GDPR – How It Affects SEO

The General Data Protection Regulation (GDPR) comes into effect on 25 May 2018. It applies to every business that holds, collects and stores personally identifiable information about EU citizens.

The Economist recently called personal data ‘the world’s most valuable resource’. It’s so valuable, that according to UK Government statistics, nearly half of all UK businesses suffered a cyber breach or attack in 2017.

Whilst not currently a direct ranking factor, GDPR can impact SEO in several ways:

Implications for Website Goals
GDPR could necessitate changes for the tracked goals on your website. For example, if you track newsletter sign-ups you will need to ensure explicit consent (potentially influencing sign-up rates). You may also have to change some of the wording in your terms and conditions to clearly explain how you will use your customers’ data.

Managing Consent
Your site(s) may currently use a version of the phrase ‘by using this site you are agreeing to our Cookie Policy’ in order to gain consent. However, under GDPR this passive agreement may not be sufficient – you may need to get users to actively agree to cookies via a popup.
Cookie Consent popups can potentially impact page load speeds (a ranking factor), so you will need to review how this would affect your site(s).

How Will GDPR Affect Analytics?
In general, how Google Analytics provides access to user data is compliant with GDPR rules as it is anonymised. However, if you currently use a process that de-anonymises the data, it will not be GDPR compliant.

GDPR Compliance as a Ranking Factor
Google has not indicated that GDPR compliance will be a ranking factor in their results – but this doesn’t mean that it won’t happen in the future. Google has a history of introducing concepts that initially appear to be optional (e.g. HTTPS) but end up being a very important factor in how a site is ranked.