On May 25th, the European Union’s General Data Protection Regulation (GDPR) will be officially in effect. The GDPR is designed to update the rules on personal data collection and retention and will significantly alter how all organizations can handle customer information. Check out Dave Cacioppo’s previous blog post covering the broader impact of GDPR for Marketers. This post is going to be focused on a more granular facet of the impact of GDPR – Google Analytics (in truth, all web analytics platforms).
What Does GDPR Mean for Google Analytics?
If you administer or access Google Analytics, you’ve likely seen the big yellow message at the top of the screen that looks something like this:
If you click the learn more link, you can find a bit more detail on what this actually means. With the May 25th deadline approaching, if you haven’t already made a decision on data retention, you will likely start to see a more assertive box that looks something like the below.
The bottom line with all of this is that you will be forced to choose a data retention methodology, or you will be defaulted into a 26-month data retention. Note: you are able to edit this to whatever you would like at any time.
What Does User and Event Data Retention Actually Mean?
While it has been swirling around for several months, the truth is that this won’t be a major impact on MOST reports that you pull in Google Analytics today. The data retention period applies only to user-level and event-level data associated with cookies, user IDs, and advertising IDs. While this data retention period is designed to for GDPR compliance, it bears repeating that this data retention period will not affect aggregated Google Analytics reporting.
What Are Your Data Retention Options with Google Analytics?
In order to be compliant with GDPR regulations, Google Analytics has given marketers several options for how long they can retain user and event level data before it is automatically deleted. Specifically:
- 14 months
- 26 months
- 38 months
- 50 months
- Do not automatically expire
As you can see, the length of time you retain this data is flexible and it is fully controllable by you. At any time, you are able to go into the Admin section and update your data retention period. Note: all data in Google Analytics will be deleted on a monthly basis based on your selection.
How Will GDPR Affect Your Segmentation and Advertising Data?
At an aggregate level, the data in most reports will not be impacted. However, if you are using Custom segments or defined audiences, this data will be impacted based on the period you choose to retain data.
What Google Analytics Settings Can I Change to Ensure GDPR Compliance?
First, you can start by reviewing account-level settings in Google Analytics (you will need edit-level access to take this step). Login to your Google Analytics account, click over to the Admin section and choose “Account Settings” under the Account Column. Within this section, you will find a number of Data Sharing Settings that you can check to opt in/out. These include:
- Google Products & Services (which will share analytics data with other Google products like AdWords)
- Benchmarking (which will contribute anonymous data to an aggregate data set)
- Technical Support (which allows Google technical support representatives access when necessary)
- Account Specialists (allows Google marketing specialists access to your Google Analytics data)
- Google Sales Experts (which will give Google Sales people access to your account)
- Data Process Amendment (if you haven’t already, you will need to review and accept this amendment for GDPR Compliance)
Google Analytics Advertising Features
If you currently use or plan to use Google Analytics Advertising Features, it will be important for you to review your privacy settings for GDPR compliance. Advertising features include:
- Display Network Impressions Reporting
- Demographics and Interest Reporting
- Integrated Data Collection for Advertising Purposes (via advertising Cookies)
- Second, you have to disclose how you will be using this information. Generic “we will not sell your information” may not be sufficient. You may need to define more specifically how collected data will be used for future communications.
- Provide users with the ability to opt-out of Google Analytics Advertising features you use.
- Google does encourage offering users a link to the following opt-out browser plugin for Chrome – https://tools.google.com/dlpage/gaoptout/.
Bottom Line: Make Sure You’re Are Compliant with GDPR By May 25, 2018
For many US-based businesses that don’t have significant investment in international/European customers, GDPR may not have a major impact on your day to day activity. However, it is still important to ensure you meet the minimum compliance criteria for GDPR. These settings will automatically rollout on May 25th regardless of your opt-in. At the end of the day, Google is responsible for supplying the mechanism for businesses to ensure customer data retention compliance, but it is up to you to use it properly for your specific business needs. Google has provided a full knowledge based on Data Privacy and Security for everyone to self-educate.
As always, emfluence is here to help if you need additional assistance with GDPR compliance with your Google Analytics setup. Email us at firstname.lastname@example.org or let us know if you have any questions in the comments section below.