More companies announce GDPR compliance efforts as the deadline for enforcement looms

With a little less than two months until the General Data Protection Regulation (GDPR) — a sweeping set of European Union (EU) rules that govern the handling of EU citizens’ data — goes into effect, we’re seeing a steady stream of larger companies announcing compliance initiatives and tools. The law will be enforceable starting May 25, 2018.

New tools for Google Analytics users

In a letter sent to administrators last week, Google Analytics announced it was adding two new GDPR-compliance tools to its current data privacy and security features and policies.

• Granular data retention controls that allow users to set specific deletion dates for user and event data.
• User deletion tool for site owners to permanently delete data associated with a specific site visitor.

The company also announced updates, including:

• Contractual language that makes it clear that Google Analytics is a data processor, not a controller.
• Updates to its EU User Consent Policy to reflect new legal requirements, including how to make disclosures and obtain consent from end users of your sites and apps in the European Economic Area (EEA).

Squarespace’s Irish entity to service non-US users

The company told its users this week that after May 14, EU site managers would be serviced by Squarespace Ireland Limited.

The company said the move is “in recognition of the global nature of our user base.” Non-US users will hold a Terms of Service agreement with Squarespace Ireland and US users with the New York-based Squarespace, Inc.

Site managers were told that Squarespace would be updating its terms of service and privacy policy “to keep pace with our growing international user base and expanded product offerings, and to ensure that we continue to be transparent about our practices.” The changes were also posted on the company’s blog.

Squarespace also said it will restructure its privacy policy to be clearer about how it handles personal information, as well as clarify how to handle the rights of visitors to your site. It will post a Data Processing Addendum (DPA) explaining how the service will handle the data of site owners and visitors. It also said it would update its cookie, copyright and acceptable use policies and developer terms to make sure they are clear and consistent with these changes.

MailChimp adds GDPR-friendly forms

Last week, MailChimp announced updates to its signup forms to help its users comply with rules about gathering consent. The new forms have checkboxes for opt-in consent and include editable sections where users can explain how and why the collected data will be used.

The company also included a step-by-step primer on how to use the forms to gather consent in compliance with GDPR.

Can’t get enough GDPR coverage? See our latest stories here, or better yet, join us next week in San Jose at MarTech and get into the conversation.

About The Author

Robin Kurzer

Robin Kurzer started her career as a daily newspaper reporter in Milford, Connecticut. She then made her mark on the advertising and marketing world in Chicago at agencies such as Tribal DDB and Razorfish, creating award-winning work for many major brands. For the past seven years, she’s worked as a freelance writer and communications professional across a variety of business sectors.