‹ View all blog articles

What is GDPR and what are the compliance requirements?

Updated: Feb 11, 2019


Lately, Google has been emailing website owners, and advising them of their preparations for meeting the new general data protection law which is coming into effect on 25th May 2018.

This new regulation is designed to give control to citizens of the European Union over their personal data and to simplify the regulatory environment including international businesses.

How does this impact my business?

We have been fielding calls from our NZ customers concerned about compliance requirements and how the GDPR (general data protection regulation) will affect them.

The advice in this article from Adhesion is intended only for our NZ customers and is our interpretation of how these new regulations may impact our customers.

We are not lawyers and if you are conducting online activity (including advertising) within the European Economic Area (EEA), then it would be pertinent to seek proper legal advice.

Countries in the EEA include:
United Kingdom
- see the full list of EEA countries

Advice to NZ Customers

If your business and website is not engaging with customers in the EEA, then you don’t need to worry.

Given the increasing attention regarding data collection, it would however be advisable for all websites to publish a clear privacy policy detailing how data is collected and managed and for what purposes is it used.

The following website provides a good Privacy Policy Generator.

What Activity May Mean You will need to comply with GDPR requirements?

  • online advertising within the EE
  • collecting customer information from people within the EE such as newsletter lists, enquiries etc
  • ecommerce sales to customers within the EE

If the above applies to you, then you should seek legal advice.

You will require an updated Privacy Policy to be published on your website, that details how you collect and manage website visitor data. You will also require a suitable consent notification to be presented to web visitors.

Note that if you have integration between your website and other platforms such as email marketing and crm systems, you will also need to make sure that your customer data management within those platforms is also compliant.

Google Analytics and GDPR

Some years ago, Google introduced demographic and affinity visitor data profiling in Google Analytics.

The participation requirements for this were simply that the analytics owner had to provide a published web policy that visitor data is collected and may be used in aggregate.

It is Google’s policy on this that is changing to bring Google Analytics into compliance with the GDPR.

The notice customers have received from Google relates to the expiring of all personalised website visitor data after 26 months effective from May 25th 2018. This data will be deleted monthly on a rolling basis.

This data excludes normal data such as sessions and user engagement metrics, but does include user level-data and event-level data collected using cookies for use in Google’s advanced advertising features such as remarketing.

Google is providing you the opportunity to manually change the default data collection settings in Google Analytics so the data does not automatically expire. If you do make this change and you do fall within the GDPR regulations, then the onus will be on you to make sure you comply with the GDPR requirements for your Google Analytics account.

Google has also stated that it will soon release a new feature enabling website visitors to delete their own data.

Obtaining web visitor consent

Google has published a website offering advice to publishers and advertisers on how they can comply with the GDPR. This includes advice on how to manage and implement consent notices to website visitors.


We will be updating this article as more information comes to hand. If you are a NZ business, please contact us if you have any questions.

Fully certified, year after year.

Our reputation goes hand-in-hand with our team’s dedication to best practice. As a registered Premier Google Partner, our team refreshes our certifications every 12 months — A tradition we started over a decade ago. To stay ahead, we are always looking forward to upcoming certifications for online advertising, website development and search engine optimisation.