In recent times, a lot has been said and discussed about GDPR. The term has been described as a watershed moment for retargeting tools and growth, and rightly so. GDPR strives to provide users in the EU with complete control over their personal data and the type of communication they would prefer to receive. As a result, businesses have been forced to deal with their consumer data in a secure and transparent manner. Otherwise, the law stipulates a heavy financial liability for non-compliance, up to €20 million or 4 percent of the last year’s total revenue, whichever is higher. Therefore, we can say that the EU has emphatically asked businesses to either comply with GDPR while dealing with users or fall by the wayside.
What is GDPR?
As stipulated under the EU law, General Data Protection Regulation (GDPR) is a regulation that aims to ensure data protection and privacy to all individuals residing in the European Union. GDPR was approved by the EU parliament in April 2016 and subsequently, was enforced on 25th May 2018, thus replacing the Data Protection Directive 95/ 46/ EC. Experts herald GDPR as the most important change to data regulation in the past 20 years.
How Does GDPR Apply To You?
GDPR focuses on safeguarding the privacy and interests of users in EU. Therefore, businesses operating out of EU or otherwise, need to comply with GDPR if they have any users from EU accessing their website or product.
Overall, GDPR applies to your business, if you are –
- Tracking user activities on your website or app for marketing or personalization;
- Capturing any Personally Identifiable Information (PII);
Note* – PII is any information that can identify a user uniquely, and includes attributes such as name, email address, IP address, cookie, and location.
Therefore, you should change the user flow to make sure that users make informed decisions before opting-in or sharing their data if your service or product involves any such activities (mentioned above) without taking explicit consent from end-users.
The Compliance Requirements of GDPR
Overall, the emphasis of GDPR lies on the following attributes –
Right To Data Collection
This part addresses whether your business has the right to collect and process user data and personal information.
Right to Data Processing
This part addresses the way user data is handled.
How Should A Web Push Notification Tool Comply?
Primarily, the design of web push notifications requires explicit consent from the users who visit the website. Furthermore, all browsers supporting web push notifications need to provide an opt-in for users to avail subscription to website notifications.
If the communication is relevant to all users, having this consent alone would suffice. For example, if you want to inform users about the launch of a new product category or announce a flash sale on your e-commerce website, you will not need any additional consent from your subscribers.
However, for targeted communication, wherein you will need to communicate to a particular user community, specific attributes such as location, gender or sending personalized notifications based on their website activity, you would need to take explicit consent from the users. This kind of data that you may collect usually falls into two broad categories – user attributes and website activity.