call it dead, rather passive. EU won't investigate by themselves actively, but you as a consumer will get the support through these laws. Just ask yourself the question, if cliënt X sends me a mail with the question to give all his data.. and afterwards delete it. Am I able to do that, yes or no? Because you should be. But I agree, it's all a bit fuzzy. And if you want some nice freelance opportunities, getting ''hired" as a DPO to prepare for GDPR is a good choice.

I wouldn't simply wash it away. Comparing yourself to a Silicon valley gigant is never a good idea..

I know we shouldn't discuss politics like this and also go far from 'conspiracy theories'. I will make an exception here and hopefully it won't be against the rules (hence deleted). I don't blame the gov, or anyone else for my own outcomes.

This is just a short explanation and my thoughts.

1) This is not conspiracy for me. These are facts. The intelligence (any smart like CIA or MI6) can activate your phone without it showing signs of being active.

We all are wearing spying devices (phones) with microphones and cameras. Fact. If you don't believe you don't have to. I know you think The Dark Knight was just a movie. No. The Batman character doesn't exist.

There is no vigilante that will pull the plug as soon as he will finish it with the bad guys. I know we subconsciously seek this 'father' figure that will save us, but no. No father in real life. "Rich dad, poor dad". I can see Mr. K reaching into our pockets.... Save yourself with your own hands. Read below...

2) Yes, comparing ourselves to google is a big mistake. They can afford to bribe lawyers, politicians, even whole countries...

Nevertheless it gives you hints how to operate. Big guys have money (Apple's cash position is over $200BN... srsly... or even more, why would you need an excessive amount of money like this?! No, the answer is not 'because I can'). And we have flexibility. They don't. I treat laws as traps for small guys like I or you, set by big companies to stop competition.

While we cannot afford lawyers and accountants as good as the big guys. We can go unseen and do whatever we want. This is my advice. We cannot afford to waste time on useless 'laws' that don't bring any value to anyone...

Sorry for this, but I am fed up today. And also see that more and more people do not produce anything and still get 'food', out of producers pocket (forced on producers to 'share') which is just immoral and causes more problems...

It helps me going on.

KNOW YOUR ENEMY​

I find the FASTLANE the cure for this. I don't look for excuses. When you understand the system. You can outmaneuver it to your advantage. The FASTLANE brings hope, and balance so producers can keep the world revolving. Just don't pretend that taxation, laws etc... work to your advantage. Because mostly they don't....

 

[Andy Black]

I meant no disrespect @Andy Black . Although my language is direct and harsh. Andy, you touched my nerve here, but it's mine, not yours to deal with.



I know we shouldn't discuss politics like this and also go far from 'conspiracy theories'. I will make an exception here and hopefully it won't be against the rules (hence deleted). I don't blame the gov, or anyone else for my own outcomes.

This is just a short explanation and my thoughts.

1) This is not conspiracy for me. These are facts. The intelligence (any smart like CIA or MI6) can activate your phone without it showing signs of being active.

We all are wearing spying devices (phones) with microphones and cameras. Fact. If you don't believe you don't have to. I know you think The Dark Knight was just a movie. No. The Batman character doesn't exist.

There is no vigilante that will pull the plug as soon as he will finish it with the bad guys. I know we subconsciously seek this 'father' figure that will save us, but no. No father in real life. "Rich dad, poor dad". I can see Mr. K reaching into our pockets.... Save yourself with your own hands. Read below...

2) Yes, comparing ourselves to google is a big mistake. They can afford to bribe lawyers, politicians, even whole countries...

Nevertheless it gives you hints how to operate. Big guys have money (Apple's cash position is over $200BN... srsly... or even more, why would you need an excessive amount of money like this?! No, the answer is not 'because I can'). And we have flexibility. They don't. I treat laws as traps for small guys like I or you, set by big companies to stop competition.

While we cannot afford lawyers and accountants as good as the big guys. We can go unseen and do whatever we want. This is my advice. We cannot afford to waste time on useless 'laws' that don't bring any value to anyone...

Sorry for this, but I am fed up today. And also see that more and more people do not produce anything and still get 'food', out of producers pocket (forced on producers to 'share') which is just immoral and causes more problems...

