Are you looking for a way to make your website GDPR compliant?
On May 25, 2018, the European Union implemented the General Data Protection Regulation (GDPR). The new rule sets out requirements for handling user data. And failure to comply with GDPR would result in penalties up to €20 million or 4% of annual revenues.
In this article, we’ll explain the impact of GDPR and Google Analytics. Not only that, but we’ll also show you how to make your WordPress site compliant using ExactMetrics.
Let’s begin with a brief introduction of GDPR…
What is GDPR & How Does It Affect Your Site?
GDPR, short for General Data Protection Regulation, is a privacy regulation that oversees how companies, websites, internet providers, and other web-based services collect, manage, and use user information.
So, why was this rule launched?
European Union introduced the law to safeguard the privacy of EU citizens. If your website requests for information from your visitors or tracks their data, then you’d have to take user consent before you can collect and process the data.
To give you an idea of how GDPR can affect your WordPress site, we’ve highlighted some important points from the 200-page long legal document. Here’s what you should know:
- It’s important to get permission from users for gathering information and using it for the desired purpose
- If you decide to use the same data for another purpose, then you’ll have to retake user’s permission
- Users have the right to deny any information they don’t wish to give and remain anonymous
- They also have the right to see what information is taken by the company about them
- Users can also revoke permission at any point and can wish to have their data removed
- This means you’ll have to remove their information from your database and from any other source you’ve shared their data with
- According to GDPR, you would have to specify the time period for which you’ll be storing your user’s data
These were some pointers from GDPR that you’ll have to consider for your website. However, we do recommend consulting with your legal advisor or attorney to ensure your site fully complies with the law. Please see our legal disclaimer at the end.
Now, let’s find out how does GDPR affects Google Analytics?
GDPR and Google Analytics – What’s the Impact on Tracking?
Google Analytics is one of the most popular analytics tools out there and if you have a website, then chances are you’ll have it set up to track your user’s behavior.
So, how does Google Analytics tracking apply to GDPR?
Google Analytics tracks visitors by assigning a unique UserID. It also records IP addresses, age, gender, and other demographic information using cookies.
As this data is handled by Google, they are the data processors in this situation. But since the visitor arrived on your website, you’ll be the data controller in this relationship.
What this means is that you’ll need user’s GDPR consent to record the data and track their personal information.
But compliance with GDPR can be time-consuming and confusing. So how do you make Google Analytics GDPR compliant?
How to Make Google Analytics GDPR Compliant?
In order to ensure that Google Analytics is GDPR compliant, you can use ExactMetrics. It’s one of the best WordPress plugins for Google Analytics.
The plugin offers an EU Compliance Addon, which automates a lot of processes that are needed to comply with GDPR. With a click of a button, your website can meet GDPR requirements, while you can focus on running your website.
Here are some of the automated configuration changes you can implement using ExactMetrics:
- Anonymize IP addresses on Google Analytics hits, eCommerce hits, and form hits automatically
- Automatically disable interest and demographic reports for remarketing and advertising tracking (Google Ads) in Google Analytics
- Automatically disable UserID tracking on Google Analytics
- Automatically disable UserID dimensions for Custom Dimensions addon
- Enable ga() compatibility mode automatically
- Disable author tracking in the Custom Dimensions addon
- Automatic integration with Google Analytics consent plugins like Cookie Notice and CookieBot
- Waits for AMP addon users to agree with Google AMP Consent Box before tracking them
How to Set Up ExactMetrics EU Compliance Addon
Now that you know how ExactMetrics can help you with Google Analytics GDPR compliance, let’s take a look at the steps for using the addon.
By following these steps, you can ensure that your WordPress website meets GDPR requirements.
Step 1: Install ExactMetrics WordPress Plugin
The first step is to install ExactMetrics plugin on your WordPress website. And to do that, go to Plugins from your WordPress dashboard and click Add New.
Now search ExactMetrics. You’ll see Google Analytics Dashboard for WP by ExactMetrics, go ahead and install and activate the plugin.
Step 2: Activate ExactMetrics EU Compliance Addon
After installing the plugin, it should appear in your WordPress dashboard menu. To get hold of EU Compliance Addon, go to ExactMetrics » Addons. Then navigate to EU Compliance and click Activate.
Do note, you’ll need an ExactMetrics license plan to access the addon.
Step 3: Configure EU Compliance Addon Settings
The next step is to configure your ExactMetrics EU Compliance addon settings. You can access them by going to ExactMetrics » Settings » Engagement.
Click Enable EU Compliance to use the addons. You can scroll down to a change different settings for GDPR compliance.
Step 4: Change Google Analytics Settings
In addition to setting up ExactMetrics and its addon, you’ll also have to make changes to Google Analytics for complying with GDPR requirements.
To edit the changes, open your Google Analytics account and then click on Admin (the Gear icon) on the bottom left of the page.
Now select Property Settings and then go to Tracking Info. From the menu, click on Data Retention. You can select the time period you want to retain the data (14 months, 26 months, 38 months, or 50 months).
You can also select Do not automatically expire, which means that Google Analytics will retain all your data. Once you’re satisfied with the settings, click Save.
There are more options you can change in Google Analytics like enable or disable Demographics and Interest Reports, collect data for Remarketing and Advertising, and more. You can go through our guide on Google Analytics account settings for EU Compliance for more information.
Step 5: Offer an Opt-Out Option and Consent Checkbox
As per GDPR, you’ll need the user’s consent to track their information. If they don’t want to be tracked, then you’ll have to offer an opt-out option.
Thanks to ExactMetrics integration with Cookie Notice and CookieBot, you can easily set up a sitewide opt-out option.
Both these plugins offer a built-in option to offer an opt-out option. They also help you offer a consent checkbox. If any of these two plugins is active on your site, ExactMetrics will wait to load Google Analytics tracking script until the user gives permission.
If you’re not using these plugins, then you use ExactMetrics opt-out link integration. You can follow our guide on how to make Google Analytics opt-out links with ExactMetrics.
And that’s it!
You’ve made it to the end of the article and you now know how to make Google Analytics GDPR compliant.
We hope you liked our article on GDPR and Google Analytics, and how to make your WordPress site compliant.
If you have any queries, drop a comment below. And don’t forget to follow us on Twitter and Facebook to stay updated with the latest guides on Google Analytics.
Legal Disclaimer: This addon is designed to automate some of the settings change required to be in compliance with various EU laws however due to the dynamic nature of websites, no plugin can offer 100% legal compliance. Please consult a specialist internet law attorney to determine if you are in compliance with all applicable laws for your jurisdictions and your use cases.
As a website operator, it is solely your responsibility to ensure that you are in compliance with all applicable laws and regulations governing your use of our plugin.
ExactMetrics, its employees/contractors, and other affiliated parties are not lawyers. Any advice given in our support, documentation, website, other mediums or through our services/products should not be considered legal advice and is for informational and/or educational purposes only and are not guaranteed to be correct, complete or up-to-date, and do not constitute creating/entering an Attorney-Client relationship.