How to Make Your Website Compliant with the GDPR – Step 1: Map Your Digital Supply Chain
The General Data Protection Regulation (GDPR) is a complex, multi-faceted law that applies to all companies that market to customers in the EU (even if they are US-based). One requirement of the far-reaching law is that organizations gain a comprehensive understanding of all the data they collect, whether it’s personal data or not, and how they use it.
This series of blog posts (there will be 5 total) will address how to comply with the transparency and consent requirement of the GDPR.
The first step is uncovering the various third-parties that make up your digital marketing supply chain.
Who Is Collecting Data on Your Website?
Even a closely-managed site may have an increasing number of tags from third-party vendors embedded on its pages, enabling their various digital marketing tools to function.
Often, these tags may give data access to other outside firms that the website operator isn’t aware of. By permitting those tags on its site, a company is implicitly giving those vendors the right to collect visitor data.
One recent survey found that the top thousand most-visited U.S. websites had an average of 75 technologies in their marketing cloud!
Under the GDPR, you are responsible for providing notice and obtaining consent for each one of these technologies, even those you have not knowingly authorized.
To do so, you need to conduct a thorough audit of your website to gain a panoramic view of your “digital marketing supply chain” of third party vendors. You will need to work with both marketing and IT to get greater visibility into your digital marketing apparatus because this level of transparency is among the many mandates GDPR imposes.
How to Conduct an Audit of Your Digital Marketing Supply Chain
To determine who may be tracking the behavior of your website visitors, you need to map where the tags on your website are firing from, and how and when they fire based on user consent. Given that under the GDPR, you’ll now be responsible for getting consent from your website visitors before many of these technologies fire, this is a critical first step that can’t be glossed over when getting your website GDPR compliant.
One tool that can provide an audit of all the third-party vendors on your site is Trackermap®. You can use it to map the digital supply chain on any page of your site for free. Just input your company’s URL to get a scan and you’ll get an idea of all the tags that reside on your website, and just how many vendors have access to your user data.
As you can see from this example of the NFL’s (National Football League) site, there can be dozens of tags firing on your site at any one time.
Once you’ve scanned one page of your site, you may want to take a deeper dive into the rest of your webpages. Using the premium version of Trackermap, you can conduct live scans of your website and reveal the entire digital ecosystem, including the full redirect chains of third-party vendors, and identify non-secure tags.
Once you know who is collecting data from your website, it’s time to tackle step 2, which we’ve covered in a subsequent blog post, "How to Make Your Website Compliant with the GDPR – Step 2: Conduct a Site-wide Profiling Analysis".
In a hurry to get GDPR-compliant? You can get all five steps now by downloading our eBook, “How to make your website compliant with the GDPR”.