Page Rank SE Optimization

How Does GDPR Affect SEO

The General Data Protection Regulation (GDPR) officially took effect on May 25th of last year. Although it is technically only applicable to companies interacting with EU citizens, this regulation represents a milestone in data privacy legislation on a global scale. The main goal of GDPR is to give individuals more control over how their personal data is being used online.

The GDPR can be seen as a response to data misuse cases such as the one perpetrated by Cambridge Analytica, where users’ Facebook data was illicitly used for political profiling and advertising purposes. All industries that rely on user data collection and processing were impacted by the GDPR to some extent, including digital marketing.

Data-based personalization and retargeting were the cornerstones of many digital marketing methods, which have become untenable in the wake of the GDPR. With their decline, businesses have started turning once more to SEO, a staple of digital marketing that has traditionally been less reliant on invasive data gathering procedures. If you wish to know more about the place of SEO in the post-GDPR world, read on.

Easier Outbound Link-Building

GDPR requires companies operating online to have a clearly stated privacy policy on their website. The way this has been implemented on most sites is with a link to the privacy policy on relevant web pages. 

In-house SEO teams used to encounter many roadblocks when attempting to add links in this manner for cross-linking purposes. This was particularly challenging on pages created for demand generation with lots of inbound links, and a strictly controlled outbound link policy. However, with the passing of the GDPR there is now precedent for engaging in this kind of link-building by default. The imperative to create privacy policy links has given SEO personnel a convenient way to flow crawlers to-and-from these pages.

Security as a Ranking Factor

There is ongoing speculation in SEO circles that Google will rank GDPR-compliant websites higher on the SERPS, but so far nothing has been officially confirmed. With that being said, Google has always been committed towards making the web a safer place, so their interests are in principle aligned with those of the GDPR. 

For instance, Google has been at the forefront of the push towards the adoption of HTTPS, which is why they have turned it into a minor ranking signal. From this we can conclude that HTTPS is the new norm when it comes to safe browsing. And from here, it is only a matter of time before website owners also start adopting privacy protection measures specified by the GDPR.

Difficulties with Geo-Targeting

The GDPR has expanded the notion of what counts as personal data. Under the previous legislation, information such as names, telephone numbers, photos, social security numbers were considered personal data. The GDPR expands this list with data such as IP addresses, mobile device identifiers, geo-location, biometric data, economic status, as well as other marks of identity in a broad sense such as genetic makeup, political affiliation, medical history, etc. 

Of these new types of data, mobile identifiers and geo-location are the ones that have previously been exploited for SEO purposes the most through practices such as geo-targeting. In order to use geo-location for SEO purposes, websites will now have to ask for explicit consent from users.

Alternative Personalization Models

The GDPR requires websites to ask for compliance in order to handle user data, and most users will be unwilling to do so in the wake of recent data breach scandals. This means that a significant portion of users will be receiving generic SERPs, making standard personalization models less effective. However, this line of thinking is based on a faulty assumption, namely that all personalization is derived from concrete user data. 

The fact is, even if the search results are not themselves personalized, the search queries each individual uses still are. This means that a website can still receive highly personalized search traffic, provided they make an attempt to create SEO content based on search intent.

Reduced Keyword Cannibalization

Because paid traffic and organic traffic overlap in their goals, there has always been an issue of keyword cannibalization, especially when brand bidding and re-targeting are taken into account. However, now that re-targeting has been all but eliminated thanks to the GDPR, organic traffic channels such as SEO don’t have to worry about keyword cannibalization any longer. 

On the financial side of things, the reduced effectiveness of paid traffic also means that companies can invest more in SEO and other organic acquisition techniques. SEO tactics that were previously unfeasible due to budgetary concerns are expected to make a comeback in this new environment.

Only Time Will Tell 

SEO has been in a state of constant change ever since search engines became the de facto standard for finding information online. New technologies, updated legislation, and shifting consumer preferences have pushed SEO experts to be on their toes, and find the best means to bring websites to the top of the results pages. The GDPR is just one of many such changes, and as history has repeatedly shown, it is only a matter of time before SEO settles around a new paradigm.

About the author


Neb Ciric

Neb Ciric is an experienced content producer with Advisera - one of the market leaders in helping businesses implement ISO, ITIL, IATF, AS and OHSAS standards. Advisera offers free learning courses and materials, so If you are interested in learning more about GDPR feel free to attend our free GDPR foundations course. If you are want more information regarding EU GDPR, you will find it on the Advisera EU GDPR blog.