As the deadline for GDPR approaches, we’ve been blogging about the changes that are expected. We’ve discussed the digital history behind the legislation, what it means for Mouseflow clients, what changes are expected, what client action is required, and more. In the process of doing so, we set up an official GDPR Resource Page for all users of Mouseflow. Be sure to check it out, as it contains useful information related to data collection in your Mouseflow account.
This post will serve as a general FAQ, hopefully answering some of common questions surrounding GDPR.
Q: What does GDPR stand for?
A: GDPR stands for the “General Data Protection Regulation”.
Q: When does GDPR start?
A: GDPR was adopted on April 27th, 2016. It has an enforcement deadline of May 25th, 2018.
Q: Who does GDPR affect?
A: GDPR applies to all Data Controllers and Processors of data for people in Europe or the EEA (even foreigners visiting the region). The location of your business is irrelevant -- if you process or control the data of people in the affected area, you are bound by GDPR legislation.
Q: What is personal data?
A: GDPR defines Personal Data as “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”
Q: What is data processing?
A: GDPR defined data processing as “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.”
Q: What is a Processor?
A: GDPR defines a Processor as a “natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller”.
Q: What is a Controller?
A: GDPR defines a Controller as “the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.”
Q: Do I need a Data Protection Officer (DPO)?
A: Follow the graphic below to determine if you need to appoint a DPO or not.
Q: What if I don’t follow GDPR?
A: The penalties for not following GDPR are serious. The fines can include amounts up to €20 million or 4% of global annual turnover. In short: take GDPR seriously. We are, and you should too.
Q: How will GDPR affect Mouseflow?
A: As previously announced on November 20th, we made (and are making) changes to Mouseflow accounts. This is to keep you safe, align with industry best practices, and aid in compliance with GDPR. If you're an account holder outside the EU, expect these changes: IP addresses will be anonymized for all EU visitors only, keystroke tracking will be disabled for all EU visitors only (fields can be whitelisted), and tracking of EU visitors can be disabled (all other visitors will be unaffected).
If you're an EU account holder, expect these changes: keystroke tracking will be disabled for all visitors (fields can be whitelisted) and IP addresses will be anonymized for all visitors.
Q: As a Mouseflow client, what do I need to do to be ready for GDPR?
A: Mouseflow specifically prohibits the collection of personal data on your website. If your website logs personal data, you will need to use Mouseflow’s exclusion tools to ensure the data isn’t collected or processed.
Hopefully, this FAQ answers some of your questions regarding GDPR. As an important reminder, please review the “What You Need to Do” section of our GDPR page.
As we get closer to the deadline for GDPR, we’ll implement further changes and keep you informed of updates.
Let us know your thoughts and contact us at firstname.lastname@example.org if you have any questions.