Conducting a General Google Analytics Audit (GA4)

November 15, 2022
5:00 min read
Conducting a General Google Analytics Audit (GA4)
resource hero

General GA4 Audit (Google Analytics 4):

Purpose: To ensure that the implementation of the new version of Google Analytics (GA4) is correct for general data capture and complies with data privacy rules.

This is not intended to provide a roadmap for marketing performance measurement (contact us if that is what you are looking for), but is designed to be used as a quick checklist to ensure accurate data flow.

1. Review GA4 for GDPR Consent Features:

Did you know that Google Analytics is not technically compliant with GDPR?

Google Analytics uses cookies. The lifespan of these cookies can range from 30 seconds (e.g. the _gat cookie) to 2 years (e.g. the _ga cookie).

Compliance with GDPR requires that users provide explicit consent before Google can collect any personal data with these cookies. GDPR does allow for the use of necessary cookies that are required for website functionality. 

85% of the cookies set by Google Analytics fall under the GDPR’s requirement for explicit consent.

That’s because Google Analytics cookies collect information that can be used to identify an individual, sometimes directly, sometimes indirectly, in combination with other data. The noncompliance and subsequent ban by certain European countries is due to the transfer of personal data to third parties and locations outside the US and the difficulty users face in withdrawing consent, or requesting records of their personal data.

So how do you ensure that your data is compliant? The best way is to use Google Tag Manager to enable “Consent Mode”, which adjusts the cookie storage behavior based on the user’s consent choice. Ensure that this is utilized. For more information on GA4 and GDPR [link to blog]

2. Standardize on a Single GA4 Implementation Method

There are many different ways to implement GA4. To ensure that data flows freely, it is best to standardize on one method, for example: directly in the code; using Google Tag Manager (GTM); via your CMS (the platform your website is built on); or using a GA plugin.

We recommend the use of Google Tag Manager (GTM), as it provides precise data flow and an efficient method for managing tags.

3. Review Settings:

Google Signals. Google Signals provides enhanced data from people who are signed into their Google account such as:

Cross-device data from all devices logged into the Google account.


**See note about GA4 and GDPR. Check your governing data privacy law and policy before implementing this.

Data Settings/DataCollection.
Property Timezone. Ensure correct timezone is selected for accurate reporting.
Property Settings.
Data Retention. Set Data retention period (the default is two months. After that period you will only have access to aggregated reports). Extend this as long as is allowed under your governing data protection laws. Property Settings.
Data Streams. Ensure that the right data stream is set-up. There is the option of up to 50 data streams within one property and up to 30 app streams. Property Settings/Data Streams.

Attribution Model. Establish the Reporting Attribution Model most suitable for your business type. Currently there are 3 different models available in GA4 - cross-channel rules-based models, an Ads-preferred rules-based model, and data-driven attribution. Set the longest possible lookback window. Select a default model, Google recommends the data-driven one. Any change will be applied to historical and future data.
Attribution Settings.
Campaign Tagging (UTM). Campaign Tagging (UTM): strategically think how to best approach it to provide the required data. Integrate with GTM to track defined KPIs and mark them as a conversion (set up as events). Workspace/Tags.

Error Page Tracking. Set up Error Page Tracking in GTM, then use automated tracking features in GA4. Workspace/Tags.
Enhanced Measurement. Enable Enhanced Measurement to track interactions
IMPORTANT - ensure that no personally identifiable information is collected.
Data Streams/Web.
User permissions. Review user permissions to ensure each person has appropriate access/restrictions. Remove any users that no longer need it. Keeping a record of users with access is also important for data protection monitoring. Admin/AccountAccessManagement.
Filters. Set up Filters to better manage data. There are currently two options: “internal traffic” and “developed traffic”. Filter out “internal traffic” to see a true representation of your audience. Data Settings/Data Filters.
Unwanted Referrals. Exclude Unwanted Referrals to help keep your data clean. Data Streams/More Tagging Options/List unwanted Referrals.
Session Timeout.
Configure session timeout setting, the default is 30 mins, but you can change it according to your needs. Admin/Data Streams/Web/Click/Configure tag Settings/ShowAll/Adjust session timeout.
Custom Dimensions & metrics. Set Up Custom Dimensions and Custom Metrics to extract information from events tracking if any. Admin/Configure.
Reporting Identify. Establish Default Reporting Identity: There are two options “By User ID and device” and “By device only”.
This determines how GA4 associates events with people. It has a direct impact on your reports.
Admin/Reporting Identity.
Conversion Tracking. Verify Conversion Tracking. Admin/ Events/ Mark as conversion.
E-Commerce. Implement E-Commerce Tracking if you are selling consumables or reagents for example directly on your site. Ensure that transactions are being captured correctly. We recommend to implement via GTM so that products, transactions, etc are mapped correctly. GTM.
Set Industry Category helps align benchmarking data. Property/Industry.

Review Integrations and Interoperability

  • BigQuery
  • Digital Ads platforms
  • Google Search Console

Looking to implement marketing performance measurement? We can talk you through what you need to consider.