There are four initials at the forefront of everyone’s mind at the moment – GDPR. The General Data Protection Regulation will affect all businesses, regardless of size, so whether you are a small business or multi-national company, it will impact your operation. As the deadline of May the 25th looms, we are receiving daily notices from some of the biggest company’s in the world, indicating how they will be making changes to comply with GDPR. But what about Google, the world’s biggest search engine, how does a company built on data collection comply with data laws? You probably use or integrate with their products and services so their policy changes will affect you.
Due to the scope and complexity of their products and global influence, everyone has been keeping a close eye on Google’s approach to GDPR. The implications of the regulation will affect products such as Search and Gmail as well as advertising and measurement services like Adwords and Analytics. Back in August 2017, Google outlined their commitment to ensuring they were compliant with GDPR and have been working in the background to make changes, keeping users and advertisers informed along the way.
One major part of GDPR relates to the issue of consent and Google has recently clarified its position on this with an updated policy. The policy makes it clear that whilst Google will be responsible for obtaining consent for its own first-party users such as Gmail and Youtube, publishers and advertisers using any of Google’s products will have to obtain consent from their own users. That means it is your responsibility to obtain consent from visitors to your website. The policy, which can be read here, outlines the following:
Another big part of Google’s GDPR implementation has seen a clarification of their role as a data ‘processor’ and ‘controller’. The ICO define a processor and controller as:
Google has been updating its contracts across products to make it clear what its role is for each of its products and services. For Google Analytics, Tag Manager and tools like Optimise it defines itself as a processor and for Adwords and Double Click it is a data ‘Controller’. You can view the full list here.
If you measure anything to do with your website and online activity, chances are you will have Google Analytics installed on your website. In April, Google sent a notification out to all of its analytics account administrators with an update on the measures it is taking to make Analytics compliant with GDPR. This included:
Exactly how your business fits into these changes will depend on the scope and use of Google’s products. Find out more information on Google’s data use here to see how it could affect your business.
Disclaimer: This material is provided for your general information and is not intended to provide legal advice. To understand the full impact of the GDPR on any of your data processing activities please consult with an independent legal and/or privacy professional.
25 May 2018
24 May 2018
We’ll help you determine the most effective digital marketing plan for your business.