Make it easy for your user to revoke a given permission – especially in email marketing
Withdrawing consent to given data processing rights can be difficult to do on a website without disrupting the user experience on the website. However, under GDPR, it must be as easy to remove as it was previously granted. One way companies have dealt with this problem is to list specific areas for which the data will potentially be used, to which the user can consent or refuse (e.g. personalized ads, behavioral tracking, personalized user experience on the website). This is usually done through cookies. In addition, it should be easy for your newsletter subscribers to unsubscribe from your email list at any time. If this is not clearly indicated in your email or there is no option to unsubscribe, this can result in high fines.
3. Using Google Analytics in compliance with GDPR
Google Analytics is by far the most widely used and popular website tracking tool, giving its users unique insight into the behavior of their website visitors. But is Google Analytics GDPR compliant?
To make your website compatible with Google Analytics, there are a few simple steps you can take. Google Analytics registers each user with a unique user ID so that it can see the total number of website visitors (e.g. new or returning customers), behavior (e.g. which pages a customer converts through; bounce rate), and interaction on the website. In addition, Analytics can segment users by age, gender, and sometimes income. All of the information listed is considered personal data under the GDPR, which can potentially identify a natural person. However, it is difficult to determine the full scope of data collected through Google Analytics, as Google is constantly developing and improving this tool.
Google states in its EU Consent Policy that website owners are job seekers data required to disclose that Google Analytics is being used on their website. In addition, they must obtain consent from the website's end users in the European Union and state the exact reason for collecting personal data. Google Analytics thus shifts the responsibility for data protection requirements to the website owner. The following tips will help you check your GDPR compliance when using Google Analytics.
Turn on IP anonymization
The IP address is considered personal data under the GDPR. Google uses users' IP addresses to generate geographic overviews. Anonymization will therefore reduce the accuracy of your user tracking through Google Analytics. You can archive the anonymization of the IP address by adding the following variable to your Google Analytics tracking code script:
- Board index
- All times are UTC
- Delete cookies
- Contact us