It helps me going on.

KNOW YOUR ENEMY​

I find the FASTLANE the cure for this. I don't look for excuses. When you understand the system. You can outmaneuver it to your advantage. The FASTLANE brings hope, and balance so producers can keep the world revolving. Just don't pretend that taxation, laws etc... work to your advantage. Because mostly they don't....

Not sure how I’ve touched a nerve.

I need to get compliant, and ensure my clients are compliant too.

That’s it. Just another hurdle to step over.

 

[Andy Black]

I'm throwing up in circles over GDPR.

I’m not quite throwing up, just glazed over.

 

Don't like ads? Remove them while supporting the forum: Subscribe to Fastlane Insiders.

[Everyman]

Not sure how I’ve touched a nerve.

I need to get compliant, and ensure my clients are compliant too.

That’s it. Just another hurdle to step over.

I don't like regulations, that's it.

Anyway I hope you will get it sorted properly.

 

[theag]

ensure my clients are compliant too

In our consulting business we honestly tell our clients that we can't advise on GDPR and they should seek specialized legal advice if they want to be on the safe side. I think this is the only reasonable way to go as a service provider, for example Adwords or (even worse) FB campaign management, otherwise you might have a high risk of unintentionally giving wrong advice and being liable for it. And the stakes are high with GDPR penalties.

FB's privacy breach problems are already making waves in the FB ads environment and I think it might get a lot worse next month. Worst case FB ads become useless for a majority of businesses because targeting options disappear and the FB pixel needing an actual opt-in (what my lawyers tell me), rendering highly profitable remarketing useless (because nobody opts in), no more lookalike audiences and no way to track campaign performance. Unless you are willing to take the legal risks.

There is a high chance of GDPR killing off a lot of small advertisers and ruining businesses, while further strengthening FB's and Google's positions. A lot of the adtech companies might get serious problems. And the EU is clueless about the consequences of their doings.

 

[Andy Black]

In our consulting business we honestly tell our clients that we can't advise on GDPR and they should seek specialized legal advice if they want to be on the safe side. I think this is the only reasonable way to go as a service provider

Yeah. Clients need to take responsibility for this. Just figuring out how to raise this with them.

We don't do Facebook ads, just AdWords, and we do very little remarketing. That might make life easier. However, on landing pages we build for clients we install by default their Google Analytics code, heatmap code, and are trialing reverse IP lookup solutions.

I'm only finally looking at GDPR now. It's been that can of worms I've not wanted to open.

FB's privacy breach problems are already making waves in the FB ads environment and I think it might get a lot worse next month. Worst case FB ads become useless for a majority of businesses because targeting options disappear and the FB pixel needing an actual opt-in (what my lawyers tell me), rendering highly profitable remarketing useless (because nobody opts in), no more lookalike audiences and no way to track campaign performance. Unless you are willing to take the legal risks.

There is a high chance of GDPR killing off a lot of small advertisers and ruining businesses, while further strengthening FB's and Google's positions. A lot of the adtech companies might get serious problems. And the EU is clueless about the consequences of their doings.

Ouch. No more remarketing and no more look-alike audiences would have a big impact on FB advertisers.

 

Don't like ads? Remove them while supporting the forum: Subscribe to Fastlane Insiders.

[Formless]

I ghost-wrote a series of articles about GDPR. Mostly to get people to go to a seminar.

GDPR IN PLAIN ENGLISH (Part 5/5): What the C-Suite or Owners Need To Do About Their HR Practices (and a quick summary of the series)

In this post, press ctrl/cmd+f "Summary of the Series".

It's a bullet point list explaining the crux of GDPR in plain English.

If you wanna understand it like the back of your hand. Set aside an hour and read the directive itself. Most online resources (my own article included) are just boildown summaries or sales pitches for seminars.

 

[GoGetter24]

And the EU is clueless about the consequences of their doings.

More like they just don't care / do whatever they feel suits their bureaucratic selves. Fortunately, membership is still optional, unless Germany decides to "not optional" Europe again.

That said, the ability to request "delete all my data" suits me fine as a consumer. How enforceable it is, is another question -- it's impossible to know or prove if something has been deleted from everywhere.

