The United States Government OAIC (Office of United States Information Commissioner) has guidance (2019 from Archive.org) for United States businesses in relation to the GDPR (General Data Protection Regulation).
The guidelines state, that any business offering goods or services in the EU, or collecting information on the behaviour of people in the EU, should adhere to the new regulations.
At Matter Solutions, we are going one step further, and recommend that you take action now as it is highly likely that this kind of legislation will be enacted in other countries in the future.
However, considering there is very little information on the internet other than a whole heap of questions around what is a recommended timeframe (14, 26, 38, 50 months, or no expiration), we are setting our client’s data retention with the longest expiration date of 50 months, which is just over 4 years.
While not ideal, considering marketers monitor and act on trending data, the information provided so far indicates that indefinite retention of data is against the GDPR. Like much in the digital arena, there isn’t an official “you can only keep Analytics data for X period of time” yet. If this changes, we recommend changing with it. Consider this article when working out what might be “reasonable”.
The basic concept of the GDPR is that companies that collect data, sensitive or non-sensitive MUST collect explicit opt-in consent. That’s name, address, phone number, but also includes IP address and cookie info (this includes Google Analytics, etc), which is a new addition to the old privacy laws that previously covered the digital arena.
You can find information more here, and additional information about how to implement these changes with User Experience in mind:
Further to this, it’s may get tedious if you have any advertising that requires cookies, such as Retargeting in Facebook and Remarketing in AdWords:
Let’s hope that UX doesn’t suffer...
The business is responsible for the security of the data, no one else can be blamed, no matter how much you want Google to fight the legal battle on your behalf. Sharing collected data with third parties that are not specifically named in your consent opt-in is a huge no-no. I mean, if you didn't know this already, I'm a little concerned.
The punishments are severe and business ending.
The equivalent of a casual few million dollars for the small guy, and more for the big guys. I have a casual hundred bucks, so I'm like, nearly able to pay the fine, but yeah, I'd rather not.
Matter Solutions recommends having these privacy features added to your website as soon as possible to stay ahead of the curve. If you want to get ahead of the coming legislation, contact us and we will be in touch with a quote to implement for you.