Category Archives: “Just Nancy”

An Update on the EU’s GDPR for Privacy

An Update on the EU’s GDPR for Privacy
An Update on the EU’s GDPR for Privacy

Since I last wrote about the privacy updates that are mandated by the EU to cover website traffic on American websites by EU nationals, much has happened.

First, clients who thought that they did not want to update their privacy policy or implement cookie approval for website statistic tracking have changed their minds.

Our team has been very busy updating websites to beef up the transparency of the privacy policy, reveal clearly what is being tracked on websites, offering ways to opt out of tracking, and installing cookie approval scripts on websites.

Several clients have shared their thoughts with us on why the sudden change. Some are listed below.

“I do feel lucky about not getting caught, but also want to be safe.”

“I’ve just had a lawyer call me and I feel like I need immediate action on the privacy updates as I don’t want to end up in court on a new matter.”

“I think it is stupid to do, but I am getting inundated with privacy policy updates from everyone that I do business with, that maybe I do need to do something to my website.”

As for me, my perspective is that it is not expensive or hard to do the implementation to be in compliance with the GDPR. I am risk adverse and feel that eventually the US will institute some controls so we will be ahead of the game by changing our own websites now.


Not Implementing GDPR – Are You Feeling Lucky?

It is not hard to be in compliance with the EU's GDPR.
It is not hard to be in compliance with the EU’s GDPR.

So far only one of my US based webmaster clients has taken notice of the changes needed to their website to be EU compliant with the new GDPR rules on EU citizen privacy.

This is what I hear from clients:

  1. I do not sell in the EU so this does not apply to me.
  2. I don’t care if I have EU visitors. No one will prosecute me.
  3. I guess I am feeling lucky and so am not doing anything.

Let me demystify something please.

  1. It is not complicated to make these changes.
  2. There are free cookie handling scripts for this.
  3. Your privacy policy needs just a few minor changes.

For most clients we work with, the implementation would be under one hour and the cookie acceptance script is free unless you are on https and then expect to pay about $100 for the script.

The site update is not obtrusive, yet gives you protection. Although our own website does not get a lot of traffic from the European Union, factor 30 day traffic times 12 months. That number is high enough to think twice about saying no one will find me out.

One of our clients who said he did not want us to implement the updates, and said he was feeling lucky. But later sent an email and said go ahead and make the changes. He was feeling lucky but also wanted to be safe.

From my point of view, making this relatively simple update for most sites is a no brainer and I am baffled as to why more US business sites are not updating to this important change.

Being transparent with website visitors is important, not hard to do, and is the right thing to do. That is what the EU’s GDPR is all about.


EU Privacy Considerations for US Clients

Understanding the GDR Regulations for Privacy
Understanding the GDPR Regulations for Privacy

The European Union is instituting a number of important privacy regulations. Even if you do not sell to clients based in the European Union, you may have visitors who live there and so it is important to prevent a penalty or legal issue to review your privacy policy and make updates to your website as needed now.

If you serve or have visitors from the European Union, you will need to enact a number of privacy policy changes supplying information about what you track, how to opt out and get proactive approval before tracking starts.

Please make sure that you take the time to review these important new guidelines that go into effect May 25, 2018.  Below are several examples of many articles on the web to help you understand what changes may be needed to your website to be in compliance. It is important to do your own research and implementation to be compliant. – the official EU website


Easy to understand explanation from American Express.

“Who does the GDPR affect? (From the Official EU site)

The GDPR not only applies to organizations located within the EU but it will also apply to organizations located outside of the EU if they offer goods or services to, or monitor the behavior of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.”

So the bottom-line is if you sell to or even have visitors from the EU, you need to be in compliance.

Important note: I am not a privacy expert and I cannot make recommendations for you that will bring you into compliance. This blog post is only to advise you that action may be needed by your firm’s website  to be in compliance.



Privacy and Facebook – The New Reality Revealed

Thumbs Down for Facebook
Thumbs Down on Facebook!

Privacy AND Facebook, do they work together or against each other. Now that Facebook has revealed the depth of its depravity, in the search for more advertising dollars, and the EU has taken issue with Facebook’s and Google’s very lax standards and created tough new privacy regulations. We have a new world reality.

What you thought was private simply never was, we just didn’t know that. This lack of transparency  was all used to make money off of your information and to create deep data mining preference to sell ads targeting you. But it did not stop there, this data was then shared around with others on the Web, without your knowledge or approval.

