Last updated: 15th of September 2019
The GDPR (General Data Protection Regulation) is a new European privacy law adopted by the European Commission in 2016 designed to strengthen, modernize and unify the data protection laws for ALL individuals within the European Union.
GDPR will replace the prior EU privacy directive (95/46/EC) as well as all the local nation-state laws relating to it. This directive has been the basis of European data protection law since 1995.
The GDPR will be enforceable starting with the 25th May 2018.
There's a rather high chance GDPR will apply to you too as GDPR applies to:
This means GDPR could apply to any organization anywhere in the world and thus it sets a high bar for privacy rights and compliance all around the world.
You can read the legislation at https://gdpr-info.eu/.
123Metrics being a privacy-first product fits like a glove to the strong data privacy principles and rules that GDPR establishes.
We've thoroughly read the EU documentation on the GDPR, ran through most material available on the GDPR, and discussed with our legal counsel to understand its impact. The privacy and security of our customers (and their customers) are of utmost importance to us.
We are proud to be compliant in respect to:
In summary, here are the key elements that make us compliant as data controllers in regards to the personal data we process.
123Metrics is a privacy-centered analytics product that does not collect, track or store in anyway personal data about your website visitors. All of the measurements for your site performance and efficiency are done with non-intrusive metrics.
What this means is that right from the start, 123Metrics is a GDPR compliant service. You can read about the data we gather in our documentation.
You should consult with legal counsel regarding the full scope of your compliance obligations but generally speaking, if you are an organization established in the EU or that processes personal data of EU citizens, you have to comply with GDPR.
If you're selling to businesses your EU customers might have a hard requirement for you to comply with GDPR depending on the nature of your business.
Non-compliance with GDPR can result in fines:
In the context of the 123Metrics platform and the data we collect and process for you as our customer, you are a controller and we are a processor for your data.
GDPR defines 2 types of consent:
As a data controller, you need explicit consent for processing sensitive data. There are 6 categories of sensitive data: