Mustafa Yuksel
4 MINS - 30.03.2022

Google Analytics 4 & GDPR: what is changing?

With the sunsetting of Universal Analytics and the introduction of Google Analytics 4, you will need to take a second look at what you are doing and make sure to adapt your GDPR compliance strategy.

In this article, you’ll find out more about the importance of user privacy and how switching to GA4 will have an impact on how you apply GDPR. Let’s get into it!

Four reasons to use Google Analytics 4

If you are a marketer or a site manager, you’ll have a new range of benefits that can improve your activity and help you achieve your goals. If you don’t know what we are talking about, we’ve got a short list for you so you can get familiar with what GA4 can do for your business:

1. GA4 is future proof

Privacy laws, like GDPR, are limiting the oldest version of Google Analytics as it relies heavily on cookies. GA4 utilises a more adaptive approach to data measurement and has been built with a cookieless future in mind. GA4 includes modelling that allows it to fill in gaps and flesh out incomplete data, meaning that it won’t need to use cookies at all.

2. Machine learning provides customer insights

GA4 uses machine learning to give a wider picture of your customers’ behaviour. It can also highlight trends in your data, showing you which products are more demanded and what customer needs may be responsible for that increased interest.

3. GA4 offers cross-platform analysis

GA4 can quantify activity from both web and app interactions, allowing you to see the impact of your marketing strategies across many channels.

4. GA4 is customer-centric

Google Analytics uses Google signals and marketer-provided User ID’s to create a cohesive, customer-centric picture of how your customers interact with your business. You will be able to track the behaviour through every step of their relationship with your business, from the first moment they discover your products.

Why should I care about GDPR?

With the high increase of privacy concerns, you’ve probably heard about it everywhere. GDPR (The General Data Protection Regulation) is a European privacy law approved by the European Commission in April 2016. The GDPR regulates, amongst other things, how organisations may obtain, use, and store the personal data of EU residents.

As a user of Google Analytics, make sure you keep in mind the following about GDPR:

  • It enables EU citizens to have to decide on how their data is used
  • It imposes restrictions on how companies handle PII
  • Users have privacy rights by default; companies can store/use data only if the person consents to it
  • It includes user data rights (such as access and deletion)

GDPR focuses on the legal responsibility of website owners and operators to make sure that personal data is collected and processed lawfully. It’s also relevant to mention that a website outside of the EU is required to comply with this regulation if it collects data from users inside the EU.

How is the switch impacting your GDPR compliance?

There are some key areas where changes to GA4 will have an impact on how you apply GDPR. Let’s explore them together:

1. IP Anonymisation

 If you were using the older version of Google Analytics, you’ve probably seen that the whole user IP was collected by default. This was raising privacy issues, from a GDPR point of view, because an IP address is seen as an item of personally identifiable data. Things change a bit with GA4, as IP Anonymisation is enabled by default and cannot be switched off, which appears to be more GDPR friendly than before.

2. Data Storage

Compared to its predecessor, GA4 is significantly different in terms of how long data can be stored for. In the older version, you could choose a data retention period of up to 64 months. In GA4 you only have two options: 2 months or 14 months. This can be seen as a more GDPR-friendly move because you will be able to apply the data minimisation principle with ease. You may need to review your data retention policies and notices after making the switch.

3. Server Location

Google provides no choices regarding the location of the server that will be processing the data it collects from its website. This is problematic because, for example, under GDPR, sending personal data, such as analytics data from a website, to the US from the EEA or UK is considered a restricted transfer. Therefore with Google Analytics 4, you will need to ensure that you sign updated data processing agreements with Google, and store the signed documents. 

4. User Explorer – Deleting Individual Data

The next one is related to Google’s updated user explorer tool and it brings a much-needed feature for GDPR compliance.  We’re talking about the possibility to delete an individual user’s data. A great improvement compared to the previous GA which only allowed you to delete data within a set time range.


In the last period, user privacy has become a primary concern for all teams dealing with data. To address this challenge, Google launched the latest version of Google Analytics and introduced a new measurement approach that puts privacy in a more central role in analytics. As a result, you’ll be able to collect relevant data about your customer and drive the success you want for your business.

Braidr is here to support you in your new measurement journey. Get in touch with our team today. 

Enjoy the article?

Considering sharing with others

Want to join the future of data analysis and marketing interwoven technology? _

Contact us