[et_pb_section fb_built=”1″ _builder_version=”4.4.7″][et_pb_row column_structure=”3_5,2_5″ _builder_version=”4.4.7″][et_pb_column type=”3_5″ _builder_version=”4.4.7″][et_pb_text disabled_on=”off|off|on” _builder_version=”4.4.7″ text_orientation=”center” custom_margin=”||0px||false|false” custom_padding=”||0px||false|false”]

[/et_pb_text][et_pb_text _builder_version=”4.4.7″ header_font=”||||||||” header_2_font_size=”30px” header_3_font=”||||||||” header_3_line_height=”1.3em” custom_padding=”||||false|false” border_color_right=”#727272″]

What is GDPR?

GDPR is ‘General Data Protection Regulation’

GDPR is implemented in the EU and UK and requires that visitors from these regions should, by default, not be tracked unless they provide explicit consent (opt-in).

US websites must also comply with this regulation if they have visitors from the EU and UK. Most of our California based B2B tech clients have 5-30% of their traffic coming from Europe.

[/et_pb_text][et_pb_text _builder_version=”4.4.7″ text_text_color=”#000000″ background_color=”#bab2df” custom_margin=”|60px||60px|false|true” custom_margin_tablet=”” custom_margin_phone=”|20px||20px|false|true” custom_margin_last_edited=”on|phone” custom_padding=”20px|20px|20px|20px|true|true” border_color_all=”#5524db” border_width_top=”2px” border_color_top=”#4d319b”]

It is now the site owner’s responsibility to explicitly collect consent from EU and UK visitors before tracking their behavior.

All website owners need to be aware of the details as there is potential legal liability you might be exposed to regarding the way you track user data from European visitors.

Google has reacted to GDPR by updating their data processing terms to place the responsibility of informing and obtaining valid consent from European residents wholly onto the site owners. This includes websites outside of Europe, if they receive traffic from European residents. So, even if a site is using Google Analytics, it’s the website owners responsibility to comply with GDPR. (See below for more info).

GDPR requires explicit consent: This means the default state for a user needs to be that they haven’t consented, so they are not tracked by default.

[/et_pb_text][et_pb_text _builder_version=”4.4.7″]

What are the risks?

Since GDPR took effect (2018), there have been at least 865 administrative fines issued, totalling over 1.5 billion dollars (1.4 billion Euros). However, not all breaches end in a fine; the ICO (Information Commissioner’s Office) can take a range of other actions, including:

Issuing warnings and reprimands
Imposing a temporary or permanent ban on data processing
Ordering the rectification, restriction or erasure of data
Suspending data transfers to third countries

Source: https://www.itgovernance.co.uk/dpa-and-gdpr-penalties

How to Implement GDPR:

There are two implementation models:

Global Explicit Consent: This means every visitor to the site is by default not tracked until they consent.

Get Explicit Consent Only for EU and UK visitors: Only visitors from the EU and UK have cookies turned off by default and need to opt-in. Users from the rest of the world have cookies turn on by default and they can opt-out.

Next steps:

At No Diamonds we have helped many of our clients implement legally compliant cookie policies. Please reach out to us if you’d like a no-obligation chat:

[/et_pb_text][et_pb_button button_url=”/#Contact” button_text=”Talk With Us” button_alignment=”center” disabled_on=”on|on|off” _builder_version=”4.4.7″ custom_button=”on” button_text_size=”18px” button_text_color=”#ffffff” button_bg_color=”#88c73c” button_border_radius=”10px” button_font=”|600|||||||” button_icon=”%%3%%” button_on_hover=”off” custom_margin=”10px||40px||false|false” global_module=”1621″ saved_tabs=”all” button_bg_color__hover_enabled=”on|desktop” button_bg_color__hover=”#ffffff” button_bg_enable_color__hover=”on” button_text_color__hover_enabled=”on|hover” button_text_color__hover=”#88c73c” button_border_color__hover_enabled=”on|hover” button_border_color__hover=”#88c73c”][/et_pb_button][/et_pb_column][et_pb_column type=”2_5″ _builder_version=”4.4.7″][et_pb_text disabled_on=”on|on|off” _builder_version=”4.4.7″ custom_margin=”||0px||false|false” custom_padding=”||0px||false|false” hover_enabled=”0″]

[/et_pb_text][et_pb_button button_url=”/#Contact” button_text=”Talk With Us” button_alignment=”center” disabled_on=”on|on|off” _builder_version=”4.4.7″ custom_button=”on” button_text_size=”18px” button_text_color=”#ffffff” button_bg_color=”#88c73c” button_border_radius=”10px” button_font=”|600|||||||” button_icon=”%%3%%” button_on_hover=”off” custom_margin=”10px||40px||false|false” global_module=”1621″ saved_tabs=”all” button_bg_color__hover_enabled=”on|desktop” button_bg_color__hover=”#ffffff” button_bg_enable_color__hover=”on” button_text_color__hover_enabled=”on|hover” button_text_color__hover=”#88c73c” button_border_color__hover_enabled=”on|hover” button_border_color__hover=”#88c73c”][/et_pb_button][et_pb_text _builder_version=”4.4.7″ custom_padding=”10px|10px|10px|10px|true|true” border_width_all=”1px” border_color_all=”#8f8f8f”]

GDPR Timeline

2018 – GDPR was implemented in the EU and European Economic Area.

“Its primary aim is to enhance individuals’ control and rights over their personal data and to simplify the regulatory environment for international business.” [1]

“It also addresses the transfer of personal data outside the EU and EEA areas” [1]

2020 – Max Schrems, an Austrian lawyer and privacy advocate initiated the legal process that ultimately led to the invalidation of both the Safe Harbor Framework (2015) and the Privacy Shield Framework (2020). [2]

These are US-EU data sharing frameworks.

January 2022 – The Austrian Data Protection Authority ruled that Google Analytics was illegal because data was sent to US servers and it’s a US company subject to US Intelligence laws.

March 2022 – The Biden Administration announced an “agreement in principle” on US-EU data transfers, to replace previous frameworks. [3]

October 2022 – President Biden signed an Executive order around the Trans-atlantic data privacy framework, which still needs to be ratified by the EU. [3][4]

[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section]

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.