Skip to Content search facebook instagram pinterest twitter youtube

FAQs

GDPR Compliance Kit

What does the GDPR Compliance Kit Include?

Our GDPR Compliance Kit includes a range of features ready to go, and also an exciting development pipeline with an active, expert team.

Current GDPR Compliance features for your website include:

 

  1. Tag manager to organise and categorise your analytics, marketing and tracking tags (e.g. Google Analytics, Facebook pixels).
  2. User consent form to get opt-in consent for data collection before your tags fire. This is very important as firing tags before asking for permission means you've already collected data when they say no. Few other GDPR solutions deal with this problem.
  3. User consent audit reports which allows you to see the full consent history of any user based on their anonymous cookie ID - giving you some back-up should any legal disputes arise.
  4. Data rights request forms to allow users to easily make requests for data access, rectification, erasure and portability. These are GDPR requirement and we enable you to meet them elegantly with a single line of code.
  5. Data requests management dashboard where you can track all requests you receive, update their status (new, in progress and completed) and attach evidence to completed requests, to avoid future disputes or confusion.
  6. Privacy policy tips including the ID of your unique cookie to track permissions.

How do I install the GDPR Compliance Kit?

Check out our installation guides

 

Create your account to get started. Once you're logged in, go to your Websites dashboard and add a new site, choosing GDPR Compliance Kit. Copy the JavaScript code we provide you and paste it into your website code, right after the first <head> tag at the top of the page. Do this for all <head> tags in your site / templates.

If your website uses a template or theme, you might find this insider a header.html/php or similar file in your theme folder. Some website structures may need you to edit each page one by one.

Consider doing a search for <head> in your entire site folder, as it's important the script is included on every page of your site.

Once you've done that, update your privacy policy with the cookie / data information provided, then copy our Data Right Request code samples into your privacy policy.

Who sees the opt-in form? Only visitors in EU or worldwide?

That's up to you! In your EziGDPR admin dashboard, under Customise your popup, click on Country Targeting to see your current settings, then hit the Change Countries button if you want to change it.

Options are:

  • Show to EU Visitors only
  • Show to all visitors (most compliant)
  • Do not show to anyone (not compliant)

It's only shown on the first visit to your site, or when the anonymous settings cookie has expired or been cleared.

 

European Union Visitor Blocker

Does the EU Visitor Blocker affect all my visitors?

No, absolutely not. To anyone outside of the EU it is business as usual and your website will function as it always has.

The EU Visitor Blocker will only activate when a user is identified as originating from the European Union.

How do I install the EU Visitor Blocker?

Check out our installation guides

Wordpress Plugin

Install our WordPress approved GDPR plugin on your website. Then create your account, add your website and copy your website code from your site dashboard into your WordPress plugin settings page. That's it!

Manual Install

Create your account to get started. Once you're logged in, go to your Websites dashboard and add a new site, choosing EU Visitor Blocker. Copy the JavaScript code we provide you and paste it into your website code, right after the first <head> tag at the top of the page. Do this for all <head> tags in your site / templates.

If your website uses a template or theme, you might find this insider a header.html/php or similar file in your theme folder. Some website structures may need you to edit each page one by one.

Consider doing a search for <head> in your entire site folder, as it's important the script is included on every page of your site.

How effective is the EU Visitor Blocker

The EU Visitor Blocker is a workaround, intended to mitigate some of your GDPR compliance risk. There are a small number of edge cases in which the EU Visitor Blocker may be circumvented, and these are as follows:

  • User disabled JavaScript or employs a script blocker
    This is a rare case in modern web usage as the majority of websites rely on JavaScript to function to some extent. There is nothing that can be done about this when using a client-side plugin. If you'd like to employ a fully robust server-side solution, please contact us to discuss your needs.

  • IP address lookup is incorrect
    We use an IP location database provided by MaxMind which we update very regularly. MaxMind currently assert 99.8% accuracy in location determination at country level. Beyond this 99.8% accuracy, it's also possible that EU users may visit your site using a VPN, TOR network or other technology that allows a connection from a device anywhere in the world. At this point, there is little we can do to accurately and compliantly detect such cases, at a JavaScript or server level.

  • Be sure to update your website terms and conditions to stipulate at the start that your website is not intended for EU visitors and any such visitor must cease activity immediately.

Isn't logging the IP of blocked EU users in violation of GDPR?

The log of blocked EU visitors is anonymised and so because the user is not personally identifiable this makes the log compliant. We keep only the country of origin in block log entries.

Will I be in violation of GDPR if a EU user clicks the 'I'm not an EU Visitor' button?

