GDPR is coming to all of us. How can we get our Google Analytics ready for the privacy changes? There are a few things you need to take care of to be compliant. In this video we are going to have a look at those changes.
1. Avoid PII in GA
2. Anonymize IP
3. Disable Display Features
4. GA Cookies
GDPR – What you need to know https://www.youtube.com/watch?v=nA9NgrvS8vg
GDPR Compliance – The steps that I take to prepare https://www.youtube.com/watch?v=khr6sctQjRM
Tools & Widgets to Manage Cookie Consent: https://medium.com/gdprstories/tools-widgets-to-manage-cookie-consent-346a00dc1dff
Discussion about GDPR and GA: https://plus.google.com/u/0/+StephaneHamel-immeria/posts/YcnrmoQQpT4
GDPR Review service: https://www.disclaimertemplate.com/julian/
? Learn more from Measureschool: https://measureschool.com/products
?Looking to kick-start your data journey? Hire us: https://measureschool.com/services/
? Recommended Measure Books: https://kit.com/Measureschool/recommended-measure-books
? Gear we used to produce this video: https://kit.com/Measureschool/measureschool-youtube-gear
– In this video we’re gonna take a look at what you need to change inside of your Google Analytics installation to become compliant with GDPR. All and more coming up. Hey there and welcome back to another video of measureschool.com teaching you the data-driven way of digital marketing. My name is Julian and today we want to talk about GDPR again.
Now, in our last videos we already talked about what GDPR actually is, and how I prepared for GDPR, and how you could too. Today we want to talk about a specific tool, in this case Google Analytics, so how can you prepare your Google Analytics account to be compliant with GDPR and privacy laws in Europe. Google Analytics is obviously a tracking tool and it’s gathering data from data subjects, such as people who come to your website from the EU, and that’s why you need to protect their privacy. Google Analytics has come out with certain features, even before the GDPR was actually announced, to protect users’ privacy. In today’s video we want to go through the steps that you need to take in order to get your Google Analytics implementation ready for GDPR. It’s important to remember that there’re actual levels of compliance so you could, for example, turn off Google Analytics completely, then you definitely would not gather any data obviously, but you wouldn’t be able to analyze your user behavior on your website anymore. You could take these steps that I will show you in this video, or leave them out completely and ignore GDPR, which I wouldn’t recommend.
Now, there are steps that you need to take that could impact your data quality. You can mitigate this data quality loss a little bit, but in a sense, if you want to become fully GDPR-compliant, then you need to put these provisions in place. So let’s take a look at these steps. Here we are in our Google Analytics account and we want to get it GDPR ready. The first thing that we want to check is there any personal identifiable information that goes already into this account. This has been a big no-go in terms of service of Google Analytics anyways, and so you want to make sure that you are not inadvertently tracking any personal identifiable information. That might be an email address, first name, and so on. This can happen, for example, if your email tool sends your user to your website with a query string here and the email address is in the query string. Obviously Google Analytics is gonna send over a pageview to the system, and also is gonna send that information of the URL to the system right here. And then it would be saved in the account and you would be tracking personal identifiable information in Google Analytics. So, if you want to spot-check this, you can go into your behavior reports here, and to Site Content, and look in the search bar if there’s any email address with the @ symbol, for example. And if you see anything in your URLs, you could also put in first name, or any other identifiers that you can think of. So the URLs and the page paths seem to be clear. You are also not allowed to send this in as custom dimensions so check your custom dimensions as well. If you have any personal identifiable information that you are sending over to the system. If you find that you are sending data over, you might already be at risk for violating the terms of service of Google Analytics so you might as well start with a new account. But for sure put in filters in place on the management site, so on Google Tag Manager site, where you are filtering out that information before it goes on to Google Analytics so this doesn’t happen again.
If you are familiar with display advertising features, it’s a feature set within Google Analytics that you can turn on, that gives you, first of all, the ability to build remarketing audiences from your custom segments, and also gives you some pretty interesting data about the users coming to your websites. This is data that is actually derived from different sources and therefore is classified as third-party data, which you also don’t want to connect to your Google Analytics account. So it’s safer to turn this feature completely off. How do you do this? Well, if you have it enabled on the server side, then that means in your Admin section, if you go to the Tracking Info here, then you will see Data Collection. And under these data collections, you see the Remarketing on, and the Advertising Reporting Features on. These need to be turned off.
Now, I don’t have edit rights to this account, but that might be possible in one of my demo accounts here. So you would turn these off, save this advertising feature and you will be safe for GDPR purposes. It might be that you have an older installation, before Google Analytics actually allowed you to turn this on in the Admin section, where you had an analytics.js code where you added this little line to require these display advertising features. Obviously you want to then delete this line so it doesn’t get tracked specifically in your analytics.js codes, or in the gtag you can add this allow display features false, and we would just add this to the object in our configuration file, with a comma, so you are not sending this display feature information onto Google Analytics anymore. And obviously, if you had that implemented in your Google Tag Manager account, you might find this under the More Settings, under Advertising, that this was set to True.
All right, today you have, these are the points that you need to take care of in your Google Analytics account. Again, there are levels of compliance so you could get some data back or mitigate the data quality loss by putting something into place, like geolocation where you only activate certain features for certain users who come from the European Union. But obviously this takes a lot more implementation than we have done today. It’s probable that there will be more changes to come in Google Analytics and to privacy laws, it’s always a work in progress so we will see how the best practices and the lawsuits will inform us. If there’s anything new, then I will inform you on this channel so make sure to subscribe. And also, if you want to find out more about GDPR, we have done several videos on this as well, one of them up there. My name is Julian. Till next time.