How can you find out if the General Data Protection Regulation applies to your site? Simple: if you have users from the EU countries, the answer is yes. If you don’t… The answer is still yes! Even if you don’t have any European users today, that may change tomorrow. Just one will be enough to make you subject to the new laws. And because GDPR came into effect in May 2018, your website should already be compliant. Hurry up and do something if it still isn’t!

What is the purpose of GDPR? Its primary goal is to help users who are concerned about the safety of their online data. Is it also good for the sites it affected? Depending on how you handle it, that may or may not be the case. So here is our question of the day: how has GDPR influenced SEO? Let’s find out.

Can GDPR cause any problems for a website’s SEO?

I can say one thing about GDPR with utmost certainty: it’s SEO-friendly. Complying with GDPR may cause you to overwork yourself, but it’s entirely possible to finish preparations and not lose any traffic or rankings afterwards. It all comes down to how much you change your site to make it compliant: the less, the better.

If your site’s rankings and traffic took a dip post-GDPR, you’ve probably gone too far and made a mistake or two. The SEO aspect of GDPR has more “don’ts” than “dos”.

1. DON’T: let popups obstruct your content

If you are like me, you’ve seen a lot of GPDR-related site popups in the past few days. They usually come in two types: “we have updated our privacy policy” and “this website uses cookies, please accept them”. Clicking on them once ensures you never have to see them again, but they can still pose a problem to your SEO if you aren’t careful.

The second type of disclaimer tends to be the more problematic of the two. Since websites would prefer to use cookies rather than not, clicking “I agree” is often the only way to dismiss the popup. After that, users may freely browse the site’s content and do what they want. But what about the users who don’t want to accept your new policies?

Sure, Google allows popups with important information like the use of cookies. You might avoid an intrusive interstitials penalty since your popups don’t technically count as such. However, that doesn’t give you a free pass to ruin user experience and peeve your audience: that’s a textbook recipe for losing traffic. Think of the one-time visitors who come to view just one page on your site and leave. Would they want to let you use cookies on their computers? Of course not.

It kind of defeats the point of GDPR when users aren’t free to browse the Internet while keeping themselves safe. Give your visitors an option to say “no” and still be able to view your site’s content.

Besides pop-ups, there can be many other factors that can negatively affect the user experience on your website. To make sure you don’t have any of these, check your site with WebCEO’s Website Audit Tool and get detailed instructions on how to eliminate errors that can cause you to lose quality traffic.

2. DON’T: redirect users to a page with new policies

Popups aren’t the only way to inform users about GDPR. Some websites have taken a different approach, but you should not follow their example. Here’s why.

Imagine yourself sitting at home and getting the munchies. You open Google and search for “pizza delivery in my city”. You click on the result that catches your eye, and…

Instead of pizza, you are looking at a page listing the site’s new policies caused by GDPR.

You feel cheated and never visit this site again. You buy pizza elsewhere, and it helps you forget this unhappy episode.

What went wrong? The website’s owner set up a redirect leading away from the content the user wanted. This is never a good idea, not even when you need to let people know about important changes. Unfortunately, there are websites that have made this mistake. Some were even quick to fix it, but not before their traffic took a dip.

On top of that, search engine bots are affected by redirects, too. An important page that can’t be crawled is a crippling blow to a site’s SEO – and to your business, if money is involved.

Redirect Chains can be even more damaging if the site owner has messed around with redirect settings. Checking your site at least twice a week using a Website Auditor will help you avoid this SEO disaster and loss of revenue.

3. DON’T: make links to your page with new policies nofollow

While setting up redirects to GDPR pages is a bad idea, having such pages on your site is perfectly fine. In fact, it’s a requirement for businesses that operate with user data. Users need to know they can trust you with their information.

Thing is, a privacy policy page isn’t immediately important in making sales. That’s why you may be tempted to make all links pointing to that page nofollow. However, there are several reasons you shouldn’t.

1. If you nofollow a page, search engine bots can’t crawl it. Google will be unable to see its content, including any links it may have. Since a privacy policy page is bound to have links to other important pages on your site, they will receive less authority they would otherwise. In other words: you’ll end up losing link juice instead of saving it.

2. If you nofollow the page with the confirmation of your GDPR compliance, Google won’t see it. Are you sure you want to hide such important information from Google?

3. Lastly, you might actually want this page to rank high in search results. If someone Googles “(your company name) GDPR”, they will see for themselves you are following the new policies and feel safe with you. For the same reason, don’t noindex the page in your robots.txt file.

4. DON’T: install external elements that aren’t GDPR-compliant on your site

Your site might be using elements from external resources – for example, themes and plugins. They are commonly found in blogs and other platform-generated websites. Such elements are always a risk due to their tendency of being exploited by hackers, and they’ve become slightly more dangerous after GDPR.

Here’s the thing: if you have an element that isn’t GDPR compliant, then neither is your website. Avoid using non-compliant elements at all costs!

Granted, their creators don’t want to be fined and will most likely release newer and safer versions in the nearest future. Keep an eye on these updates and install them as soon as possible. If an external resource remains unsafe, you should delete it from your site altogether and never look back.

Is GDPR compliance a ranking factor?

Most webmasters will comply with GDPR to avoid trouble with the law. That’s the only reward we can expect from the powers that be. What about Google? Will they make GDPR a part of their ranking algorithm?

That is currently unclear. Right now, nobody can tell if GDPR-compliant sites will get a ranking boost and non-compliant ones will be deranked. The fact that not all websites need to obey the regulation doesn’t make this question any easier to answer. All our hopes rest on someone from Google (maybe John Muller) addressing this matter soon.

Sign up to boost your traffic with SEO tools!