Hawk and the GDPR Enabling privacy and compliance

Since May of 2018, when it went into effect, the GDPR has been an important consideration for website owners and app developers. Nobody wants to accidentally run afoul of current privacy regulations.

We’re here to help! Hawk is designed to offer the features necessary for our customers to maintain GDPR compliance.

GDPR Terms

Hawk is a tool that gathers network traffic generated by your website’s users. Since some of that traffic might contain personal data, Hawk is a data processor. But Hawk can’t know what data is personal data and what isn’t. And Hawk doesn’t make any decisions about the purposes of processing data. So Hawk is not a data controller. If you use Hawk to process personal data, then you are a data controller, and the ultimate responsibility for user privacy rests on you.

But don’t worry! Hawk gives you the tools you need to succeed!


Limiting Access

Hawk’s primary tool for managing access to personal data is our robust data masking. We expect that, for normal use cases, Hawk won’t be used primarily for gathering personal data. If your application requires personal data, you should be managing it elsewhere. So you’ll want Hawk to ignore any personal data it comes across. That’s what data masking does: you specify some part of your network traffic that’s sensitive, and Hawk neither records nor transmits it.

Because a user’s IP address and location can be considered personal data in some cases, Hawk also has an option to hide location data. This lets you ensure that anybody who doesn’t have authorization to view user location data, cannot do so.

Right of Access and Right of Erasure

If you receive a request from a user for access to their data, don’t worry about it! All the data collected by Hawk is available for you to download or delete, right from the normal Hawk web interface. Read about how to delete or download individual events here, and about how to download or delete your data as a whole here.


The GDPR establishes a number of legal reasons for collecting personal data, but most web applications that collect personal data do so because of consent. Since Hawk doesn’t know whether you gather personal data or not, or your reasons for doing so, it’s ultimately up to you to get consent, if you need it. You may already have an appropriate consent banner in place.

Your consent form should include notification of the kind of information that you use Hawk to gather, as well as the purpose for which it’s gathered.

If your use of Hawk requires consent, you should ensure that your site does not run the Hawk snippet until after consent is given. There are many solutions for ensuring that your site doesn’t run tracking scripts without consent; you should choose one that works best for your platform and situation.

One popular option is Cookie Consent. If you want to use Hawk with Cookie Consent, follow their instructions here, and replace the // enable cookies line with JavaScript code that adds the Hawk script tag to the page, just as you would with a Google Analytics (or any other) script tag.

Breach Response

Hawk’s development and management teams are committed to reporting any data breaches in accordance with applicable law, and for the sake of our customers! In the event that we become aware of a breach, Hawk will notify our users as appropriate. It’s up to you, however, to determine which of your own users may have been affected, and to notify them.

Did you find this article helpful?