Google Analytics and the GDPR: you need to know that
Related Videos: GDPR and Google Analytics - What do you need to change? (May 2024).
A lot has changed since the GDPR came into force. However, it is still possible to monitor surfing behavior on your own website via Google Analytics - as long as you adhere to some guidelines. By CHIP expert Florian Kolbe
GDPR and data protection: What you should consider with Google Analytics
The Google analysis tool is often heavily criticized by data protection experts.
- Because the tracking behavior not only records how long a visitor stays on a website and which pages he is particularly busy with. It also offers the opportunity to find out where the user comes from.
- This data is very valuable and important for online marketing and search engine optimization. SEO agencies such as the Online Solutions Group use the data from Google Analytics to identify and implement optimization potential.
- The data also provide important insights for bloggers and hobby webmasters, for example about frequently viewed content.
- Data protectors, on the other hand, argue with the voluntariness that such measures should allow: The user should be able to decide whether his whereabouts and other data are recorded.
- That is why data protection declarations were always accompanied by a reference to Google Analytics. In addition, users were often informed about the use of cookies and the associated collection of data.
- However, it was often not possible to object to the data collection.
- The regulations of the EU General Data Protection Regulation (GDPR) now go much further. Nevertheless, it is possible to make a website legally and reminder-safe using Google's analysis tool. In the following you will find out what measures are necessary for this.
Anonymization of the IP address: important for Google Analytics?
The IP address of a computer or a mobile device, such as a smartphone, is suitable for precisely identifying a user and clearly tracing it back. Here, the data protection officers of the European Union put a clear stop.
- The IP address of the users of your website must be anonymized professionally.
- You can do this by simply adding the relevant information in the Google Analytics tracking code.
- The relevant command is ga ('set', 'anonymizeIP', true); and will be added to the tracking code.
- In addition, the tracking ID of your own computer must be entered in the form.
GDPR: contract for order data processing
The contract for order data processing is also mandatory for a company's website.
- Sign this and send it to Google’s European office in Ireland.
- You will receive your copy of the contract approximately 14 days later, which you should keep in order to be able to show you in case of an emergency. This also applies not only to Google Analytics, but also to the use of products from other service providers.
- These measures are suitable to comply with the EU General Data Protection Regulation. So you can certainly combine data protection with tracking tools, even if you are given other information elsewhere.
Revise data retention settings
The EU data protection regulation also clearly states how long users' data can be stored at all.
- Settings in data storage with Google Analytics help you not to exceed these storage periods.
- If you are unsure of what data can be kept and for how long, ask a data protection expert.
- The settings can be found under the "Administration" tab in "Traffic information" in the property settings.
Adjust privacy policy
The data protection declaration on the website is mandatory. It has always had to be stated there that Google Analytics is used.
- Now, however, the General Data Protection Regulation also requires comprehensive information for users.
- Visitors to your website must be informed of what data is collected and what it is used for.
- In this context, it is also important for you to know that data from customers and interested parties may only be collected to the extent necessary. This means, for example, that the newsletter does not justify to the customer that you ask for his postal address or telephone number.
- You have to consider all of this since the introduction of the GDPR in order to act legally.
Keep an eye on Google Maps
Google Maps is often integrated into a website to make it easier for customers and prospects to get to a company.
- This must now also be clearly stated by the operators of a website, which must also find its place in the data protection declaration.
- This is usually also implemented by a company's data protection officer.
- If you do not have to fill this position in the company, you will need a data protection professional who understands his craft due to the complexity of the new regulations.
About the author
Florian Kolbe works at Online Solutions Group as an online marketing manager. For him, dealing with SEO, SEA and the corresponding tools is part of everyday work.