Welcome Reader,
Today we will handle data collection within the GDPR.
The General Data Protection Rules are not only concerning EU citizens that are protected with the rules, but also organisations that need data to improve, develop, and grow – it will affect digital marketing and web analytics. So how to practice data collection and analyze data and at the same time respect user rights within the GDPR?
Before, we were talking about data collection and data management. With the GDPR it is a little bit harder to collect relevant data, but in fact it is not that hard.
Let’s dive deeper into it!
To start with, we need to clarify first what is considered as personal data to enrich the data collection process.
Basically, everything about the user is personal data. This includes:
But which data can we process under which conditions?
The European Commission answers this question. Depending on the reason for processing the data and the intended use, different data collection is allowed. There exist several key rules that need to be followed and respected:
Additionally, the GDPR includes that it is allowed to collect and store personal information as long as the user remains absolutely anonymous, so that there is no possibility to trace the user from the data stored.
But attention! According to the GDPR it is almost never allowed to collect data such:
It is allowed to collect certain data if it is required by law. If so and you have permission to collect this type of data, pay attention to state it in the privacy policy and mention why you need it.
To understand the GDPR a little bit more, it is crucial to understand an important differentiation made: Controllers, processors, and subjects. The GDPR differs slightly for each party just mentioned.
Controllers – That is your company that collects data, needs, and uses it for specific purposes.
Processors – Processors are the companies that deliver the tool to collect the data. They are the middle men analyzing the data and making suggestions on how to use it.
Subjects – Subjects are the users and every person is considered as one.
Again, when practicing data collection, the purpose needs to be mentioned in the privacy policy. But what is considered as a valid purpose?
In general, 5 legal bases exist for data collection, data storing, and processing:
Vital interest as legal basis is when the data collection is crucial for protecting their life if the individual cannot give or deny consent. This situation is typical in medical emergencies where individuals can’t consent or deny it. If the medical care was already arranged the public interest would be more suitable.
Public interest as legal basis is reliable when the data collection is used to inform and protect the public. This legal basis is normally used to process the data of public authorities, suspects in criminal cases, either local or national, and employees and bosses in social security and when it comes to social protection cases. But as well people who deal with public and state finances, and subjects of scientific and historical studies if the data collection process is crucial for the research.
When entering or fulfilling a contract, contractual necessity is the legal basis for the data collection.
This is applicable as legal basis when the individual gave the consent for the data collection and processing giving him the choice and control of being in charge of their privacy. Making options clear and specific makes it easy for the individual to give consent.
This legal basis works when the subject expects their data to be collected and processed. To rely on this basis it is crucial to identify the legitimate interest, to prove that the data collection and processing is necessary for the service which should be implemented, and to weigh the basis against the subject’s rights, freedoms and interests.
In order to always comply with the GDPR it is important to always update your privacy policies to fit the GDPR requirements. Be as clear and transparent and mention which data you are collecting, with which purpose, how you store it and for how long.
The GDPR requires you as well to make the privacy policy easy to read and understand. Reduce over-professional language because the privacy policy is made for an average user. Don’t forget to mention how you and any third parties will use the data without forgetting to state the exact name of the third parties.
Protect your website visitors – Know who is visiting your website and what data collection you can get out of them. If there is any data categorized as personal data, make sure to protect it.
Consent and transparency – Make sure that your visitors have the option to give consent and that they are aware of when, how, and why their personal data is collected and used.
Update your privacy policy – Make it easy for your users that they understand the privacy policy. To make it transparent, always update it to communicate transparency.
It is crucial and important to comply with the GDPR to protect your users and build a trustful relationship.
Hello everyone and welcome to our weekly blog post! How often have you spent your…
Welcome to another blog article! This time we decided to talk about growth marketing, an…
Hello reader! Welcome back to Improovy’s blog. Are you looking for a powerful digital marketing…
Welcome back to Improovy’s blog! This week we decided to talk about Marketing Automation. Are…
Have you ever wondered why you should invest in Lead Generation for your company? Well,…
Welcome back! Let’s continue with the second episode of the data collection series and learn…