Thank you for subscribing!

It's great to feel loved.

One Important Thing You Can Do Now Before the Arrival of GDPR

With GDPR coming into force on May 25, there are quick ways to check whether your Analytics is potentially storing personal information.

If you are using Google Analytics, there’s a big chance you are storing Personally Identifiable Information (PII) in your company’s analytical data.

Although Google Analytics prohibits sending any PII to Analytics such as names, social security numbers, email addresses, or any similar data, there are still many cases when these terms are (often unknowingly) defied.

A painfully often example is when client’s email address is being saved in URLs because at some point password reset was incorrectly set up by your dev department (or that freelancer you got over at Fiverr).

The consequences of noncompliance can get pretty serious - from the removal of your analytics data to getting on Google’s blacklist and the ban on your account.

If you have ignored it until now, today is the right time to start thinking about it.

Why?

Four letters - GDPR.

GDPR.. what??

The General Data Protection Regulation (GDPR) is a new and complex data regulation that comes into force on May 25, 2018.

GDPR is due to set new high standards for companies that collect and store personal information on the citizens of European Union (EU).

Designed to protect and give me more power to protect personal data, it will require some major changes to how companies treat Personally identifiable information (PII) from both their customers and employees.

If you are based outside the EU, GDPR still applies to you if you serve European customers or have offices in the EU.

Non-compliance consequences are a bit more serious here too - from a $20M fine (or a fine equalling to 4% of company’s worldwide turnover) to a bankruptcy.

Good news is that May 25th is still a couple of months away. Organisational preparation, the change of contracts, cookie policy updates and even the appointment of Data Protection Officer - all need to be done, so your hands will definitely be full.

But before that, there are a few small steps you can take now to get a reality check with your Google Analytics data.

Let the checking begin!

There are some basic checks you can do now in your Google Analytics account in preparation for GDPR. By doing these simple searches you will be able to tell right away whether you are unknowingly sending PII data to Analytics.

You want to be looking for things like:

  • Full name (if not common)
  • Home address
  • Email address
  • Date of birth
  • Telephone number
  • Credit card numbers

There is an extensive list here that details various PII.

So, ready for some checks?

Behavior data

  1. Head to your Google Analytics account and select Behavior tab.
  2. Select Site Content / All Pages.
  3. In the filter field, just below the chart, enter @.
  4. Make sure you have selected a longer date range - last 6 months for example.

How to know if your website stores personal data?

Note what search results are returned. If they have URLs starting similarly to /forgot-password?email=name.surname@mailprovider.com, it’s a sign that you are already sending some PII data to Analytics.

Repeat the same steps but instead of @ use other PII indicators like First Name + Last Name of some of your subscribers or clients. You can get a lot of ideas for PIIs to use for a checkup from your CRM database.

After you’ve done with All Pages, head to Events / Top Events, and repeat the process.

Audience data

  1. In your GA account, go to Audience / User Explorer.
  2. Use Show rows to open as big the list as you can.
  3. Click the good old CTRL + F (CMD + F for Macs) and enter @.

How to find PII in your Google Analytics Audience data

Repeat the same steps for other PII touch points.

You will need to do the same steps for the following data:

  • Audience / Custom / Custom Variables
  • Audience / Custom / User Defined
  • Custom Dimensions

How to know if your Google Analytics account stored PII data

Acquisition data

  1. Now head to the acquisition section, to All Traffic / Source/Medium
  2. In the filter field, just below the chart, enter @.
  3. Repeat the search for other PIIs

How to look for PII data in your Google Analytics account

E-commerce data

Do the same process for the ecommerce data:

  1. Conversions / Ecommerce / Product Performance (note there are several tabs for the primary dimension - Product SKU, Product Category, Product Brand - make sure to check all of them)
  2. Conversions / Ecommerce / Sales Performance

How to look for PII in your GA Product data report

Don’t forget to take precautions

Yes, the checking requires manual work and your dedication. A lot of it.

And even when you find the issues, and get your dev team to fix them, it’s very likely that after an update to your website or an update release to your app, the problem crawls out again.

So it’s essential to have your analytics monitored 24/7. Ok, maybe not so drastically, but you need to have regular checks to make sure no PII data is being sent to Analytics.

It’s no surprise that a lot of experts suggest getting own Data Protection Officer to your teams to make sure that the new regulation is taken seriously.

Don’t wait till May 25, and start preparing today.

 

Giedre
Written By Giedre
whatagraph
How to Change Data Retention Settings in Google Analytics
Have you updated your Google analytics data retention settings to avoid data loss after the GDPR?
Good engagement rates are hard to find on social media. Most marketers understand that Facebook’s organic reach is all but gone. Twitter isn’t as effective as it was a few years ago. LinkedIn is still viable, but due to the changes LinkedIn made to Groups, it’s not as useful for driving engagement as it once was. Pinterest still works, but it’s not for everyone.
Read more...
Pam Neely
3 weeks ago 8 min read
Bing Ads has been thought of as a “second-tier” ppc platform for years. It might be time to change that designation – and to try Bing Ads yourself. See why here.
Read more...
Pam Neely
2 months ago 7 min read
The average piece of content gets only four social media shares. See how to easily do 100x better than that in just a couple of hours.
Read more...
Pam Neely
2 months ago 9 min read