From 25 May 2018, we must all comply with the more stringent legislation on data protection and the storage of European citizens' personal data. This short guide will give you some quick wins on how to comply with the new General Data Protection Regulation (AVG or GDPR)!
In just a few steps, we list the various adjustments you need to make to comply with the GDPR standards. We take a look at the settings of Google Analytics as well as Google Tag Manager (GTM).
- Under the table above you will find ‘adjustments to the data processing’
- Click on ‘updated amendment’
- Then approve the conditions
- If you have a DPO, this can be communicated when you click on 'Manage DPA data'.
- Then click on save
- Data retention only applies to modified reports or modified segments. It does not affect the overall results in Google Analytics. When data retention is enabled, the selected period (e.g. 14 months) is the maximum period that data is retained.
- In addition to the period, you can choose to renew the expiry date for repeat visitors. For example, if data retention is limited to 14 months and someone visited the website 20 months ago and again 10 months later, this data will not be deleted.
- Unless you have a good reason, we recommend limiting data retention to 14 months. GDPR does not set an explicit deadline, but you should have a good reason to keep data longer, "for the statistics" is not enough. Moreover, the impact on your data is limited.
- Admin > property settings
- Check here to see if you are collecting 'demographic and interest reports
- When filling in a contact form, for example, check that you do not include any personal data in the URL such as an "email=querystring" parameter.
- The best method is to remove these queries via GTM. This way they will not be placed on Google Analytics servers and you can guarantee privacy. That is why filtering out this information in your views is not enough. You need the variable "Page URL". If required, you must activate it first.
Find out who has access to Google Analytics and remove any people who no longer need access.
- All tags that relate to personal data, such as Hotjar, remarketing, LinkedIn Insight Tag, Facebook tracking pixel ... must be stopped until the website visitor approves your cookies.
- To do this, you need to create a new trigger that only fires if the website visitor has approved the cookies.
- What information is kept
- Who collects this information
- How was this information collected?
- Why is this information kept
- How are you going to use this information
- With whom is this information shared
- What is the effect on the individuals who visit your website?
- A clear overview of First & Third party cookies
- Google Analytics: That a processing agreement has been concluded
- Google Analytics: That data is processed anonymously
- Google Analytics: 'data sharing' is disabled
- Google Analytics: that no use is made of other Google services in combination with Google Analytics cookies.
- Explanation on how to delete cookies
Be sure to have a look at our own cookie statement.