The May 18th European General Data Protection Regulation, commonly known as the GDPR, affects most of Europe, including the UK. If you’re selling or operating in the EU or are expanding your marketing efforts to include Europe or are already there, it’s important that you understand how the GDPR affects those efforts, including your SEO.
Search engine optimization requires that you use a great deal of customer data relating to searches, activity on page, click-through, and so on. The more data you collect or intend to collect, the more relevant the GDPR will be for you. This article reviews everything you need to know about the GDPR and your SEO, so you can take steps to become compliant, optimize, and audit or review your current methods to ensure compliance.
Does the GDPR Affect My Business?
The GDPR is EU only, which means that you only have to worry about regulations if you have a specific presence in the EU. Even if someone from Europe were to find your products or articles online, you wouldn’t be bound by the GDPR unless you have a real presence in an EU country.
In addition, it’s not your responsibility to ensure that data you collect via a data processor such as Google Analytics is compliant. Because Google is collecting and processing the data for you, it is responsible for GDPR compliance, not you. However, you still have to use that data in compliance with the GDPR.
On the other hand, if you are collecting data through your own site using your own tool or smaller tools which do not process data, you may be responsible for ensuring GDPR compliance. For example, if you have your own analytics engine, if you collect data when asking people to sign up for emails, or otherwise collect raw information from your own site, it is your responsibility to consider.
In short, if you’re actively selling in the EU or Europe and collect your own data as part of SEO, the GDPR will definitely affect you.
Consent for Cookies and Tracking
Any website operating in the EU is now required to ask for consent to use cookies and tracking, with active consent rather than passive required. While cookie requests have been the norm for some time in the EU, the GDPR requires that you explicitly state what cookies users are agreeing to and sometimes requires several agreements for different cookies. You will have to manage this consent so that users don’t have to keep pushing it.
Unfortunately, cookie consent popups may slow down your site which could affect your Google search performance. However, because most of your competitors will logically be applying the same measures to avoid penalties, you can assume that everyone will be hit equally as hard. Taking steps to account for slowed site responsiveness could help you to improve SEO.
Tracking Goals and On-Page Actions
Most SEO pages are created with the intention of driving traffic to a specific source or page such as to a newsletter signup or to purchase a product. While you can still track this data including click through and purchase rates or sign-up rates, you will have to clearly and actively manage consent to do so. For example, you can track user’s sign-up rate, but will have to either include a Cookie request at the top of the page with a clear explanation of what the form is for or include it as part of signing up to the newsletter. This will naturally annoy some users and could lower your conversion rate.
Using Data Appropriately
While you could previously do anything you liked with anonymous customer data once you collected it, this is often no longer the case. The GDPR requires that you only share data with relevant parties who are using it, which means that search usage data shouldn’t really go beyond marketing teams. In addition, if data has personally identifiable information such as an address or birth date in it, you shouldn’t be sharing it beyond very specifically relevant people or teams.
For example, if analytics data is frequently shared across emails or you’re sharing reports with personal rather than only anonymous data, you could be in violation of the GDPR. You also have to consider whether you’re using tools to de-anonymize data, which could put you in violation of the GDPR.
Personally Identifiable Information or PII includes any information which could be used in combination with other data you already have (address, email, social media, etc.) to identify the person or their address. If you’re collecting this type of data as part of your SEO campaign, you need to ensure that internal measures are in place to prevent it from being shared.
If you’re using Google Analytics, you can easily turn on anonymization features to remove the last portion of IP addresses, so you can see the general area visitors are coming from, without seeing personal data which could be used to identify the visitor.
Is GDPR Compliance a Ranking Factor?
While it’s likely that Google may eventually consider GDPR compliance as a ranking factor, there’s no evidence this is currently the case. In addition, Google may eventually integrate a popup to warn visitors if sites are not GDPR compliant, similar to warnings that sites are not HTTPS. While initially an optional “nice-to-have” for websites, HTTPS became a must-have as popups greatly reduced on-site conversion and GDPR compliance could go the same way in the EU.
While the GDPR is impacting a great deal of the web, your SEO campaigns won’t have to change as much as you think. The GDPR primarily asks that businesses be more careful with the data they collect and share and that they be more transparent about collecting it, meaning that most of the impact will be on-page, after visitors click through from search.
While you can and should take steps to reduce the impact of popups for GDPR compliance, you won’t be able to do much else to improve marketing efforts. For now, GDPR compliance won’t affect how you show up in search, although it may in the near to mid-term.
Your best option is to review how you’re collecting and sharing data, make changes where appropriate to prevent non-compliance, and then move forward with the GDPR in mind. If you’re expanding marketing efforts into Europe, your only major concern should be in how you track and test campaigns as well as how you communicate which data you collect once customers click through to your page.