Again I think it is a case of ask 10 people and get 10 different answers!
Google claims to be a member of something called EU-US Privacy Shield:
https://support.google.com/analytics/answer/7105316?hl=en
Some are of the opinion this means Analytics is compliant with GDPL. But I honestly have not been able to find much concrete proof of this. Delving deeper, it reads like EU-US Privacy Shield is a self-regulatory body. That makes me think it might fall short of GDPL requirements?
I’ve been putting Google Analytics code inside CookieManager and setting that as a Partial across all pages of my websites. Then the tracking code only works if people opt-in to cookies and tracking. Nearly everyone does opt-in, but for those who choose not to, Google can’t see them. It probably will skew your site data slightly, but no more than someone arriving at your website via a VPN / Tor Browser type configuration.
I’d say that if you are not routinely looking at your analytics data and actively using it to monitor campaigns, then there is probably little point having it installed. The days of boasting how many “hits” your website has had are largely over; in this era with so much automated traffic and bots etc. It’s the quality of traffic that matters more nowadays. And giving users a really good website experience.
Piwik / Matamo are great solutions if you want to do all your website usage tracking ‘in house’ and never relay data onto a third party. Definitely a more ethical approach towards analytics. Some hosting companies (shameless plug for Chillidog hosting again) have 1-click installs available in the CPanel. I am giving serious consideration towards switching from Google Analytics to Matamo. I really hate the new user interface Google Analytics are rolling out - it is terrible for trying to view basic information and is painfully slow. My clients dislike it too.