The brave new world of European data protection laws mean that web analytics will not be a ‘GDPR-free’ zone. So I thought I’d note here what I expect to change (and remain the same) after 25 May.

I’m willing to bet that this isn’t the first thing you’ve read (from me!) about GDPR, so I won’t spend too long on the fundamentals: suffice to say that it will change how we think about collecting and storing personal data.

Privacy notice and consent GDPR compliance guidance – Website Support wiki (EASE login required)

Opting out of Google Analytics

One key item of interest to us when it comes to Google Analytics is that the GDPR specifies that IP Address (your internet location) will count as personal data. One way around this could be to anonymise the IP address before sending to Google:

Google advice on anonymising ip addresses in analytics

However, in the central website, we’ve chosen not to do this. We run a variety of analytics tools (Google Analytics; crazy egg; other scripts where desired), so it made sense for us to allow individual visitors to opt out of these in one go. We cannot interrogate the IP address in our analytics, so I hope it isn’t something for our visitors to distrust.

It was always possible to opt-out of Google Analytics through technical means. What we’re going to install on the central site, in accordance with GDPR rules, is an easy way for users to do this on our property alone. I don’t know what impact that will have on our analytics numbers: there’s no way to quantify how many of our users will do this, so it will certainly be a challenge for year-on-year comparisons.

Google Analytics opt-out browser add-on

Four year data retention period for segmented data

From May 25 (“GDPR Day” – it’ll live long in our hearts!), Google will introduce new retention policies for data that goes beyond ‘standard reporting’ – including anything analysed using a segment. This is fundamental to how central analytics operates at The University of Edinburgh. As a result, we’re going to set this retention period to 50 months (just over four years). While I suspect that individual website data older than this really doesn’t hold validity when considering the current state of our site (I’d hope your site has changed quite a bit in four years….) this time period will allow us to review longer term trends of site usage.

All non-segmented (that is, aggregated data) will be retained.

Krista Seiden produced an excellent blog on exactly what these changes will mean. You should read this if you’re considering the retention period for your own analytics property:

Krista Seiden – New Data Retention Policies in Google Analytics

Identifying trends

As I mentioned above, it’s going to be difficult to compare the before and after of the ‘GDPR-big-bang’, but we’ll continue to analyse what impact it has. If your research/analysis indicates something interesting, please do get in touch.