The only constant is change- and it’s accelerating all the time! In today’s increasingly complex internet landscape it’s more important than ever to have a digital marketing and website design agency you can trust and rely on. After careful consideration and consulting with several experts in Europe’s new laws governing the collection, processing and transfer of personal data, GDPR—The General Data Protection Regulation 2016/679, we have prepared the following strategy regarding Google Analytics Data Settings and GDPR for our customers.
Google Analytics Data Retention Settings
Google Analytics sent out emails starting a few weeks ago announcing their new Data Retention settings and prompted users upon login to select a period of time for data to be retained.
You can choose how long Analytics retains data before automatically deleting it:
- 14 months
- 26 months
- 38 months
- 50 months
- Do not automatically expire
It’s important to note that according to Google (as stated below), standard Analytics data is not affected. As a result, most of our customers will not be affected and you likely don’t need to worry about it.
“Keep in mind that standard aggregated Google Analytics reporting is not affected. The user and event data managed by this setting is needed only when you use certain advanced features like applying custom segments to reports or creating unusual custom reports.” -Google Analytics Support
You should however go ahead and select an option, our recommendation is 50 months. This has already been completed for all Q4Launch Integrated Marketing customers.
There is still a lot to shake out with the enforcement of GDPR, which starts this month, and the long term ramifications of its implementation and enforcement. With the majority of our customers based in the United States, and primarily doing business with customers from the United States, we do not see this being an issue that will affect many of you at the current time. The regulations only cover businesses that explicitly target citizens in the European Union. Reading the below examples on who is within GDPR’s scope, you can determine whether this applies to you. You can also read more here on who must comply.
This outlines non-exhaustive examples for deciding whether there is sufficient evidence that a firm is within the GDPR’s scope:
- May be insufficient evidence
- The firm’s website is accessible to EU residents
- The firm’s email or other contact details is accessible to EU residents
- The firm is located in a non-EU state that speaks the same language as an EU state (Including English and Spanish)
- May be sufficient evidence
- The firm markets its goods and services in the same language as that which is generally used in an EU member state
- The firm lists prices in EU member state currencies (the Euro, British pound sterling, Swiss franc, etc.)
- The firm cites EU customers or users
Our conclusion is that if your marketing is not explicitly targeting EU residents, you are not providing websites in languages used in EU states (other than English), and you are not listing prices in EU currencies, you are not required to comply with GDPR.
However, we are taking several proactive steps in our preparation to become compliant with GDPR should any of our clients desire to transfer personal data governed under the EU regulations.
- We are taking steps to become compliant and register with the Privacy Shield Program designed by the U.S. Department of Commerce, the European Commission and Swiss Administration. On July 12, 2016, the European Commission deemed the EU-U.S. Privacy Shield Framework adequate to enable transfers of EU personal data under EU law (see the adequacy determination). On January 12, 2017, the Swiss Government announced the approval of the Swiss-U.S. Privacy Shield Framework as a valid legal mechanism to comply with Swiss requirements when transferring personal data from Switzerland to the United States. See the statements from the Swiss Federal Council and Swiss Federal Data Protection and Information Commissioner.
- Collecting consent: Any consent you obtain from your subscribers and contacts must comply with the GDPR requirements, irrespective of when that consent was obtained. However, Recital 171 of the GDPR indicates that you may continue to rely on any existing consent which meets the GDPR standards for consent. If you would like to re-obtain consent of your existing email subscribers, we are happy to send an opt-in email campaign on your behalf, for no charge.
We hope this information is helpful for you and reduces any concerns you may have around the new Google Analytics Data Settings and GDPR. We are committed to your continued success and happy to provide all of the above referenced services at no additional charge to you through our Future Proof® Platform and Integrated Marketing Services.
Should you have additional questions regarding this topic, please contact your Customer Experience Manager directly or Get in Touch with us here.