How to setup Google Analytics to be GDPR Compliant without a Cookie Notice

Awesome! If you made it this far, that means you told Google to back off and respect your visitors’ privacy. It also means that your website almost complies with the new GDPR-laws. Almost. Because in order to fully comply you have to make a few small modifications to your site’s Analytics tracking-code. Let’s see how you can (partially) anonymize your visitor’s IP-address, give them an option to opt-out and inform them about the usage of Google Analytics through a Privacy Policy.

  • The Wait is Over.

    Get the Newsletter you've always wanted, now!

    Sign up to receive monthly, Special Offers & Free Optimization Tips for WordPress.

    Privacy Policy

    No spam. I promise.

  • Configuring your Analytics tracking-code to respect your users’ Privacy

    One of the new GDPR’s demands is that your visitor’s IP-address is (at least partially) shielded. Luckily, yours truly has created a nifty (FREE!) little plugin that can help you with this. Besides automagically adding the tracking-code to your site (in the header or footer) and hosting it locally, CAOS offers everything you need to make your tracking-code fully GDPR compliant.

    5. Anonymize your visitor’s IP-address

    Google Analytics created an option to remove the last octet (the last group of 3 numbers) from your visitor’s IP-address. This is called ‘IP Anonymization‘. Although this isn’t complete anonymization, the GDPR demands you use this option if you want to use Analytics without prior consent from your visitors. Some countris (e.g. Germany) demand this setting to be enabled at all times.

    Implementing this into your tracking-code can be somewhat of a drag, because Javascript has a complicated syntax.

    But you ‘re in luck! With CAOS, enabling ‘IP Anonymization‘ is a matter of three left-clicks. So install it now! Besides being the most efficient way to implement Google Analytics, it’s the only plugin that can get you that perfect score on Pagespeed Insights or Pingdom if you’re an Analytics user.

    How to enable IP Anonymization in CAOS.
    How to enable IP Anonymization in CAOS.

    Once you’ve got it set up, go to CAOS’ settings-page (‘Settings‘ > ‘Optimize Analytics‘) and do the following:

    1. If you haven’t already, check ‘Advanced Settings‘.
    2. Check ‘Use Anonymize IP?‘.
    3. Click ‘Save‘.

    From now on all data sent to Analytics will be provided with a (partially) anonymized IP-address.

    6. Informing about Analytics usage and how to opt-out

    At this point you’re allowed to process your visitors’ data without their prior consent. You still need to inform them about it and (optionally) allow them to opt-out.

    Informing your visitors comes down to adding a Privacy Policy to your site. I could give you a full walkthrough on this, but I think that’s beyond the scope of this article. You can generate a privacy policy for free and if you made it this far into this tutorial, I suppose you know to how to copy + paste the text to a new page in WordPress and put it in your blog’s menu. 🙂

    Finally I’m going to draw your focus towards the opt-out option. According to the GDPR this is advised (i.e. optional). I’ve written an article about adding an opt-out option [red. link temporarily removed] to your blog using CAOS. So if you want to offer your users this option, I suggest you read it.

    Now you can use Google Analytics without annoying Cookie Notices. You’ve configured Google Analytics to respect your users’ privacy and CAOS has helped you to add IP Anonymization to your Analytics tracking-code. Was this tutorial helpful? Do you have any suggestions for fellow readers? Did I miss anything? Please let me know in the comments!

    14 thoughts on “How to setup Google Analytics to be GDPR Compliant without a Cookie Notice”

    1. Great job, Daan, thanks for the work! I am a treehunter myself 🙂

      Only the link to your opt-out article seems broken.

      Regards, Tez

      1. Hi Tez, Thanks! It’s always good to meet a fellow treehunter!

        Thanks for the heads up! I just realized I pulled this article back, because the information in it needed to be refreshed.

    2. You’ve written and link to the how to add a snippet for users to opt out but you’ve removed the link. Can you link me here to that article part in adding the option to opt out?

      1. Hi Randy,

        I temporarily removed that link, because I am in the middle of rewriting that article. After publishing it I figured out new, and easier ways to implement an opt-out option. Because I also updated CAOS a lot in the meantime, it’s in need of serious revision. As soon as I re-published it, I’ll let you know.

      1. Hi Lorenz,

        Yes, as far as I know it’s still up-to-date!

        But, laws might differ per country. The rule of thumb is: as long as Google Analytics doesn’t track/save any information that can identify an individual, you don’t have to show a cookie notice.

    3. Hi Daan. Can Google still access my analytics data for its own purposes if I disable the remarketing and data sharing options?

      1. If you use the disable display features option in CAOS: No, because the data isn’t sent to Google at all. If you disable it from your Google Analytics dashboard: I’m not sure, as you’re still sending the data to Google, they’re just not processing it. But you never know what they’ll do with in the background.

    4. Hello Daan,
      I just installed CAOS on client site, if all goes well I will generalize on all my clients’ sites, great job.
      I will focus on the French translation.
      I don’t speak English and I use the Google translator, excuse the level of English 🙂

    5. Hi Daan, absolutely perfect WordPress Plugin with an easy setup and a very useful article on “How to setup Google Analytics to be GDPR Compliant”. Everything was already disabled on GA but I didn’t know th IP disabled trick. Thanks a lot!

    6. Hi, do you know how people are getting around the ‘essential cookies’ default and not being able to use Google Analytics? Is there some sort of plugin to get around this limitation?

    7. Hello,
      according to the new (april 2nd 2021) CNIL post and my understanding, users should have the choice to refuse cookies, period, cookiewall might be not forbidden.

      Translated by Google:

      Any answer appreciated

    Leave a Comment

    Your email address will not be published. Required fields are marked *

    This site uses Akismet to reduce spam. Learn how your comment data is processed.