The UK Information Commissioner’s Office (ICO) tells us they are getting more queries on this than they can deal with, as companies wake up to the dangers. Our dialogue with the ICO throughout 2022 enabled us to alert clients to the risks at an early stage. The overriding message – transparency is king. Nobody likes surprises when it comes to data privacy.
Too many companies don’t know the full scope of the regulations or the implications of getting it wrong. A professional review of your web presence and straightforward changes, many of which you can make yourself, could help address this growing risk.
Data protection hits right at the heart of the bond of trust between you and your customers. Lose this and your reputation and revenue might soon follow, together with fines of up to €20 million or 4% of the preceding fiscal year’s total global turnover for the most egregious cases.
European data regulators issued a record €2.92 billion in fines last year, up 168% on 2021[1], showing how the risks are very real and very costly.
UK GDPR differs from EU GDPR in some respects, but they operate on the same principles and best practices should cover both. Ultimately, the relevant legislation depends on where you operate, control, and process information for data subjects.
The scary thing is that many businesses may be unwittingly violating GDPR by using common third-party tools, such as Google or Adobe fonts, Google Analytics, or any tool that employs IP requests, or a website using cookies.
Companies have already been fined in Germany and Austria for using Google Analytics and Google fonts which can share a website visitor’s IP address with Google without the user’s express permission.
Every internet page consists of files, including fonts, which can require sharing IP addresses with hosting servers like Google’s. This matters because IP addresses are considered personal data if they are linked to an individual, regardless of whether you have a direct relationship.
You need to be open and honest about how your business handles personal data, keeping users informed in a clear, accessible way. You should also explore alternative tools for analytics and fonts, anonymise IP addresses, and use cookie-free solutions.
But compliance goes beyond tool selection: privacy policies, data processing agreements, and user consent are all crucial. This is where it pays to get the professionals involved. Legal advice on GDPR compliance is highly advisable.
Sixtwo has been vocal in drawing these issues to the attention of its clients and providing swift and practical remedies for their websites. We want to make sure nobody falls foul of these very avoidable pitfalls, so do get in touch to talk through your options.
When it comes to tools, here are a few you might like to explore:
Matomo (formerly Piwik): A GDPR-compliant, self-hosted alternative to Google Analytics that provides similar functionality.
Fathom Analytics: A privacy-focused analytics tool that does not collect personal data or use cookies.
Self-hosted fonts: To avoid sharing IP addresses with external services, you can host fonts on your own server.
Open-source fonts: Use open-source font libraries, such as Font Squirrel or Google Fonts, but host them locally to maintain GDPR compliance.
If you choose to use Google Analytics, enable the IP anonymization feature to reduce the risk of GDPR violations. This setting masks the last octet of users’ IP addresses, making it difficult to identify individuals.
Consider using tools that do not rely on cookies to track user behavior, such as cookie-less tracking or fingerprinting solutions like Plausible Analytics.
Close that knowledge gap now to protect your business and make sure your website sparks the right conversations.
[1] DLA GDPR and Data Breach Survey
Our bespoke approach means we will work with you to find the ideal solution to your challenges. Our extensive experience of working with companies of all types gives us the ability and insight to make proposals and recommendations that will take you to where you want to be.