The other day, Google emailed their Google Analytics customers with a long email about GDPR and data retention controls. They told their customers that they need to "review these data retention settings and modify as needed" before May 25th when GDPR becomes enforced. This is part of Google putting the requirement on others and not themselves.
The cool thing is that Google is giving these folks the necessary tools but most these people have no idea what any of this means.
The email said:
Today we introduced granular data retention controls that allow you to manage how long your user and event data is held on our servers. Starting May 25, 2018, user and event data will be retained according to these settings; Google Analytics will automatically delete user and event data that is older than the retention period you select. Note that these settings will not affect reports based on aggregated data.Action: Please review these data retention settings and modify as needed. Before May 25, we will also introduce a new user deletion tool that allows you to manage the deletion of all data associated with an individual user (e.g. site visitor) from your Google Analytics and/or Analytics 360 properties. This new automated tool will work based on any of the common identifiers sent to Analytics Client ID (i.e. standard Google Analytics first party cookie), User ID (if enabled), or App Instance ID (if using Google Analytics for Firebase). Details will be available on our Developers site shortly.
The tool is available under the admin property controls. Here is a screen shot:
Google is letting their customers control this data, which is very cool!
Here is the email they sent their users:
The folks at Martech Today put together a nice GDPR guide and section, if you need to catch up on what is going on around GDRP.
Forum discussion at WebmasterWorld.
