GDPR
The General Data Protection Regulation - a comprehensive EU privacy law that governs how organizations collect, process, and store personal data of EU residents.
Also known as: General Data Protection Regulation
Why It Matters
GDPR applies to any organization that processes data of EU residents, regardless of where the company is based. Non-compliance can result in fines up to 4% of global annual revenue or 20 million euros, whichever is higher.
For analytics teams, GDPR means you need a lawful basis for tracking (typically consent), must honor data access and deletion requests, and cannot retain personal data indefinitely. It fundamentally changed how digital analytics operates.
How to Track in KISSmetrics
Configure KISSmetrics to respect GDPR requirements: implement consent-based tracking initialization, set up data retention policies, and use the API to handle data deletion requests. Track which users have given consent to understand your measurable audience.
Common Mistakes
- -Assuming GDPR only applies to EU-based companies
- -Treating IP addresses and device IDs as non-personal data - they are personal data under GDPR
- -Not documenting your lawful basis for each type of data processing
- -Ignoring data subject access requests or responding too slowly (30-day deadline)
Pro Tips
- +Audit all your analytics tools for GDPR compliance - every tool in your stack needs to comply
- +Use first-party data strategies to reduce dependence on third-party cookies affected by privacy regulations
- +Document your data processing activities in a Record of Processing Activities (ROPA)
Related Terms
CCPA
The California Consumer Privacy Act - a state privacy law giving California residents rights over their personal data including the right to know, delete, and opt out of sale of their information.
Consent Management
The process of collecting, storing, and honoring user preferences about how their personal data is collected and used, typically through cookie banners and preference centers.
Data Minimization
The privacy principle of collecting only the personal data that is strictly necessary for a specific, stated purpose - no more, no less.
Anonymization
The irreversible process of transforming personal data so that it can no longer be used to identify an individual, even when combined with other data sources.
See GDPR in action
KISSmetrics tracks every user across sessions and devices so you can measure what matters. Start free - no credit card required.