Updated: Apr 27, 2025
Author: Tony Waldegrave
The General Data Protection Regulation (GDPR) is a law that came into force in the European Union (EU) and European Economic Area (EEA) on 25 May 2018. Its goal is to give people more control over their personal data and standardise regulations for organisations that collect, store, and use personal information.
If your business does NOT target or deal with customers or website visitors in the EU or EEA:
You do not need to worry about GDPR compliance.
But:
It’s still best practice for all NZ business websites to have a clear privacy policy explaining what data you collect, how you use it, and how users can contact you.
GDPR does affect you if you:
If any of this applies, seek professional legal advice on compliance.
Countries in the EEA include:
United Kingdom
Ireland
France
Spain
Italy
Germany
- see the full list of EEA countries
If your business and website is not engaging with customers in the EEA, then you don’t need to worry.
Given the increasing attention regarding data collection, it would however be advisable for all websites to publish a clear privacy policy detailing how data is collected and managed and for what purposes is it used.
The following website provides a good Privacy Policy Generator.
If the above applies to you, then you should seek legal advice.
You will require an updated Privacy Policy to be published on your website, that details how you collect and manage website visitor data. You will also require a suitable consent notification to be presented to web visitors.
Note that if you have integration between your website and other platforms such as email marketing and CRM systems, you will also need to make sure that your customer data management within those platforms is also compliant.
Some years ago, Google introduced demographic and affinity visitor data profiling in Google Analytics.
The participation requirements for this were simply that the analytics owner had to provide a published web policy that visitor data is collected and may be used in aggregate.
It is Google’s policy on this that is changing to bring Google Analytics into compliance with the GDPR.
The notice customers have received from Google relates to the expiring of all personalised website visitor data after 26 months effective from May 25th 2018. This data will be deleted monthly on a rolling basis.
This data excludes normal data such as sessions and user engagement metrics, but does include user level-data and event-level data collected using cookies for use in Google’s advanced advertising features such as remarketing.
Google is providing you the opportunity to manually change the default data collection settings in Google Analytics so the data does not automatically expire. If you do make this change and you do fall within the GDPR regulations, then the onus will be on you to make sure you comply with the GDPR requirements for your Google Analytics account.
Google has also stated that it will soon release a new feature enabling website visitors to delete their own data.
Google has published a website offering advice to publishers and advertisers on how they can comply with the GDPR. This includes advice on how to manage and implement consent notices to website visitors.
We will be updating this article as more information comes to hand. If you are a NZ business, please contact us if you have any questions.
No EU/EEA customers? Focus on having a good privacy policy.
Engage with EU/EEA residents? Seek legal advice and add proper consent banners.
Unsure? Always better to be transparent and clear with your website visitors about data collection.
Our reputation goes hand-in-hand with our team’s dedication to best practice. As a registered Premier Google Partner, our team refreshes our certifications every 12 months — A tradition we started over a decade ago. To stay ahead, we are always looking forward to upcoming certifications for online advertising, website development and search engine optimisation.
Blog • Terms • Privacy • 110 Mount Eden Rd, Mount Eden, Auckland 1024 • Mon–Fri 8:30am–5pm
© 2007-2025 Adhesion