But seeing the 'accept cookies' thing whenever I visit a European site is just annoying. They're going to make it more annoying? Is there a "remove EU sites from my SERP" option in Google?

 

[theag]

unless Germany decides to "not optional" Europe again

Not with the sorry state of our "army"

 

Don't like ads? Remove them while supporting the forum: Subscribe to Fastlane Insiders.

[theag]

But seeing the 'accept cookies' thing whenever I visit a European site is just annoying. They're going to make it more annoying?

Sites will need to have one of those popups for EVERY SINGLE COOKIE they set soon, according to the law interpretations I read. Not with GDPR, but the ePrivacy thing that is supposed to come in 2019.

 

[c4n]

Sites will need to have one of those popups for EVERY SINGLE COOKIE they set soon, according to the law interpretations I read. Not with GDPR, but the ePrivacy thing that is supposed to come in 2019.

Fortunately this is not true, the ePrivacy regulation will actually aim to simplify rules for cookies and exclude non-tracking cookies from consent.

A Wiki summary of goals: ePrivacy Regulation (European Union) - Wikipedia

The full proposal: Proposal for a Regulation on Privacy and Electronic Communications

 

[theag]

exclude non-tracking cookies from consent

Yea, but nobody cares about non-tracking cookies (e.g. shopping cart, etc). The tracking/remarketing cookies + lookalike audiences are the money makers. And those are the ones under attack by the new regulations.

You should read your wiki link again. They want to move from consent popups to browser settings to make it more user friendly, because obviously these popups are annoying. But if they make do-not-track standard in browsers, like some propose, its bye bye to profitable remarketing and even conversion tracking. The effects of this are obvious for everybody even remotely aware of how online marketing works. Its a business killer.

From what I have read there is already discussion of changing GDPR and ePrivacy before they are even in action, because they realized that its doing the opposite of what they intended, so who knows what exactly will happen..

 

Don't like ads? Remove them while supporting the forum: Subscribe to Fastlane Insiders.

[johnp]

In the email industry it's a pretty big deal too. My company has been jumping through some crazy hoops for GDPR compliance. A lot of money was spent on new features and other stuff.

On the email side, I'd argue that GDPR is good for email. For example, now you now have to be really clear about what you plan to do when someone opts-into your list. It's even recommended that you make someone click a checkbox before they subscribe. Obviously there is more friction with that experience, but subscriber expectations are important for good email deliverability.

Thing that I'm worried most about with GDPR is remarketing and custom audiences.

My head hurts trying to figure this out, but it’s something we have to do.

Can anyone link to good resources that clearly explain what we need to do?

I'm not sure if this helps, but I'm pretty sure that Unbounce is on track for GDPR compliance in May.

I think (but could be wrong) that switching over to Unbounce should cover your clients on the landing page side of things.

 

[c4n]

Yea, but nobody cares about non-tracking cookies (e.g. shopping cart, etc).

I do, makes my software business easier Not only are those consent pop-ups annoying as hell, with the current directive you need to take in account country-level implementation to make sure your software is compliant throughout EU.

I agree with the rest of your post though and freaking hate the "privacy" bureaucrats.

 

[Andy Black]

I've just booked myself onto this. Dreading it.

 

Don't like ads? Remove them while supporting the forum: Subscribe to Fastlane Insiders.

[MJ DeMarco]

Ah yes GPDR ... kinda reminds me of the infamous "Affordable Care Act" here in the states -- sure it sounds great with good intentions, but the whole thing just looks like a revenue-racket. As the bureaucrats say, never let a good crisis go to waste when that crisis can be used to implement more fee-generating regulations.

I've just booked myself onto this. Dreading it.

How'd it go?

 

[jon.M]

Ah yes GPDR ... kinda reminds me of the infamous "Affordable Care Act" here in the states -- sure it sounds great with good intentions, but the whole thing just looks like a revenue-racket. As the bureaucrats say, never let a good crisis go to waste when that crisis can be used to implement more fee-generating regulations.

B-b-but our leaders do everything for the good of the people. Because everyone are really concerned about their privacy. Forget that we stayed on Facebook during its recent crisis. Forget that we publicly post images of our kids on Instagram. Forget that we spend our days on Snapchat, which lets contacts see our exact location in real time.

