GDPR-compliant analytics with Prodlytic

May 17, 2018

GDPR isn’t all bad. By following GDPR you’ll give your users choice and control over their data, which they’ll appreciate. And because the EU is enforcing it, everyone else is doing the same so you’re not at a disadvantage.

A quick overview of GDPR

GDPR replaces the current EU privacy regulation that was established in 1995. The changes come into effect on 25 May 2018:

  • Worldwide: GDPR protects the privacy of all EU residents irrespective of where the company collecting data and its servers and databases might be. If you have users or visitors who reside in the EU, you need to comply.

  • Enforcable: GDPR comes with harsh, expensive penalties. Violate at your own risk.

  • Identifiable data: GDPR defines personal data as anything that can be used to identify a user — an image, a photo, an email address or an IP.

  • Consent: Collecting data will require opt-in in a clear and easily accessible way. No more tricking the users into agreeing by hiding things in complex terms and conditions.

  • Control: Users will be guaranteed to retain control over the data you collected. They can request to see the data, to receive an export that can be transferred to another company, or for the data to be irrevocably deleted. You also need to inform them about any breaches within 72 hours.

  • Privacy by design: Compliance needs to be built into your systems at every step. If you build a new feature, you need to consider privacy. If you use a new tool, you need an agreement with the vendor about privacy.

What about Prodlytic?

With Prodlytic, or any other analytics software, you will be the data controller (the person who wants data) and analytics is the processor (collecting, storing, and reporting data). You will need to comply with GDPR and we help you with that. For example, if one of your users demands deletion of all data, we enable you to do this.

But how does Prodlytic, by design, help you stay GDPR-compliant?

The main issue is with personally identifiable information (PII). We take a few key steps to reduce your exposure to PII while still giving you insight and metrics into how every customer uses your app:

  • We don’t collect IP address (classed as PII under GDPR)
  • We don’t collect email addresses - these are redacted in the Prodlytic dashboard if one was detected
  • We give you custom CSS classes to add to sensitive UI elements to prevent collection of, for example, street addresses or personal names
  • We respect the browser ‘do not track’ setting if clients have set this
  • We give you a statement to include in your site privacy policy informing users of our collection methods and the above measures (see below)

Prodlytic Collector – we use Prodlytic to measure how our site is used by visitors and to generate reports for our own use. Prodlytic does not collect any personally identifiable information about you.

This anonymises users in Prodlytic and helps you stay GDPR-compliant.

You’re now free to analyse data and answer detailed questions about your customer’s experience! Right down to every click on every page, including tracking specific features of your product and building conversion funnels.

Contact us to get started with Prodlytic. And we’ll help you get up and running, making sure you’re doing everything you can with analytics to stay GDPR-compliant.

Get more product & analytics goodness like this from Prodlytic