The European Union has refined its data storage regulations, pushing for stronger consumer-oriented regulations focused on protecting online users privacy rights. The latest set of regulations, General Data Protection Regulation (GDPR), is set to come into effect on May 25, 2018. The regulation is based on the fundamental idea that every citizen of the EU has a set of rights when referring to data collection. By creating more robust data collection and storage laws, the EU is better safeguarding the privacy of online users.
The information that is not to be collected under the new GDPR includes all information that has the potential to be uniquely identifying. This includes a user’s IP address, email address, home address, date of birth, financial information, transaction histories, and medical records. This new legislation also protects any user-generated data such as social media posts and personal images uploaded online.
Google’s Implemented Data Retention Policy
Being a data controller, Google is responsible for handling personal information. If you are using a Google product to track the on-site action of users in order to serve personalized advertisements, you must now acquire user consent prior to taking action. Google has implemented a new tiered setting called Data Retention. This setting allows a specific retention period to be selected. User and Event Data will expire after 26 months but some may play it safe by easily adjusting the setting to retain the data for a longer period or set to never automatically expire. In addition, Google is launching a new tool that can help erase a specific users information upon request.
The GDPR protects all personal user data across every conceivable online platform. Effecting any company that is to market to people in the EU, or do business directly. Users must express permission before any company can process or store their data through a clear and easily understood opt-in process. Currently, the majority of advertisers are not using methods that would be affected by the new regulations but will need to continue to monitor the use and storage of this data.
What Does Google’s GDPR Policy Mean for U.S. Small Businesses?
So far, this policy update looks like it will have minimal impact on businesses operating outside of the European Union. For clients doing business solely in the U.S., we’re currently recommending they set their Google Analytics event data to be retained indefinitely. However, each business is unique and should take time to educate themselves on the implications of the new regulation.