>your shopping habits are being shared against your wishes with a random third party (the external company bookkeeper).
GDPR requires data sharing to be done for a defined purpose.
The purpose of sharing data with an external company bookkeeper for bookkeeping is not remotely connected to any purpose an analytics service fulfills. So while the shared data is capable of the same insights, it's explicitly illegal for it to be processed that way without a defined purpose (which is it's own can of worms).
>entirely anonymous browsing data
It's never entirely anonymous, because how useful data is, is inversely related to how anonymous it is.
ergo it would only be truly anonymous if it was truly useless.
It's still legal to ask your bookkeeper to go through the books and give you a list of your 10 best selling products broken down by season (given you have all the right paperwork in place with them etc. but no consent of the customers needed).
Well, it's not necessary to process any personal data in order to calculate that.
Can you ask your bookkeeper to tell you the top 3 best selling products for your top 5 customers without declaring that the purpose of the data transfer to the external bookkeeper is also to run sales analytics?
It is necessary to process personal information for that purpose. That's what the sales records are.
> top 5 customers
You probably have to declare that the data is processed for that purpose in general terms but I don't see why consent would be necessary. Anyway, this analytics service claims it doesn't do this kind of analysis.
Obviously it depends on the system involved, but there should be no need to touch any column containing personally identifying information in order to calculate aggregate sales statistics for each of your products.
GDPR requires data sharing to be done for a defined purpose.
The purpose of sharing data with an external company bookkeeper for bookkeeping is not remotely connected to any purpose an analytics service fulfills. So while the shared data is capable of the same insights, it's explicitly illegal for it to be processed that way without a defined purpose (which is it's own can of worms).
>entirely anonymous browsing data
It's never entirely anonymous, because how useful data is, is inversely related to how anonymous it is.
ergo it would only be truly anonymous if it was truly useless.