There’s a lot of information circulating around regarding GDPR, including some confusion and ambiguity about what it means for online business owners.
I did the research on it so you don’t have to—here’s an overview of what you need to know about GDPR:
What is the GDPR?
The GDPR (or General Data Protection Regulation) is a new data privacy regulation that has been debated for the past four years. It was approved and adopted by the European Union in April 2016 and will be enforced on May 25, 2018.
What does this mean for Canadians?
Even if your or your client’s organization provides goods and services to a “natural person” or “data subject” within the EU, then you will need to take the necessary actions to comply with these regulations. I highly recommended you speak to a lawyer.
From my understanding (and I’m not a lawyer) this regulation means that any information collected that can directly or indirectly identify a person (such as a name, photo, email address, bank details, social media posts, medial info, or a computer’s IP address) must be made explicitly clear up-front. They have the right to receive copies of their data and how it’s being used, and the right to be forgotten (known as Data Erasure).
What does this mean for bloggers?
Luckily, you as a blogger don’t have to worry too much. It’s important to review and update your Google Analytics settings (more on exactly how to do that below). Otherwise, service providers you use (such as email marketing platforms etc.) are responsible for ensuring they have updated their privacy policies.
Be aware of what service providers you are using, and check their privacy policies to confirm they’re updating things to adhere to the GDPR.
How does GDPR affect Google Analytics data?
There is a new option in Google Analytics under Property > Tracking Info > Data Retention that contains two options:
- User and event data retentionBy default, this is set to delete user data after 26 months (you can change this to 14, 26, 38, 50 months, as well as a do-not-expire).
- Reset on new activityBy default, this is set to “on.” It’s important to note that this means it resets a user’s timer to 0 the next time they visit. Data will only expire if a visitor does not return after the time indicated (e.g. 26 months).
There’s a lot of debate going on as to what data Google intends to delete, but according to their support page, they indicate that:
“The retention period applies to user-level and event-level data associated with cookies, user-identifiers (e.g., User-ID) and advertising identifiers (e.g., DoubleClick cookies, Android’s Advertising ID, Apple’s Identifier for Advertisers). Aggregated data is not affected. ”
Therefore, there is speculation that any data related to marketing campaigns and individual information within the User-ID view (if you’re using it) will be removed. There is also concerns that custom event tracking information being deleted as well.
What settings should I choose?
Again, this depends on you or your client’s organization. Some Analytics Admins who are not based in the EU or have any dealings are going straight to the “Do Not Expire” option and crossing their fingers that nothing will be deleted.
I think this provides ample opportunity to put in specific checks to back up any data you need or want over a certain period. Data privacy is a hot topic right now thanks to Mark Zuckerberg, Facebook, and the Cambrian Analytica debacle.
It’s a safe bet to say that Google can delete your historical data at any point anyway, so if they’re setting the default to 26 months, it’s best to work within those parameters. Of course, if your selling cycle is longer than 26 months, then increasing data personal data to expire in 38 or 50 months is perfectly acceptable.
Are you really going to need personal data on someone 50 months from now if they never visited again? Probably not. Chances are they don’t care for your brand, product, or service anyway.