Enter in our new world. Facebook has encouraged a level of sharing that we have all embraced. We wanted to see news, videos, and recommendations. We wanted to connect with others that were friends, family, those we had past history with, as well as past  colleagues. Facebook took that information and used it for its own gain. But, if that was not bad enough, Facebook allowed others we did not know about to take our data, demographics, and preferences and share them with third, fourth, and even fifth parties. Even using our own profiles to access anyone else’s profile connected to ours and take their data too. The end result was the reality of “privacy” we thought we had in our own individual accounts was false.

As draconian as the EU privacy guidelines are for websites to adhere to by May 25, 2018, I applaud them and embrace them. We should all know what is done with our information. We should know that we can now ask to have it removed – easier for those in the EU to demand than US residents. We should know who our data is being shared with for data mining and ad serving.

As for myself, I have removed all but one or two things from my Facebook profile. Facebook does not need to know my political or religious views. Nor should it know my age and for that matter at this point even location.

I personally am actually looking for alternatives to Facebook as this recent privacy issue has revealed the heart and soul of Facebook as a platform, and I do not like what I see. We were all lulled into thinking that Facebook was fun a place to connect, but now I perceive it as a place to steal my privacy and personal data from me all for the single-minded use of making money off of me.

Google, my eyes are being turned onto you next!


The New World of Privacy as Dictated by the European Union

Solutions for your business that make sense.
Solutions for your business that make sense.

On May 25th the European Union’s (EU) new security policy goes into force. Even if you are not located in the EU, you should do a careful review as you may still be able to be sighted with a penalty as website visitors may be located in the EU.

Below are my recommendations on what to do with the pending 5/25/18 EU required changes.
First, it is important to know that I am not a security policy consultant, but I am making recommendations to you that may be helpful as you review your own policies and procedures.
Even though you may not advertise or target the EU, website owners  are still required to protect and adhere to the guidelines that the EU has laid out and is forcing Google and other tech firms to embrace legally.
My Recommendations
Move to https from http to allow for a greater level of website security and encryption of form submissions from an https page.
Enewsletters – stop doing auto subscribe for any newsletters (if you still do this). EU Users, now based on the new requirements, must state that they are desiring to  opt in to your list.

No online forms should request sensitive information like health information, insurability, etc. If you need this for your business, you need to find a more secure way to ask than using a website form. In the USA we have HIPAA rules and you should already be compliant.
Update your privacy policy to be transparent on what you track and how you use that information, how you secure it, and who you share it with.
The most important part is to make sure to have in the links in your privacy policy content to allow people to opt out of Google Tracking and Doubleclick the third party vendor Google uses.
Review in Google Analytics the new data retention sections and other settings that Google has recently rolled out and that are live now. These are available now under the admin section. You will need to work through each option to choose the one that is right for you and then list your selections for transparency on the policies page in the Analytics section. I have personally selected data retention for my own site of 14 months, right now the default is 26 months.
There are a number of other new settings in the admin section in Google Analytics on server sessions and visitor identification. You will want to look at that for sure to make sure you do not need a new configuration update.
I would recommend you move to the newest version of Google Analytics code if you can at this time so that you can affect change to some of these settings that are only available to sites using the new code snippet.
Review your own website visitor geo information. If you have a number of visitors from the EU, you may also need to create a cookie approval doorway option for your site. One where the user has to click their approval for a cookie set to enter into your website. This becomes crucial to get this approval if you are using Google Remarketing, Google AdWords, and any website tracking tool or conversion codes. If you are using Facebook Remarketing you need to get cookie approvals too.
Become aware of the EU data retention rules, operations to remove personal data when requested, but most of all be transparent of what you do with information you collect.
If you are heavily involved in selling to or have strong visitor numbers from the EU, get up to speed now on what is required as it may be time consuming to make changes and institute new security policies.

Training Staff that Works Remotely

Nancy McCord a Google Partner and Bing Partner
Nancy McCord a Google Partner and Bing Partner

Training staff that works remotely can be a challenge. My firm has four remote employees and I have found that training is as easy as taking a short video with your phone.

In my case, my remote employees do not all have the same hours as all of them have other jobs or are full time students. So, it is nearly impossible to get everyone online at the same time.

I have started taking videos with my phone while I am in a control panel to make a super short video of what to do on a project. I am finding that employees like this, are able to watch the training multiple times, and some will even take notes and then work from their notes.

The key is to make the video super short and convey a concept that is not overly complicated. For me, I have done videos on how to add negative keywords to an AdWords account and how to create new ad text.

For most millennials, the visual mode of training is best and engages them most. Older staff seems to want the video plus written steps.

The key takeaway on this blog post is sometimes you simply need to think outside the box and meet staff where they are and allow training that is on-demand for their schedule.