GDPR Affects All Atlas Republic Travel Websites. What you need to know.
Note* This article is focused helping users with an Atlas Republic hosted travel website understand the changes we’re making to make sure their in compliance. If you’re using your own hosting an analytics, you’ll want to take steps to ensure your travel website is in compliance with GDPR.
Am I impacted by GDPR if I have a travel website hosted on Atlas Republic?
What is GDPR?
The GDPR message can be summed up as this: EU-based consumer information deserves to remain private.
How, specifically, is your Atlas Republic website affected?
This new law affects travel websites on Atlas Republic in the following scenarios:
We collect IP addresses and, according to GDPR, IP addresses are personal data.
This means that for EU visitors, we will have to anonymize them unless you receive explicit consent from the visitor. As of today, we have anonymized all IP Addresses.
For visitors from the EU, you will need to require user consent for using cookies. See #4 below on how we plan to offer a plugin for your website.
If a visitor converts on your Atlas Republic-hosted travel website, we associate their historical usage data with a User ID.
This ID allows us to help you keep track of user behavior on your website. However, this will no longer be allowed under the new law for EU-based visitors.
If a visitor converts on your Atlas Republic-hosted travel website, We collect extra personal data (if provided).
For example, we may collect first names, last names, e-mail address, travel preferences and more. We collect this data using custom dimensions & custom variables.
What GDPR rules are we are helping you comply with as your travel analytics and website hosting company?
We will help you respect the following EU citizens rights under the new GDPR law:
1) Allowing EU residents the possibility to view the data you collected on them
To meet this obligation, you will have to export all the data on the requested user. This means, if a user is requesting it, you will have to export the data linked to his IP address(es) – which can be easily exported as a .csv file.
In order to do that, contact our support team and we’ll get the process started for you. We’ll then create a segment according to the IP address of the user who requested it and then export the “Visitor log” report and send the information to you to disseminate to the requester.
2) Allowing EU residents the possibility to rectify their data or to delete their data when they request it
The data edit and deletion process on Atlas Republic currently requires you to contact us with the request. We are planning to develop a new atlas republic analytics plugin for GDPR compliance. This plugin will let you edit and easily delete data of a particular user yourself.
3) Adding a privacy notice for any users under our managed plans
4) Allowing you to add a privacy notice and opt-out to your website
To ensure compliance with all our members, we implemented small popup that will give users notice of your site’s tracking intent and the option to opt-out. We have officially launched that plugin today with more information on how to customize it forthcoming.
5) Respecting DoNotTrack preferences by default
Do Not Track is a browser-based technology policy that allows internet users to opt out of tracking by websites they do not visit, including analytics services, advertising networks, and social platforms. By default, Atlas Republic will respects users preference and will not track visitors which have specified “I do not want to be tracked” in their web browsers. For more information about DoNotTrack, check out donottrack.us.
6) Implementing a 72-Hour Data Breach Reporting Window
With GDPR, there’s a 72-hour window to disclose data breaches. With this in mind, we now have a service-level agreement with all Atlas Republic members that any data breaches will be reported to you within a 24 hour period of our discovery. Along with the notice, We’ll also provide you the following:
- Description of the nature of the personal data breach including, where possible, the categories and an approximate number of data points and the number of personal data records concerned.
- Communication of the name and contact details of the data protection officer or another contact point where more information can be obtained regarding the breach
- Description of the likely consequences of the personal data breach ( if known)
- Description of the measures taken or proposed measures to be taken by us to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.
- A templated announcement for you to send out to your website users.
In closing, while we love helping you become smarter travel marketers, we take all laws regarding privacy seriously and will do all we can to make this transition seamless.