The General Data Protection Regulation

The General Data Protection Regulation (GDPR) came into effect on May 25, 2018 and was created to modernize laws that protect the personal information of consumers within the European Union (EU)

What is the GDPR?

The General Data Protection Regulation (GDPR) is an EU regulation related to the “processing of personal data and on the free movement of such data“. The GDPR mandates can be grouped into four categories: Data Collection, Data Storage, Data Transfer and Internal & External Oversight. There are four main components that impact your website(s):

  • Consumer notification
  • Collection and enforcement of consent
  • Prevention of unauthorized data collection
  • Collection of an audit trail for compliance

Who must comply?

  • Businesses located in the EU
  • Firms not located in the EU, offering free or paid goods or services to EU residents or monitor the behavior of EU residents

The General Data Protection Regulation (GDPR) Legislation

Notification, consent and enforcement

  • Under the GDPR mandates, a business within the EU (European Union) must enforce that data is not collected until notification is given and explicit consent is received. Inaction cannot be considered consent. In addition, a website visitor must be provided with the ability to change or revoke their consent

Unauthorized data collection

  • A business is responsible for any data collection that occurs within their digital properties. Websites rely on third-party vendors to deliver critical functionality but often those vendors invoke additional tags in a process called piggybacking. A business must be able to identify and block unauthorized data collection

Compliance audit and analysis

  • Organizations must be able to prove compliance when audited by a Supervisory Authority (SA) which includes the ability to prove that consent was received for collected information at an event-level audit log to prove compliance

Solution: Full GDPR data privacy compliance

Global consent enforcement
The Ensighten solution blocks data collection until notification is given and consent is received. The customer consent interface provides required opt-in communications and allows for easy customization of privacy choices to match all languages
Protect your brand
Use Ensighten to comply with the GDPR, as well as protect against malicious third-party tags. Ensighten’s patented technology, paired with a unique whitelist approach, gives brands complete control and authority to block unauthorized data collection in real time
Maintain an audit trail
Get a real-time view of the tags on all of your digital properties as web pages are loaded. Get insight that exceeds traditional crawlers and can also be tailored for managing site-visitor privacy on the fly. An event-level audit log proves compliance

Ensure GDPR compliance on your website

Get in contact to learn more about our GDPR compliance solution