Possibly, but that will depend on your specific use-case. Aside from any other tracking scripts that you have installed, the only personalised data that the EU Blocker collects would be an IP address associated with an otherwise anonymous cookie when a user declares themselves a non-EU citizen to give you an audit trail. Having an audit trail that they made a declaration is not compliant, it is simply an aid to your defence. This might suggest it's best not to have it. However GDPR also contains provisions to protect users from automated decision making and profiling. By adding the button, we give control back to the users, and thereby minimise or mitigate the impact of any automated processing.

If you would prefer to not to allow the user the option we have recently added the ablility to ability it. You can do this in your website settings under 'Customise your block pages > Button'.

For all aspects of blocking EU traffic, there are concerns and there are mitigations - We have a blog article that goes into more detail about the considerations for blocking EU data if you wish to know more.

Is any personal data collected before an EU user is blocked?

Our JavaScript tag is designed to act as a blocking script, which means HTML content after the script isn't loaded until after the script. If you install our script tag in the right location (right after the first <head> tag), then users should be redirected before any other tags have chance to load or collect any personal data.

Is the “I am not an EU visitor” button necessary? Can it be removed?

Firstly, yes it can be removed, simply visit the 'button' tab in the 'customise your block pages' section.

Now, is it necessary? There are two ways to look at this and both provide valid cases for and against it...

Firstly, by having the button, EU visitors might just say they're not in the EU, or may not believe they are in the EU (many UK residents believe this), which may allow personal data to be collected. Having an audit trail that they made a declaration is not compliant, it is simply an aid to your defence. This might suggest it's best not to have it. However...

GDPR also contains provisions to protect users from automated decision making and/or profiling. By adding the button, we give control back to the users, and thereby minimise or mitigate the impact of any automated processing.

The bottom line is that for all aspects of blocking EU traffic, there are concerns and there are mitigations - take a look at our blog article about blocking EU visitors to learn more.

After blocking EU visitors, what else can we do to aid compliance?

The GDPR is retro-active, meaning you may already be in possession of personal data that falls within the scope of GDPR and as such will have to take additional action. Please see our GDPR Compliance Blog for more details, but as a minimum you should address the following:

  • Review your existing data
    In all your systems (not just your website), look for any personal data sourced from within the EU. Helpful identifiers may be fields such as 'State' or  'Country' in addresses and emails ending in EU specific top level domains (.co.uk, .fr, .de, etc.). If you don't have express permission or an existing contractual use for this data, you should probaby delete or anonymise it.

    Here is a handy list of top level European domains.

  • Check your mailing lists
    Do you send email to a mailing list or lists? How did you get those addresses? If you gathered email addresses in any way other than users actively signing up to receive email from you, then you will need to obtain a new express consent. We suggest that you should follow this approach in all cases, to be sure.

  • Update your terms and conditions & privacy policies
    Be sure to stipulate right from the start in your terms and conditions that your site is not for EU visitors and all EU visitors must cease activity immediately and leave the site. Ensure your privacy policy is up to date with best practices and explains what data you collect and how you use it. Regardless of GDPR, this is a good way to retain the trust of your users.

I've installed the EU Blocker on my website, so why am I still seing European traffic in my analytics?

If you are still seeing European traffic in your Analytics there could be a few of reasons for that.

  1. The EU Blocker tag must be installed right after the first <head> tag at the top of every page to work correctly. If the EU Blocker tag is incorrectly installed after your analytics code, then our tag is unable to stop your analytics from tracking EU users before they are blocked.
  2. Not all countries in Europe are members of the European Union (Switzerland for example), and so do not fall under these requirements. We only block traffic to countries that fall under the EU General Data Protection Regulations so you will see data in your analytics from these countries that the regulations do not apply for.
  3. Our IP location lookup is 99.8% accurate. So there is a very small percentage of our users who could be located in the EU whom we do not block.
  4. To cover that very small percentage of users where the blocker incorrectly locates a user as being based in the EU when they are not, we have provided a button that allows a user assert that they are not in the EU and wish to continue.
    This means that you could have EU users who have decided to continue to your site, either under the false asumption that their country doesn't fall under the EU regulations or under false pretence. If you wish to remove this button all together you can do that under your website settings under 'Customise your block pages > Button'.

 

General Information

Do you guarantee GDPR compliance?

Absolutely not. The GDPR is a complex and far reaching set of regulations that are far beyond the scope of any single GDPR compliance tool or set of GDPR tools. The EU Traffic Blocker we provide is intended as a starting point for mitigating compliance risks, but is not a substitute for bespoke legal advice and a technical review of all of your systems and existing data.

I need help, who am I gonna call?

If you're having problems using our GDPR Visitor Blocker, feel free to send us a message through our online contact form and we'll get back to you as soon as possible. Of course, premium subscribers will take preference in the queue.