 

[Andy Black]

How'd it go?

The course is tomorrow. I’m not looking forward to it. I’ll miss the last couple of hours as I’ll be picking up kids from school.

I’ve been flooded with emails from everything I’m signed up to (as I’m sure everyone else has) and have been forwarding the best worded ones to my team for us to review on Monday and implement. It’s on the long finger as they say here in Ireland (the last thing I want to do).

 

Don't like ads? Remove them while supporting the forum: Subscribe to Fastlane Insiders.

[theag]

I implemented most GDPR requirements. Not the ones I don't agree with / are unclear but lawyers recommend (like optin button for remarketing). Risk/reward...

 

[Chris McCarron]

At the risk of self promotion, this video covers just about everything related to GDPR:

Hope it helps Fastlaners who need to understand GDPR.

 

[Chris McCarron]

B-b-but our leaders do everything for the good of the people. Because everyone are really concerned about their privacy. Forget that we stayed on Facebook during its recent crisis. Forget that we publicly post images of our kids on Instagram. Forget that we spend our days on Snapchat, which lets contacts see our exact location in real time.

Only people who have never owned a business or held a position of authority within a company would have ever created GDPR.

The primary aim of GDPR is protect PII from data breaches and being leaked online and to have one unified set of rules.

In theory this is positive and it's clearly directed at large global corporations that are consistently targeted by hackers.

The unfortunate side effect is that businesses of all sizes are quite rightly frightened by the imposing fines, and therefore within our entrepreneurial bubble, the new regulation is overshadowed by "can I email someone?".

I recently reached out to a business owner by email so that I could introduce myself and see if I could assist them. I shortly thereafter got a reply spouting GDPR and "spam".

Complete nonsense and devoid from logic or common sense. Additionally, unless it's a German resident's business email address, then business contact details do not constitute as PII. Therefore GDPR does not apply.

Not many people know this and I find it hard to fathom how much money businesses will miss out on by being too afraid to email professionals or by spending time to respond directly to professionals claiming that contacting them via their business details is against the new GDPR legislation.

This is where the bureaucracy, micro managing rules and laws has brought us: fear, expense, time-consuming nonsense that applies to every business - regardless of the size of the entity and if it has ever been or ever will be the target of hackers.

Furthermore, GDPR data breaches will in all likelihood not occur on servers owned by a typical business, but rather the tools, software and platforms hosted by third parties to store PII. For example Shopify, MailCheat(Chimp), Cloud storage etc.

Therefore, it's irrelevant and therefore not logical for GDPR to apply to any business other than the data processor.

Is it all bad? No
Is 99% of it precisely the same as the Data Protection Act? Yes
Is it something that people have demanded within the EU? No (well perhaps a tiny minority)
Should GDPR apply to my business? Absolutely not
Should GDPR apply to data processors? Yes, probably

 

Don't like ads? Remove them while supporting the forum: Subscribe to Fastlane Insiders.

[JAVB]

I wouldn't worry about GDPR if you don't actively target European customers.

Note that it is not the same as "having" European customers or visitors

Let's say a German citizen found this forum searching online, or simply picked up the book in an airport and landed here, he would not be protected by this law... now, if @MJ DeMarco were to set up page in German language, or run ads in Germany, he is consciously targeting European citizens, for which he'd have to offer them such protection.

Consider your reality before investing time and money into learning more about this law.

 

[Chris McCarron]

I wouldn't worry about GDPR if you don't actively target European customers.

Note that it is not the same as "having" European customers or visitors

Let's say a German citizen found this forum searching online, or simply picked up the book in an airport and landed here, he would not be protected by this law... now, if @MJ DeMarco were to set up page in German language, or run ads in Germany, he is consciously targeting European citizens, for which he'd have to offer them such protection.

Consider your reality before investing time and money into learning more about this law.

Unfortunately that isn't the case. All EU citizens are protected by GDPR compliance regardless of where the server of the forum is located.

The only way to prevent a business from having to comply to this regulation is to shut off access to EU visitors, including EU citizens residing and/or visiting the US (or non EU country).

You can't account for that.