Get Prepared for the General Data Protection Regulation (GDPR)

By now, many of you would have been seeing the notifications from Google coming in to your inbox regarding the GDPR, most businesses think it doesn’t concern them as they do not operate within Europe however, this applies to you if even one visitor from Europe has engaged with your site!

The GDPR is a new regulation on privacy and data protection within Europe ratified in 2016 which comes into effect in May 2018, the legislation governs how websites gather and use the data they collate through platforms such as Google Analytics.

One major point for all Google Analytics customers is ‘Data Retention Controls’ added to reflect the GDPR. As of now, all GA accounts are set to delete user data 26 months once a user has reached the allocated retention period, this means that valuable data to you could be lost –  to update your Data Retention Controls – head to the ‘Tracking Info’ section within the Admin settings.

For all organisations and businesses that do operate and trade within the European Economic Area:

You must obtain end users’ legally valid consent to:

• the use of cookies or other local storage where legally required; and
• the collection, sharing, and use of personal data for personalization of ads or other services.

When seeking consent you must:

• retain records of consent given by end users; and
• provide end users with clear instructions for revocation of consent.

Google states that “You must clearly identify each party that may collect, receive, or use end users’ personal data as a consequence of your use of a Google product. You must also provide end users with prominent and easily accessible information about that party’s use of end users’ personal data”.

Above all else, speak to your legal counsel about how these changes impact your business!