In a nutshell GDPR stands for General Data Protection Regulation, driven by the EU its purpose is to understand how data is used, and who in fact owns that data especially into the relationship of sharing it with other websites by interacting with them.
The courts are quite clear over the issue, they are ruled that the individual that created the data is the owner, and not the websites that the data is held. The courts went further, and said the websites owners had a duty to periodically delete data on a regular basis, so the onus was not on the individuals to contact websites to delete their information.
A pertinent question arises from all this, who’s duty is it to delete customer information? This question does not arise for business in the U.S as the legislation is purely European.
If you are in a dilemma as to what your responsibilities you should take advice from a specialist digital marketing company such as Voova Digital, contact us today to discuss any such issues with one of our professional advisors.
How GDPR Affects You
Even though this issue does not really affect the U.S, Google is a global entity so it has been following the effects GDPR closely. The whole issue has the tag The Right to be Forgotten.
A couple of years ago, Google Analytics created the ability for website owners to be able to collect affinity and demographic data. For people who wanted to participate in this facility the analytics owner had to confirm online that their policies notified any visiting customers that their data may be used in Aggregate.
Google has now come to the conclusion that any businesses holding onto to such information puts them at real risk of violating the GDPR, especially if they are a European business.
To combat this risk Google has decided that all personal information must expire twenty six months after it was recorded. It does not include goal completions or sessions but applies to affinity information and demographic data.
At the moment Google has decided not to force the issue, and is giving an opportunity for owners to change the default from twenty six months to something else.
Does Any of This Affect You?
If you are based in the U.S and have no European customers then you can change the default back to Do Not Automatically Expire. You will have to do this manually do Google can identify it and record the action, basically it is Google passing the buck.
If you have European customers things are different, and really you need to take legal advice from a professional. And make sure that any such information is only recorded in Analytics.
It will not be long that GDPR or its equivalent will also be law in the U.S, this may take a little time but the issue of data control is not going to go away. Prepare now, and make certain key business decisions are not based on using such data.
May the 25th 2018 is the date for the proposed roll out of Google deleting information that is older than twenty six months.