The password to view the video is : GAtheHardWaySession4
The password to view the video is : GAtheHardWaySession4
The password to view the video is : GATHWSession3
The password to view the video is : GAtheHardWay2
The password to view the video is : G4PTechSession1a
The password to view the video is : GATHWsession1
DISCLAIMER: I am not a lawyer, this post is focused on Google Analytics and GDPR, and this advice should not be taken as a complete set of instructions on how to comply with the General Data Protection Regulation.
Long post: Skip to what you want below
The General Data Protection Regulation is a new set of rules around the collection and storage of personal information – names, email addresses, payment information – of European citizens. It comes into effect on May 25, 2018. If your organization is communicating with supporters in Europe, it’s likely that someone is already working on compliance in your organization.
Here’s a good introduction to GDPR for charities from The Guardian
Google Analytic’s terms of service prohibits you from collecting personal information – emails, names, zip codes, – in Google Analytics. You can collect them from forms on your website, just make sure none of that information makes it’s way into your Google Analytics account.
If the law regulates the collection of personal information, and Google Analytics doesn’t collect personal information, why do you need to do anything to comply with GDPR?
The new regulations define “personal information” to include cookies and other information like IP addresses, user and transaction IDs when they can be used in conjunction with other information to identify a user.
This is referred to as “pseudonymous information” Here’s an example: used alone, I can’t tell from your Google Analytics Client ID that your name is Willem and you live at 646 Hooiblokstraat in the Netherlands.
But if you fill in a form that sends that information to a database at certain date and time, I can technically cross reference that personal information with the Audience > User Explorer report in Google Analytics and find out how you, Willem, have browsed our website in the past. Google Analytics is not collecting information I can trace to you, Willem, but it can be used in conjunction with other data to build a profile of you. Voorzichtigheid, of course.
Collecting any personally identifiable information in Google Analytics is against the terms of service, and Google Analytics can shut your account if you break this agreement. That said, your technical platform may be sending personal information to Google Analytics without you knowing it.
This most often happens when users submit their information in a form – for example when subscribing to an email list. The email is included in the URL or title of the confirmation page, and Google Analytics stores it in the Page dimension.
Here’s a quick check to see if you are doing this: In Google Analytics go to Behavior > Site Content and in the search field enter the @ symbol. If you are recording email addresses in URLs and passing them to Google Analytics, you will see them here.
To fix this particular instance, we stopped Google Analytics from recording the “Email” parameter in page URLs by clicking on the Google Analytics Admin (“gear” icon) > View Settings > Exclude URL Query Parameters and entered Email
This is the most common way that personal information gets into your Google Analytics account – I see it all the time with particular platforms that are set up to include email addresses in URLs.
Other possibilities for coll are when a Custom Dimension is set with personal information – though this wouldn’t be by accident, a developer would have intentionally set up that form functionality.
My sense is that inadvertent storage of personal information in Google Analytics something that Google is going to be much more vigilant about, and start enforcing more proactively.
The cookies used by Google Analytics to create Adwords remarketing lists and demographic reports are referred to as ‘Advertising Features’, and are considered personal data by the new regulations.
If you are NOT using these features, you can simply disable them from Admin > Property Settings > Tracking Info > Data Collection.
If you are using Adwords remarketing campaigns, demographics reports or other ‘Advertising Features’ and want to continue to use these features, go to step 4 below.
Internet Protocol addresses may be considered ‘personal information’ by the new regulations, and Google Analytics can be set to ‘anonymize’ this information. A change to the Google Analytics tracking code is required, see two options below. Note that this change will slightly affect the accuracy of the geographical information collected in Google Analytics.
If you are using Google Tag Manager, set the ‘Anonymize IP’ option in your Google Analytics Settings variable as shown.
If your Google Analytics tracking code is included in the code of your site, add the following line to the Google Analytics tracking code: ga(‘set’, ‘anonymizeIp’, true);
More instructions are here: https://developers.google.com/analytics/devguides/collection/analyticsjs/field-reference#anonymizeIp
and here: https://support.google.com/analytics/answer/2763052?hl=en
If your organization is collecting personal information online from an international audience, your organization should already be preparing for GDPR compliance. People in your org have been hard at work cataloguing the information they collect, who stores it and why, and updating privacy and opt-in policies.
If you are using Google Analytics ‘Advertising Features’ such as Adwords remarketing, make sure that the group preparing for these regulations knows that Google is collecting some information that will be regulated under the GDPR.
Your organization will need to get informed consent from European users, letting users know in detail what information is being collected, what it will be used for and how long it will be retained. They must actively opt-in for you to track them with “Advertising Features” in Google Analytics. You will also need to be able to delete their data upon request. Google has assured us that they will have this ‘data deletion’ functionality in place in time for GDPR Day, May 25th 2018.
If your organization collects emails and other personal data from European supporters and don’t have anyone working on GDPR compliance, tell senior management that the regulations go into effect on May 25th and it would be wise to be prepared. My advice: don’t volunteer to lead this project, pick another hill.
Facebook Insights is a really powerful tool for showing you the impact of your Facebook marketing. It’s like Google Analytics for your Facebook page.
Like Analytics, Facebook Insights can be a bit overwhelming. My colleague John Haydon has posted a helpful guide you can use to help you quickly understand what’s working and what’s not with your Facebook marketing. More
Remarketing has been referred to as “following people around the internet” : after visiting your site, visitors begin to see your ads on other websites.
For example, you may want to show ads to people who have come to your website and visited your donation page, but did not end up donating. More