E49 – What is GDPR and Does it Matter to You? W/ Guest Jenny Halasz

What is GDPR and Does it Matter to You?

1. The first thing to do is talk to your lawyer.
2. The second thing to do is to talk your lawyer.

If you have a Digital Knowledge Manager, perhaps make them the point person to get all of this rolling by May 25th, 2018. Yes, the deadline is May 25th people!

Beyond that the team digs into what GDPR is, what it means for those in the US (Canada and really anyone outside of the EU too), and what you should look to do prior to the May 25th, 2018 deadline. Yes talking to your lawyer is one of those things. The larger the company you are the more likely this is something people have already started looking into but we suggest you start asking questions just to make sure someone is on it!

While we will discuss a fair amount there are a number of links below we encourage you to dig into as well. Good luck with GDPR everyone!

Episode 49 Mentioned Tools and Resources

• FAQs about GDPR
• General Data Protection Regulation (GDPR) requirements, deadlines and facts
• What Is GDPR & How Does It Affect Me?
• What is personally identifiable information (PII)? How to protect it under GDPR
• GDPR Key Changes
• EU General Data Protection Regulation (GDPR) – Official Site & Portal
• The GDPR: 29 Things ALL Marketers Must Know
• What is personal data? According to EU

Related Google Analytics Email

Dear Google Analytics Administrator,
Over the past year we’ve shared how we are preparing to meet the requirements of the GDPR, the new data protection law coming into force on May 25, 2018. Today we are sharing more about important product changes that may impact your Google Analytics data, and other updates in preparation for the GDPR. This e-mail requires your attention and action even if your users are not based in the European Economic Area (EEA).

Product Updates
Today we introduced granular data retention controls that allow you to manage how long your user and event data is held on our servers. Starting May 25, 2018, user and event data will be retained according to these settings; Google Analytics will automatically delete user and event data that is older than the retention period you select. Note that these settings will not affect reports based on aggregated data.

Action: Please review these data retention settings and modify as needed.
Before May 25, we will also introduce a new user deletion tool that allows you to manage the deletion of all data associated with an individual user (e.g. site visitor) from your Google Analytics and/or Analytics 360 properties. This new automated tool will work based on any of the common identifiers sent to Analytics Client ID (i.e. standard Google Analytics first party cookie), User ID (if enabled), or App Instance ID (if using Google Analytics for Firebase). Details will be available on our Developers site shortly.
As always, we remain committed to providing ways to safeguard your data. Google Analytics and Analytics 360 will continue to offer a number of other features and policies around data collection, use, and retention to assist you in safeguarding your data. For example, features for customizable cookie settings, privacy controls, data sharing settings, data deletion on account termination, and IP anonymization may prove useful as you evaluate the impact of the GDPR for your company’s unique situation and Analytics implementation.
Contract And User Consent Related Updates
Contract changes

Google has been rolling out updates to our contractual terms for many products since last August, reflecting Google’s status as either data processor or data controller under the new law (see full classification of our Ads products). The new GDPR terms will supplement your current contract with Google and will come into force on May 25, 2018.
In both Google Analytics and Analytics 360, Google operates as a processor of personal data that is handled in the service.
For Google Analytics clients based outside the EEA and all Analytics 360 customers, updated data processing terms are available for your review/acceptance in your accounts (Admin ➝ Account Settings).

For Google Analytics clients based in the EEA, updated data processing terms have already been included in your terms.
If you don’t contract with Google for your use of our measurement products, you should seek advice from the parties with whom you contract.

Updated EU User Consent Policy

Per our advertising features policy, both Google Analytics and Analytics 360 customers using advertising features must comply with Google’s EU User Consent Policy. Google’s EU User Consent Policy is being updated to reflect new legal requirements of the GDPR. It sets out your responsibilities for making disclosures to, and obtaining consent from, end users of your sites and apps in the EEA.

Action: Even if you are not based in the EEA, please consider together with your legal department or advisors, whether your business will be in scope of the GDPR when using Google Analytics and Analytics 360 and review/accept the updated data processing terms as well as define your path for compliance with the EU User Consent Policy.

Find Out More

You can refer to privacy.google.com/businesses to learn more about Google’s data privacy policies and approach, as well as view our data processing terms.
We will continue to share further information on our plans in the coming weeks and will update relevant developer and help center documentation where necessary.
Thanks,

The Google Analytics Team