Feel that buzz in the air? Today’s the big day – the GDPR is finally here! It comes into force today.
OK, truthfully, it’s kind of like waking up the day after your birthday when you’re a kid. You expect to feel different, but so far, today feels exactly like yesterday.
But after months of questions, review, preparation, and maybe a little panic, companies worldwide are now officially accountable for protecting the personal data of their European Union users and respecting their rights.
In recent weeks, we’ve seen questions of user privacy, data misuse, and transparency highlighted and debated in the global media. Even if the GDPR’s enforcement today hasn’t stopped the world from turning (or your website from functioning), we can certainly say that themes around privacy and user rights have surged in our collective consciousness. People care about their privacy and what’s happening to their data.
So, the GDPR comes into effect at a critical time: As expectations rise for companies who collect and use people’s data, these companies are now truly legally obligated to be transparent.
AT Internet is ready for the GDPR
At AT Internet, we’ve spent the past months helping our customers prepare for this day and fine-tuning our products and services to ensure full GDPR compliance. As data protection and privacy have long been core values for AT Internet, and fundamental to how we approach digital analytics, we welcome the enforcement of the GDPR and hope it will raise the bar in the industry with regards to the use and respect of digital data.
We are committed to GDPR compliance and exemplary transparency with both our customers and their end users, demonstrated in the following ways:
- All digital analytics data is processed and stored in the EU.
- Our customers maintain full ownership of all their data, always.
- We never use or share our customers’ data with third parties, unless our customers explicitly request it.
- We provide all clients with a Data Processing Agreement (DPA) (more information below).
- Our technologies are developed with a Privacy by Design and by Default approach.
- We have a close, long-standing relationship with France’s data protection authority (CNIL) & are TÜV certified since 2010.
- Our data privacy experts help guide our customers toward GDPR-compliant analytics, notably regarding the necessary tagging and data collection methods.
- We will respond in a timely manner to subject access requests from Internet users requesting to access, modify or delete their data. We will also assist our clients with any subject access requests they may receive directly.
- We have an experienced DPO and Privacy Team in place who oversee matters of data protection and user privacy at AT Internet.
Our Data Protection Agreement defines the following for our customers:
- types and categories of data collected via our digital analytics solution
- the nature, purposes and duration of processing, as well as the conditions of their lawfulness
- our point of contact to discuss issues concerning data protection, privacy and the GDPR
- our responsibilities as a data processor
- our clients’ responsibilities as data controllers
Best practices: Informing users of your digital analytics usage
A major theme in the GPDR’s requirements is informing your users in a clear and accessible manner about what personal data you collect, how you process this data, and the rights they have regarding their personal data.
When it comes to digital analytics, these best practices will help you ensure you’re providing the necessary information to your end users regarding data collection, processing, storage, and rights:
|What you must tell your users||How AT Internet supports its customers for compliance|
|Purpose of processing||Why you’re using a digital analytics solution||Our DPA provides an example statement explaining the purpose of processing.|
|Type of data collected||Which types of navigational data you collect from users||We provide an exhaustive list of metrics and dimensions which details the navigational information our solution collects from Internet users.|
|Cookies & mobile ID||How digital analytics data is collected on your site or mobile app||We provide a list of cookies and mobile IDs we use to collect data.|
|Data transfers||If your processing involves a transfer of data outside the European Union, and additionally to a country that is not recognised by the EU as providing a sufficient level of security, you must inform your users of this and ensure an adequate level of security.||We process and store all data collected by our digital analytics solution within the European Union.|
|Duration of conservation||How long their personal data is kept||We conserve raw data for 6 months by default, and processed data for the duration of the customer contract in question. Customer requests to conserve data for a specific duration can be sent to our support team.|
|Subject access requests||Remind users of their rights (see Articles 15 – 21 of the GDPR);
Indicate points of contact for individuals who wish to exercise these rights
Helpful resources for compliant digital analytics
For more information about the wider context of the GDPR, its application to digital analytics, and how AT Internet is ensuring compliance, check out the following resources we’ve created:
- Free guide: Digital analytics & the GDPR: 5 things you must know
- Webinar replay: GDPR & digital analytics: Are you ready?
- Legal information: AT Internet & the GDPR: More details for legal teams
- Checklist: Is your digital analytics GDPR-ready?
- All about the GDPR: Q&A with Aurélie Pols
A new era?
While the world might not feel suddenly and drastically different today, in the months to come, the GDPR will doubtlessly maintain a lasting influence on how we approach privacy, both as consumers in our personal lives, and as businesses in our professional lives. The next several months promise to be interesting, as we’ll see how the regulation is practically enforced and its application in cases of high-profile data breaches, for example. At AT Internet, we’re currently developing new features enabling our customers to manage these data protection and privacy issues with even more ease and autonomy – watch this space!