[GDPR Video] GDPR & Google Analytics: How to Make Your Google Analytics GDPR-Compliant
Make sure your Google Analytics is GDPR-ready with these important tips from Alex Juel, SEO Strategist at Inflow.
You can watch him talking about the important parts of making your GA GDPR-ready.
You can also read along as she explains it to you.
How to Make Your Google Analytics GDPR-Compliant
Alex Juel from Inflow gives you quick, useful information on what you need to know in order to make sure the way you’re tracking your users with Google Analytics is in line with the new GDPR rules.
Watch him below:
Here’s the transcript to read along while listening to Alex:
#1 How GDPR affects you
“First, I want to mention that the General Data Protection Regulation stuff is serious. I’m not a lawyer and I’m not a GDPR expert, so anything related to how GDPR affects your business should be passed by your legal or compliance teams.
So, that being said, there are lots of changes that business owners need to make with GDPR which goes into effect on May 25th. And although this is an EU regulation, it affects any website that works with residents of Europe.
The EU actually can fine US businesses who violate the new regulations.”
#2 Identify personal data on Google Analytics
“As a digital marketer, my first recommendation is to check your Google Analytics data for any personally identifiable data.
A lot of ecommerce sites collect this without realizing that what they’re doing is against Google guidelines. For example, you might have a form on your site that asks customers to enter personal
information like their email address, their name and phone number, which then redirects them to a relevant page such as a booking page.
For example, that URL might collect all of the parameters that they entered on that form.
Or as another example, some ecommerce sites will add a customer’s name, IP address and an account number to an order confirmation URL after successfully making an order. So, in cases like this, if these URLs are sent to GA they will not comply with GDPR rules and Google might shut your account down.
None of our clients at Inflow have had their Google Analytics account shut down for this, but we’ve heard news around the industry that it has happened, so it’s definitely something that you want to watch out for.
The best thing you can do is probably just to not add any personal information to the URLs.”
#3 Remove personal data from Google Analytics
“Okay, so let’s say that you do have personally identifiable data in your analytics account.
There’s currently no way to remove this data from Google Analytics, but Google said that they will be releasing a user deletion tool before May 25th, and that’s only a week away and we still don’t have a tool from Google.
But when it’s released, make sure to delete any personal user data that you know of before Google might take action on your account.
Also, if you’re an admin, on your Google Analytics account you should have seen an email from Google warning you that they will automatically delete Analytics data based on their new data retention settings.
Google has defaulted this setting to 26 months, so any data older than that will be deleted on May 25th.”
#4 Change data retention settings
“We’ve been suggesting to our clients that they change the setting to not automatically expire.
And you can do that by going to the admin area of your account by selecting the property you want to change. Go to tracking info and then choosing data retention, and you can select the setting you want from the drop-down menu. And then hit ‘Save’ and that’s it!
So, yeah hopefully that helps. Thanks!”