May 19, 2018

The impact GDPR has on Google Analytics

The new GDPR regulations come into effect across the European Union from Friday 25th May, with the aim of giving web users greater control over their data. How does this affect users of Google Analytics?

Businesses failing to comply with the new legislation could face huge fines, so is your business prepared?

In this article, we’re going to be taking a look at the impact GDPR has on Google Analytics – the industry standard for web analytics used by an estimated 50 million websites.

Does Google Analytics flout GDPR?

The simple answer to this is no. At a basic level, GDPR states that you have to have permission from the individual to use their personal data – and this permission needs to be explicit for each different use of the data. However, GDPR’s definition of personal data means data which can be used to identify the individual.

Google Analytics collects data from every visitor to your site, but it doesn’t store personally identifiable information – this is actually against GA’s terms of service. Instead, all data is aggregated and anonymised. Saying that, you should still make an effort to conduct an audit of your data, in case there is any personally identifiable data in there. Some actionable steps you can take to do this can be found here.

Google updates

Google recently added a new feature – ‘User and event data retention’ – to Google Analytics, allowing the data controller more say in terms of how long data such as cookies, user identifiers, or advertising identifiers is retained.

Even after the GDPR regulations have come into effect and you’ve doublechecked your Google Analytics for compliance, you still need to be vigilant when it comes to website security. Here are a couple of best practice tips to help keep hackers at bay:

Buy an SSL certificate

A month prior to GDPR coming into effect, CyberScanner revealed that 86.5% of WordPress websites – remember that WordPress is used by up to 40% of websites – were vulnerable to hackers.

With businesses under greater pressure to safeguard user data, it’s important that you take steps secure your site. A great way to do this is by installing an SSL, or secure sockets layer, certificate on your website – this ensures data sent between your server and the user’s browser is secure. What’s more, SSL certificates are also recognised as ranking factors by the Google algorithm.

Develop your site little and often

Update your website regularly to ensure you’re keeping your software up to date – hackers are always finding new ways to exploit negligent sites, but this is less likely for newer sites than it is for older ones. Regular development is also good for SEO, as your site will be crawled more often.

For help with your GDPR compliance, or to see what else Monster Creative has to offer, please visit our services page.

Do you have a project you would like to discuss?