Businesses rely on Google Analytics to guide decisions about their websites.
But Google has just announced that they have some new rules about storing data, and that data will now automatically expire.
You may have received Google’s email with the ominous title “[Action Required] Important updates on Google Analytics Data Retention and the General Data Protection Regulation (GDPR)”
This is making many people very nervous. You may be wondering what exactly the new rules are, and how they will affect your ability to plan your marketing and make decisions for your site.
Have no fear – the new rules aren’t as scary as they seem, and there are some settings you can use to ensure you have all the data you need.
Why is Google Changing How Long Data is Stored?
The European Union (EU) has been working on a stronger set of data storage regulations for a number of years, as they have a more consumer-oriented approach to privacy rights. In particular, there have been a lot of court cases centred on “the right to be forgotten”.
As of May 25, 2018, the new General Data Protection Regulation rules come into effect. Because data can travel across national boundaries (users from the EU can visit any site), Google’s changes affect data storage around the world. You can learn more about Google and the GDPR here.
The important thing for us is that as a result of the EU’s new GDPR, Google must now put an expiry date on any personally identifiable data that businesses retain in their Analytics program.
What Data is Affected by the New Rules?
Here’s some good news for you: Analytics data used by most businesses every day won’t change.
That’s because most of the data is completely anonymous.
If I visit your website, Analytics shows what pages I was on and how much time I spent. If you have the demographics report enabled, it can tell you about my age, gender, and any other interests I seem to have based on my browsing habits. If you have event tracking, it can show you I watched a video or clicked on a button.
But all of these details aren’t traceable back to me personally. It’s all attached to a randomly-generated number that ties all the information together in a completely anonymous user profile.
So Why the Fuss?
There are some types of advanced Analytics (or marketing tools you can connect to Google Analytics) that can connect the anonymous information to my identity, usually through my social media accounts.
Google has to be cautious, and put a time limit on data that can be connected through these tools and traced back to me personally.
If you or your marketers aren’t using these tools, you won’t be affected.
How Do I Know If I’m Using These Tools or Not?
In Google Analytics, navigate to Audience/User Explorer. You’ll be able to see the ID numbers used to track visit information.
You can click on each number to view the complete profile. Most businesses will just see a placeholder image, and no “real” photo.
If that’s all you see, you aren’t using any tools that personally identify your site users and your data is GDPR compliant.
With some tools, you’ll see a photo, possibly a social media profile name, or an IP address.
What Can I Do to Keep my Data?
There’s a new setting in Analytics called Data Retention. By default, Google sets the User and Event data to expire in 26 months.
If you want to play it safe, it’s easy to adjust the settings so that you retain your data for longer, or you can set it to never expire.
In the Admin area, go to Property Settings/Tracking Info/Data Retention. You’ll see a menu you can adjust. Don’t forget to save your changes. You’ll need to do this individually for all your accounts.
If Your Business Serves EU Customers
As of May 25, EU customers have the right to know exactly what data you’re storing, get a copy of it, and have it deleted if they ask.