It’s not often that a piece of legislation has such wide implications across the globe among many industries that brands and consumers alike must take notice. Today is one of those days as the GDPR goes into effect. It is a landmark day in history for any company who does business with the European Union.
Since lead capture is at the heart of our business (and anyone who uses Instapage post-click landing pages), it’s imperative that we review our data policies to ensure the necessary privacy protections are in place.
We wrote about it in June 2017 as the ruling was announced and previewed how it would impact marketers. Continue reading to see the changes Instapage has implemented to be GDPR-compliant. But first, a quick reminder.
What is GDPR & why is it important?
The General Data Protection Regulation (GDPR) is a binding act, which must be followed in its entirety throughout the EU. The legislation regulates how individuals and organizations may obtain, use, store, and eliminate personal data and allows you to explicitly accept or decline such use. The GDPR is a directive of the European Union on privacy and the treatment of personal data approved in 2016. It replaces all previous privacy directives dating back to 1995.
What is the impact?
The GDPR will have a significant impact because its scope is fairly broad. If an organization processes the personal information of EU citizens, it must be compliant with the GDPR. “Personal information” means any information that can be used to directly identify a data subject, i.e., name, email address, etc.
Personal data also includes data such as IP addresses, behavioral data, location data, biometric data, financial information, and more. This means that most data Instapage customers collect about their leads will be considered personal data under the GDPR. Sensitive personal information such as health information or information that reveals a person’s racial or ethnic origin is not stored within an Instapage account.
The GDPR applies to all organizations globally, regardless of location, as long as an organization collects, manages, uses, or stores any personal data of EU citizens.
What does that mean for Instapage?
Instapage takes your privacy seriously and wants to build trust with all of our customers, so we are committed to complying fully with the GDPR. We want to be transparent about why we collect personal information and how it is used to improve the user experience and our website’s performance.
We already encrypt lead and billing data for all customers, and we have no access to our customers’ lead data. On top of that, we:
- Created new workflows for users to opt-in when they sign up for Instapage
- Will export all personal data to those customers who ask
- Can also provide customers with information on how we process their personal data
Additional details can be found in our new Terms of Service and Privacy Policy that covers the GDPR.
Instapage & GDPR Compliance
Instapage is excited about the GDPR and the strong data privacy and security principles it emphasizes. As part of the compliance process, we reviewed and updated our internal processes, procedures, data systems, and documentation to ensure we were ready when the GDPR came into effect.
Specifically, we:
- Updated our Terms of Use and Privacy Policy to describe what data we collect and how we use it. This includes the communication of any data used in the maintenance, improvement, research, support and management of our tools that are necessary for your account to function correctly.
- Audited all third-party vendors we work with and update our third-party vendor contracts to meet the requirements of the GDPR.
- Updated our product workflows to include GDPR provisions for EU customers.
- Allow customers to contact us at dpc@instapage.com, if they want to sign a DPA (or a DTA on top of an existing DPA) with us.
- Address any requests made by Instapage customers related to their expanded individual rights under the GDPR, including deletion of personal data, updating personal data, and transferring personal data to another platform.
- Continue to encrypt our customers’ personal information, lead, and billing data. We do not have any access to our customers’ customers’ data.
- Secured customer support troubleshooting.
Does the GDPR apply to me if I am located outside Europe?
The GDPR extends coverage to all of the European Union, including the United Kingdom since it is still a part of the EU now that the GDPR goes into effect. If you do or plan to do business in Europe, reach European customers, or process EU personal data, then the GDPR applies to you, regardless of your physical operational location.
Most importantly, serious infractions can carry a fine as high as €20 million, or 4% of your company’s global annual revenue, whichever is higher.
Do I need to handle data differently as a result of the GDPR?
GDPR has provisions around the processing of personal data. We recommend reviewing the privacy statement and practices applicable to your organization and ensure that they provide proper notice that your leads’ personal data will be transferred to Instapage. For example, you may want to consider updating your privacy statement to include language that identifies Instapage as one of your processors.
Delineate the applicable processing activities performed by Instapage, such as the collection (e.g. via sign-up forms) and storage of personal data (e.g. lead data in your Instapage account), and the transfer of personal data to certain sub-processors by Instapage (who, as described in our Terms of Use and Privacy Policy, perform some critical services such as research and development and customer support).
If I use Instapage to create post-click landing pages, am I automatically compliant?
We can offer help on ensuring your post-click landing pages are compliant. We recommend users add a check-box opt-in to their pages so that people can opt-in or out of the transmission of personal data. This help center article details how you can add a code snippet to allow users an option to consent on your forms. It is also important for individual companies to update their Privacy Policies and Terms and Conditions so that they meet the guidelines laid out by the GDPR.
Will I still be able to collect user data once I am GDPR compliant?
Absolutely. The GDPR does not prohibit the collection of data; instead, the GDPR lays out that consent to the use of personal data is a fundamental right. You need to clearly explain why and how personal data is being collected, and get explicit consent from EU users to use their personal information in this way.
Contact our data privacy officer with additional questions
Instapage aims to handle your personal information responsibly and will answer your questions and concerns. If you have any questions, please reach out to our Privacy Team:
Attn: Data Privacy Officer
118 King St. Ste. 450
San Francisco, CA 94107
United States
Re: GDPR Privacy Policy
Email: dpo@instapage.com
We value your privacy and hope today’s article provides more clarity as to what Instapage has done to be GDPR compliant. If you would like more information, visit our GDPR page. In the meanwhile, sign up for an Enterprise demo here.
See the Instapage Enterprise Plan in Action.
Demo includes AdMap™, Personalization, AMP,
Global Blocks, heatmaps & more.