On May 25, 2018, the General Data Privacy Regulation (GDPR) came into effect, after which, many online business owners have found themselves struggling with the policies and getting accustomed to the changes. Many online marketers are still unaware of the requirements of the GDPR, its role in their jobs, and the steps they need to take to follow those rules.
For the behavior of different trades, Google provides analytics to be in compliance with the new standards of the GDPR. With required changes, Google Analytics help them to understand the ways of conducting online marketing business.
Meaning of the GDPR
The General Data Privacy Regulation, or GDPR, is a reform in the system that allows people, especially the citizens of European Economic Area (EEA) and Switzerland, to have control over the various ways of collecting and using their personal data. There are several new rules introduced by the GDPR that are interesting and may take a bit to become accustomed to. However, for your convenience, a few significant changes are described here:
- Transparency of Information
Many companies and organizations need to be transparent regarding the request of certain information, its deriving source, and ways and purposes of its collection. They must clearly state whether the information collected by them is relevant for its intended use and if they are sharing it with any third party.
- Integrity Regarding Usage of Data
Organizations will have to explain the reason for giving information to consumers without concealing it under their privacy policies, which are full of legal jargons.
- Rights of a Consumer
A consumer has the full right to verify the information an organization has about him. He can send them a request to correct any incorrect information and can dismiss their permission of saving data within their organization.
- Testimonial to be in Compliance
Companies will also need to provide evidence of the policies they have or are making to comply with the GDPR. They must have records of the ways people opt for marketing data and documentation of the methods describing the safety of a customer’s information.
- Penalty for Data Breaching
In the case of a data breach, a consumer ought to be notified within 72 hours. If it happens due to non-compliance, a company may have to pay approximately €20 million or 4% of its annual global revenue, whichever amount is higher.
Being a data processor, Google generally handles information from communities all over the world and takes the required steps to comply with the GDPR standards. Google Analytics allows you to delete information on people from your website on their request. Its data retention settings also enable you to control the time individual user data is saved before being deleted automatically. As a default setting, Google has set this period for 26 months; however, in case of a US-based company, it can be set without an expiry date or until the laws of data protection change within the United States. It is also important to know that this only applies to the data of an individual user and event and will not affect the aggregate data of high-level information.
So, make sure that you use Analytics in compliance with the GDPR and use the data for its intended purpose without sending any Personal Identifiable Information (PII) to Google Analytics. By default, if you send PII to Analytics, the use of filters in Analytics to block this information is not sufficient. To fix this problem, you need the help of an expert web development team.
How to Remove IP Addresses
IP addresses are not always considered PII. However, they are classified as an online identifier by the GDPR. To handle the issue, you can turn on IP anonymization that will replace the last portion of an IP address with zero to help you get an idea of the source of your traffic.
A person can also use the Google Tag Manager for IP anonymization. For this, first open your Google Analytics tag or its settings variable, select ‘More Settings’ and choose ‘Fields to Set.’ Now, click ‘anonymizeip’ in the ‘Field Name’ box, enter ‘true’ in the ‘Value’ box,’ and save the changes.
If you are working outside the EEA and the GDPR still applies to your business, then you can log in to your Google Analytics account settings for the acceptance of updated terms of processing. In case of citizenship under the EEA, the updated terms would automatically be included in your data processing terms.
The GDPR and Online Marketing
- Referral Types of Deals Sometimes companies use referral-type promotions for their business where a consumer enters information for a friend to get a discount on the price. Now, the policies of the GDPR would act based on the factor that how this information is being used. If a company uses the information of the referred person for the marketing purposes, it is a violation of the GDPR rules. However, if you do not store such information for your marketing goals, there would be no breach of the GDPR laws.
- E-Mail Marketing
Being an email marketer, if you follow the industry standards, such as sending messages to people opted into your list and simple options of unsubscribing a website, you are on track for the GDPR.
Make sure that your European contacts have, with no doubt, opted into your list with the clear aims of signing up. If you are unaware of the countries of each or some of the individual contact in your list, then you can remove or keep them in a separate segment in the system so that they do not receive any messages from you until they are verified.