For those of you who were fortunate enough to take their dream vacation on a remote island for the last several weeks and aren’t in the know: The General Data Protection Regulation (GDPR), which went into effect May 25th, gives citizens in the European Economic Area (plus Switzerland) control over how their personal data is collected and used online. This means all websites and organizations this regulation applies to must be explicit in how they plan to use the data they are collecting; a website must be able to prove that they are in compliance with GDPR.
Does This Affect My Website?
This applies to any business, website, or organization that does any business in European Economic Area where there is data collection. For example, something as small as a website visitor from Germany filling out a form on your US-based site would fall under GDPR.
GDPR Compliance for B2B Marketing
Recital 47 of the GDPR states that “The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest.”
There are specific conditions that must be met to use “legitimate interest” as a foundation for B2B Marketing:
- “The processing must relate to the legitimate interests of your business or a specified third party, providing that the interests or fundamental rights of the data subject do not override the business’ legitimate interest…The processing must be necessary to achieve the legitimate interests of the organization.”
- “Necessary for the purposes of the legitimate interests pursued by the controller or by a third-party, except where such interests are overridden by the interests or fundamental rights and freedoms of the individual which require protection of personal information, in particular where the individual is a child.”
These aren’t necessarily difficult to meet, but they must indeed be proven to be GDPR compliant.
How does GDPR Affect SEO?
SEO isn’t treated any differently than any other marketing channel in this regard. Any organic traffic to your site that is either in Europe or receives users from Europe is subject to GDPR compliance.
Your website cannot assume consent or include any pre-ticked boxes on your website. Cookie pop-ups that read, “Our website use cookies you are agreeing to our Cookie Policy and Terms & Conditions…” are not within the new guidelines.
Website GDPR compliance consent may include:
- Choosing technical settings for information society services
- Ticking a box on a website
- A statement clarifying the indication of consent
Non-compliance includes:
- No messaging
- Pre-checked boxes
- Inactivity
To put an image to words, here’s an example of a GDPR consent request popup for WordPress:
Additional SEO Tips
- Site speed can be impacted by the Cookie Consent notification. Many websites have seen page loading speeds slowed due to the popup. Page speed is a ranking factor, so ensuring these pop-ups aren’t a detriment is imperative.
- GDPR compliance as a ranking factor itself. Nothing has been directly said by Google, but it stands to reason that GDPR compliance or lack thereof could be a ranking factor. Not having it could result in a loss in keyword rankings. This also would help to make up in any deficit from the lack of site speed (similar to HTTP vs HTTPS).
- Other user engagement metrics such as conversion rates – capturing any data, especially for a lead, must have clear messaging in how the data will be used.
- Content marketing is important in link acquisition. Historically the section 32 exemption provided protection to journalists when they call out specific people. Authors will need to more careful when discussing specific people in content marketing pieces.
If you’re conscious of these needed regulations for compliance and update your site with SEO ramifications in mind, your rankings will not suffer and user engagement should continue to perform well.
To make sure you’re in compliance and set up for success, you can also request a free SEO audit from Obility today and we’ll review your website for you.
