Crazy Egg's General Data Protection Regulation (GDPR) Readiness
The General Data Protection Regulation (GDPR) is a European Union law that went into effect on May 25, 2018. The GDPR allows individuals in the EU to have even more control over their data and privacy, listing out a series of requirements for businesses to protect PII (Personally Identifiable Information). This is a unifying standard that will impact the way that businesses store, manage, collect, and protect user data. Crazy Egg will be fully compliant with the GDPR by the enforceable date.
How does the GDPR Affect Crazy Egg Customers?
We value your privacy and the privacy of your website visitors, and so we have been hard at work making sure that our software measures up to all of the provisions outlined in the GDPR. We want to ensure that compliance is simple for your company, so that you can continue serving customers in the EU with peace of mind.
Keep in mind that the GDPR applies not only to companies based in the EU, but also to any businesses that collect data from individuals in the EU.
Crazy Egg’s GDPR Roadmap
We at Crazy Egg have two sets of responsibilities:
- As a Data Processor: When a customer installs Crazy Egg on their website, they become a Data Controller sending us, the Data Processor, data about their visitors.
- As a Data Controller: We also have a set of responsibilities for EU customers using our website directly.
With this in mind, we have:
- Updated our Terms of Service (ToS) to include a Data Processing Agreement that outlines how we handle the personal data of EU customers and website visitors
- Outlined clear opt-out instructions so that you can decide how you want your data collected
- Anonymized IP Addresses
- Developed even more advanced and sophisticated search capabilities for PII in our User Recordings
- Created ways to further mask and block out web page elements that could contain PII
- Provided a way for Crazy Egg account administrators to easily and permanently delete data, records, and files
Rest easy, the Snapshots we take of your websites are filled with aggregated and anonymized data!
If you have any questions at all about your Crazy Egg data or security, we have a team of experts on hand to help you through any challenges you're experiencing. Please contact us at firstname.lastname@example.org for more information.
What do Crazy Egg Customers Need to do?
Once Crazy Egg has been installed on your website, you are considered a Data Controller since data is being collected from your website. Depending on your jurisdiction and compliance responsibilities, here are some guidelines for what you can expect to implement in order to be GDPR compliant as a Crazy Egg customer:
- Agree to our updated Terms of Service since it includes a Data Processing Agreement
- Review and update your Terms of Service and Privacy Policies.
- Provide an opt-in or opt-out tool or policy for website visitors and customers so that people know they are being tracked
- Review agreements with third-party service providers so that you won’t accidentally be in breach of any of the GDPR provisions
Want more information?
Here are is a resource that you may find helpful while preparing for the GDPR to come into effect: