Updated: Feb 11, 2019
Author: Tony Waldegrave
Lately, Google has been emailing website owners, and advising them of their preparations for meeting the new general data protection law which is coming into effect on 25th May 2018.
This new regulation is designed to give control to citizens of the European Union over their personal data and to simplify the regulatory environment including international businesses.
We have been fielding calls from our NZ customers concerned about compliance requirements and how the GDPR (general data protection regulation) will affect them.
The advice in this article from Adhesion is intended only for our NZ customers and is our interpretation of how these new regulations may impact our customers.
We are not lawyers and if you are conducting online activity (including advertising) within the European Economic Area (EEA), then it would be pertinent to seek proper legal advice.
Countries in the EEA include:
- see the full list of EEA countries
If your business and website is not engaging with customers in the EEA, then you don’t need to worry.
If the above applies to you, then you should seek legal advice.
Note that if you have integration between your website and other platforms such as email marketing and crm systems, you will also need to make sure that your customer data management within those platforms is also compliant.
Some years ago, Google introduced demographic and affinity visitor data profiling in Google Analytics.
The participation requirements for this were simply that the analytics owner had to provide a published web policy that visitor data is collected and may be used in aggregate.
It is Google’s policy on this that is changing to bring Google Analytics into compliance with the GDPR.
The notice customers have received from Google relates to the expiring of all personalised website visitor data after 26 months effective from May 25th 2018. This data will be deleted monthly on a rolling basis.
This data excludes normal data such as sessions and user engagement metrics, but does include user level-data and event-level data collected using cookies for use in Google’s advanced advertising features such as remarketing.
Google is providing you the opportunity to manually change the default data collection settings in Google Analytics so the data does not automatically expire. If you do make this change and you do fall within the GDPR regulations, then the onus will be on you to make sure you comply with the GDPR requirements for your Google Analytics account.
Google has also stated that it will soon release a new feature enabling website visitors to delete their own data.
Google has published a website offering advice to publishers and advertisers on how they can comply with the GDPR. This includes advice on how to manage and implement consent notices to website visitors.
We will be updating this article as more information comes to hand. If you are a NZ business, please contact us if you have any questions.
Our reputation goes hand-in-hand with our team’s dedication to best practice. As a registered Premier Google Partner, our team refreshes our certifications every 12 months — A tradition we started over a decade ago. To stay ahead, we are always looking forward to upcoming certifications for online advertising, website development and search engine optimisation.