GDPR – Are You In Compliance?

December 5, 2019

General Data Protection Regulation (GDPR) officially went into effect on May 25, 2018, and with the new California Consumer Privacy Act (CCPA) going into effect  January of 2020, data governance remains extremely important for marketers and advertisers that rely on data for marketing insights.  

As we have said before, it’s never a good idea to simply assume that your business is in compliance. In fact, we encourage you to evaluate your compliance on a continual basis because it can actually impact your annual revenue by 4%. Google, for example, takes specific steps to remain compliant with both GDPR and other new data privacy laws as they are created, (such as CCPA). In order to keep your business in line with privacy regulations, we highly suggest that you use the guidelines created by and followed by Google for your own organization. Use the tips below to form a reliable benchmark in data-governance for your business: 

Implement updates, such as data retention controls, and the deletion tool. Data retention controls allow you to manage how long your user and event data are held on Google servers. As of May 25, 2018, Google Analytics automatically deletes user and event data that is older than the retention period you select. Note that these settings do not affect reports based on aggregated data. 

Make sure you also utilize the user deletion tool and manage the deletion of all data associated with an individual user (e.g., site visitor) from your Google Analytics 360 properties. The automated tool runs based on the common identifiers sent to the Analytics Client ID (i.e., standard Google Analytics first-party cookie), User ID (if enabled), or App Instance ID (if using Google Analytics for Firebase).

Follow the Google Developers Site for additional updates. Make sure you can delete user data in your own systems.

 Understand contract changes and how they impact your data-governance:

Google updates contractual terms for their products, in order to reflect their status as a data processor or a data controller under the GDPR (see the full document of Google Ads Data Protection Terms here). GDPR terms should supplement your current Google contract.

NOTE: In both Google Analytics and Google Analytics 360, Google operates as a processor of personal data.

For all Google Analytics 360 customers and Google Analytics customers based outside the EEA, updated data processing terms are always available for review in your account (Admin ➝ Account Settings).

Google’s EU User Consent Policy reflects the legal requirements of GDPR. It outlines everything you need to disclose and also outlines how to obtain consent from end-users of your sites and apps in the EEA.

Always consult your legal department for confirmation whether your business is in compliance with GDPR while using Google Analytics and Google Analytics 360. Make sure to review any updated data processing terms and define your path for compliance with the EU User Consent Policy.

Need a quick overview of everything we covered in this post? Check out our reference guide below:

Staying ahead of the curb on new data privacy laws, and understanding how they affect your digital marketing efforts is an integral part of any digital marketing strategy. 

Learn more about how our award-winning team of data experts leverages Google Marketing Platform and Google Cloud Platform to develop smarter data-driven insights while maintaining best practices in the GDPR and CCPA era. 

Ready to take your ads, and your business, to the next level? Get in touch with the DELVE team today.

Related Insights

DELVE Promotes COO Anton Lipkanou to President

BOULDER, Colo., September 24, 2021 — DELVE, the measurement-first advertising consultancy that empowers marketers with the intelligence of their own data, announced today that it has promoted COO Anton Lipkanou to President. In this newly-created role, Lipkanou will focus on assessing opportunities to improve processes, ensure a healthy P&L, and work with key leaders to set them up for success.  “Anton’s journey embodies DELVE’s culture of continuous learning and personal development,” said...

Read Article

September 24, 2021 |

Google Did Brands a Favor by Cutting Off Cookies

The transition to an internet without cookies will be rocky, but it will ultimately benefit all parties — including, yes, even brands. Executive Summary For years brands have relied upon third-party data to drive their marketing, although first-party data provides deeper customer insights for personalizing ads and orchestrating next best product offers. Google’s decision to discontinue support for third-party cookies doesn’t create a problem for brand advertisers -- it actually solves a problem...

Read Article

September 16, 2021 |

Why Amazon DSP is the Best-Kept Secret in Programmatic Advertising

Intent data helps advertisers achieve big gains in return on ad spend By Kiana Nemoto | Managing Director of AdTech Platforms, DELVE In the past few years, Amazon has built an advertising business powerful enough to contend with Facebook and Google. Amazon’s share of the U.S. digital ad market grew to more than 10% in 2020, making it the third-largest digital ad publisher in the country—and Amazon isn’t even a media company.  The vast majority (about 90%) of that advertising revenue is for ads...

Read Article

September 9, 2021 |
view more insights