How to use Google Analytics and stay GDPR compliant?

by Valentina P. Content Lead

GDPR is already here, and some of digital marketers and data analysts are still wondering how to get the most from Google Analytics and stay GDPR compliant. In fact, everything is not so scary as it seems, specialists are still allowed to collect and process data.

First, there are some basic measures to take for GDPR compliance. Here are GDPR Basics, a checklist for compliance, and own IO measures we have taken. You can use it as a case or example.

And now, let’s get to our topic: GDPR and Google Analytics.

Make Sure What Data You Collect

1. The new regulations allow businesses to collect and process only necessary data. For instance, if you need someone to sign up to your newsletter, they shouldn’t provide you with any additional information like offline address, name, age, and so on. Minimize the quantity of forms for opting-in.

2. Make sure your site doesn’t collect PII (Personal identifiable information). Collecting it is against Google Analytics Terms of Service, no matter whether you work with its free or paid version. Your pages must not contain ‘email=’ query string parameter. Solve such problems on the technical level.

Here are an extensive guide to best practices of avoiding using PII written by Google.

3. Enable IP anonymization, as peoples’ IPs belong to PII as well because of using geo-location for every IP address. Turn it off in Tag Manager. Go to ‘More Settings’, choose ‘Fields’ and set a new ‘anonymizeIp’ field, its value should be ‘true’.

4.  GDPR doesn’t allow collecting and processing sensitive information until it’s necessary in some specific case. From now on, you can’t create surveys on political or religious topic, as once one EU citizen takes part in it, you appear out of the law.

5. Check your third-party plugins and add-ons that can collect personal data. If there are some, delete them.

Minimize Data Collection

1. Do you need Google Analytics Advertising Features and Remarketing? You can find them in ‘Property’ > ‘Tracking Info’ > ‘Data Collection’. Whenever you need to turn them on, write about that in your Privacy policy.

Also, check the length of time period for data storage as the new regulations don’t allow storing data longer than it is needed.

2. Connect your AdWords account to Google Analytics account only in case you use Advertising features. Other way, don’t connect them.

3. Limit your data sharing settings in GA. We are talking about:

  • Google products and support;

  • Technical support;

  • Benchmarking;

  • Account specialists;

  • Give all Google sales experts access to your data and account.

They can be found on the Admin panel and find there your Account settings. If you don’t need anything from this list, just untick the box near to it.

4. Blocking an EU country. This measure is severe but still possible. If you are ready to lose traffic from the EU for the sake of not facing GDPR in any case, block European countries. Go to your Account, choose ‘All Filters’ and ‘Add Filter’.

What else should be changed?

Check your Privacy policy, make sure that all the points are clearly disclosed in it. Use the moto ‘Privacy by design’. Check the next points:

  • The privacy policy has to be clear and understandable for any user.

  • What information does your business collect?

  • What technologies do you use for collecting and storing personal data?

  • Do you use third-party services for processing data?

  • What reasons do you have for collecting data?

  • How can you protect users’ data from breaching or loss?

Finally, you can consult with your DPO or an EU representative.

As the bottom line, we can remind that you are still allowed to use Google Analytics features and collect the necessary data from EU citizens. You just need to be respectful and ready to safeguard peoples’ rights.

Sponsor Ads

About Valentina P. Freshman   Content Lead

14 connections, 0 recommendations, 43 honor points.
Joined APSense since, April 17th, 2018, From Kiev, Ukraine.

Created on Jun 4th 2018 03:27. Viewed 461 times.


No comment, be the first to comment.
Please sign in before you comment.