Amid data security issues, while most companies are juggling with their legal departments, many might
miss the Google GDPR (General Data Protection Regulation) compliance action on the data.
In the technological-savvy world, companies are using high-end technological services to promote their
products or services to a large clientele. The emergence of GDPR has made it difficult for companies to
use customer’s data for the promotion of their products or services. Let’s have a detailed look at how
Google GDPR compliance efforts impact on the company’s data.
What is GDPR?
GDPR is a new European Union (EU) legislation which is set to protect customer data. It is a replacement
for the 1995 Data Protection Drive, which has set the minimum standards for data protection in the
European Union. GDPR significantly strengthens the number of rights of an individual. Now, an individual
can ask the company to reveal the data they are have maintained in their database or delete the
personal data. This gives regulators a competitive edge to work in concert across the EU for the first
time. Besides, launching separate actions in each jurisdiction. Also, companies that fail to comply with
the GDPR regulations faces penalty of €20m 4% of the company’s global turnover, whichever is higher.
Defining Features of GDPR
The defining features of GDPR are as follows:
-
Companies need to maintain a high level of transparency. They need to show to the prospectivecustomers what information they have collected and for what purpose they are collecting.Besides this, which mediums they have used to collect the information. Further, if the companydecides to use that information other than the already known reason, then, they need to seekpermission from the potential customer again for that very purpose. Depending upon thepotential customer’s will, the company uses or deletes the information.
-
GDPR strengthen customer’s right. Customers can now enquire companies what informationthey are maintaining about them. If that information is correct or not. Customers can evenrevoke the permission to save the data. In this scenario, companies are compelled to remove thedata and from all such places where they have shared that data.
-
Companies need to show that they have taken proper security measures to secure the data. Ifany data breach has taken place in the company, it is liable upon the company to inform itscustomers within 72 hours. Failing to comply with the prescribed rules and regulation will haveseriousimplications for the revenue stream of the company, as well as, jeopardizing the reputeof the company
Consequences of GDPR
GDPR has consequences for the company operating within the premises of Europe as well as using the
European citizen’s data to generate leads. Let’s say that your company is dealing directly with an EU
resident, and that person gives you personally identifiable information (PII). Then, your company is
playing the role of a data controller. While on the other hand, GDPR also identifies another role named
as “data processor”, which means your company is using “any other company” as a “supplier”, and that
is handling PII. Though most of the restrictions applied to you as data controller, however, it is imperative
for the data processor to comply with the legalities of GDPR as well. Failing to comply erupt the
potentially unintended consequences of the legislation.
After the Google is taking every precautionary step to minimize their risk, which includes, pushing as
much of the obligation onto the data-controller. Google is more aggressive in implying stringent controls
on such accounts which infringe their term. Irrespective of this thing, that, infringement also infringes
GDPR. This makes complete sense as Google Analytics (GA) is offered for free to the accounts, which are
adding value to Google in aggregate. Rather than taking on extreme financial risks for individual free
accounts, Google is kicking off risky setups off the platform.
Companies that are using smart marketing & technological services to reach out to millions of people
around the globe are now facing challenges due to these stringent GDPR regulations. It is not only
Google alone which is suspending risky accounts over failure compliance; however, other such suppliers
are doing similar things. While some companies are going that far that they are shutting down their
products or services entirely for EU citizens.
Let’s have a look at the two main consequences of GDPR on your data, these are as follows:
- Default Data Retention Settings for Google Analytics deletes your data
- Google is deleting Google analytics account for capturing PII
1-Default Data Retention Settings for Google Analytics Deletes Your Data
On 25th may Google has changed the data retention settings. This means that if you haven’t taken action
on time then the data older than the prescribed date is automatically deleted. The fundamental reason
behind this is that Google is ensuring compliance with GDPR as a data processor. Speaking of the data
retention policy by Google, there is no confirm answer to how long companies are allowed to keep the
data stored in Google Analytics. But, one thing is crystal clear that it is not PII.
Action: Review the New Privacy Policy As Well As the Promises Being Made by Your Legal Team
It is advisable for the companies to review their new privacy policy and the new promises being made by
the legal team. If the consumers have not requested the deletion of the data, then you can retain the
data. However, with changing boundaries, the privacy policy and data retention policies also change
significantly.
2-Google is deleting Google Analytics Account for capturing PII
It is against the terms of service of GDPR to store any personally identifiable information (PII) in Google
analytics. Precisely, Google has become more diligent in checking PII accounts. Precisely, Google deletes
your account if they found any account which has deliberately stored PII without
Action: Audit your GA profile as well as implementation for PII risks
To avoid this problem it is advisable to perform the audits of the Google analytics account to figure out
the PII data present in the places like custom data or URLs. Besides this, companies can also audit their
implementation by reviewing their rules in the tag manager as well as reviewing the code present on key
pages.
Bottom Line
Summarizing the above discussion, GDPR compliance is mandatory for those companies which are
operating within the European zone or delivering their products or services to the European citizens.
GDPR striking features gives individual more rights against the potential companies, who previously use
the data to market their products and services. Now, with GDPR companies need to tell the customers
what information they have collected and via which means they have collected the information. In the
event of non-compliance companies can face stringent monetary penalties. Therefore, it is imperative for
companies to take specific actions they need to protect themselves as well as their company from GDPR
non-Compliance activities. Agile District is a committed custom software development & solution
provider, which is providing engineering excellence coupled with web development services to its
valuable customers across the globe to full fill their business needs