Is Google Dumping Your Analytics Data for GDPR?
Many marketing managers learned about GDPR about a month ago, when Google Analytics sent out a message notifying account holders that they can and should update their data retention settings. Some account holders reacted with panic, fearing their historic analytics data will be lost forever once the new GDPR regulations take effect on May 25.
You mean my Google Analytics data will automatically be deleted after a certain period? Does GDPR actually stand for the Google Data Purge Revolution? I’m feeling scared.
NOTE: This blog post focuses on Google Universal Analytics. As of mid-2022, Google Analytics 4 is not GDPR compliant. GA4 does address three important requirements by GDPR, including a mechanism for users to request data deletion, a shorter data retention limit and IP anonymization by default. Find out what else is new in Google Analytics 4.
The data retention settings in Google Analytics relate to user-level data and event-level data associated with cookies, user identifiers (e.g., User ID) and advertising identifiers. Therefore, you may not be able to access information about that one specific user who downloaded a product brochure 27 months ago.
That’s because aggregated data will not be impacted.
You’ll still be able to access acquisition metrics (e.g., sessions, new users, pageviews) and behavior metrics (e.g., bounce rate, pages per session, time on site) even after your set data retention period. You’ll still be able to pull AdHoc reports to show performance and develop a strategy.
Keep in mind that standard aggregated Google Analytics reporting is not affected. The user and event data managed by this setting is needed only when you use certain advanced features like applying custom segments to reports or creating unusual custom reports.
Advanced Segments, Event Data & Unusual Reports
So unless you are using some complex advanced segments or pulling some “unusual” custom reports, you don’t have much to worry about. If you are using advanced segments, consider creating a new View and replicating your advanced segment in the form of a filter. That way, you won’t have to rely on an advanced segment to see the data you want to see.
So how should I configure my Google Analytics data and event retention settings?
Google Analytics now gives users five choices:
- 14 months
- 26 months
- 38 months
- 50 months
- Do not automatically expire
The easy answer is to configure your account to reflect your organization’s internal data retention policy. What’s that? You don’t have an internal data retention policy? You’re not alone. The good news is that there are plenty of great resources out there to help you form a data retention policy. The data you’ll need to consider is all personal information you collect while doing business. This includes information gathered on form fills, account logins and transactions. Depending on the size and complexity of your business, you may need legal counsel. I found this GDPR checklist from Forrester to be an excellent starting place. So if you don’t have an internal data retention policy to reference, you have several options. If you’re a US-based business only doing business with US customers, you can select “do not automatically expire.” This is an easy solution until the US adopts similar policies to the EU.
Get the full Oneupweb GDPR presentation
But Every Organization Is Different
Hopefully, this article helped calm some fears about disappearing data. But every organization is different. While most marketers won’t miss some of their historic user-level and event-level data, some advanced marketers may find that information to be extremely valuable. Wondering where else you could be collecting user data? Check out Angela Petteys’ GDPR article on Moz. It’s very comprehensive.
You can also get all the nitty gritty details at the GDPR info site.