How to setup Google Analytics to be GDPR Compliant without a Cookie Notice

Are you the kind of person that wonders ‘How many visited yesterday?’ instead of ‘Who visited yesterday?’ Keep reading. I’ll show you how to set up Google Analytics to be completely GDPR Compliant and help you get rid of that cookie notice.

Recently I set up a cookie notice on my site, because I was under the impression that was necessary to comply with the new GDPR laws. So, after I published an update to CAOS and wrote a how-to for my users on how to use CAOS’ new GDPR Settings I found out that none of it was actually necessary. Because, basically, you only need to ask for permission if you want to re-use your visitors’ data (e.g. remarketing).

  • The Wait is Over.

    Get the Newsletter you've always wanted, now!

    Sign up to receive monthly, Special Offers & Free Optimization Tips for WordPress.

    Privacy Policy

    No spam. I promise.

  • Configuring Google Analytics to be Privacy Friendly (so you can Remove that Cookie Notice)

    If you use Google Analytics, technically you’re processing data of your visitors. The new and improved GDPR laws are all about asking permission to your visitors. If you don’t (or don’t want to) ask for permission, these 6 steps will help you to configure Google Analytics to handle your visitors’ privacy responsibly so you can remove that Cookie Notice.

    Disclaimer: all information in this post is translated or derived from guides provided by the Dutch Personal Authority. I can give you no guarantee that following these steps will make you compliant with the version of the GDPR where your business is located, although I’m pretty sure that these laws are practically the same in the entire European Economic Space (EES).

    If you’re not sure what you’re doing and/or you’d like assistance with Google Analytics’ and CAOS’ configuration, request a CAOS Expert Configuration. I’ll help you out. Read more

    1. Accept the Data Processing Amendment

    Wow… That sounds fancy, right? It basically means that you have to agree to the fact that Google will act as the processor of all your visitor’s personal data.

    Here’s how you do it. Make sure you’re logged in to your Google Analytics-dashboard, and:

    1. Click ‘Admin‘.
    2. Click ‘Account Settings‘.
    3. Scroll down to a header, called ‘Data Processing Amendment‘.
    4. Click on ‘Updated Amendment‘. If you’ve already agreed to it, it’ll show ‘Review Amendment‘.
    5. In the pop-up, click ‘Done‘ and after the pop-up’s closed, click ‘Save‘.

    2. Disable Data Sharing

    By default, using Google Analytics means that you agree with Google using the data you provide for its own marketing and technical purposes. This includes benchmarking and improvement of Google’s services. To comply to the GDPR, you need to disable these settings:

    Remove Cookie Notice - Disable Data Sharing Settings in Google Analytics
    Disable Data Sharing Settings in Google Analytics
    1. Click ‘Admin‘.
    2. Click ‘Account Settings‘.
    3. Scroll down to ‘Data Sharing Settings‘ and remove all checkboxes.
    4. Click ‘Save‘.

    Sadly this doesn’t mean that Google will immediately remove all visitors’ data you’ve already sent. But at this point, they aren’t allowed to use it anymore — for technical and marketing purposes that is.

    3. Disable Data Collection for Advertising Features

    You told ’em once. Now tell ’em twice! You told Google to stop using your visitors’ data. But technically you only told them to stop using it for in-house purposes.

    Apparently there’s a technical difference between using data and processing data. Using data for technical improvement, benchmarking or e.g. access by an accountancy team is different from processing data for advertising features.

    In order to completely disable the usage of your visitors’ data and respect their privacy, you need to do the following:

    Remove Cookie Notice - Disable Data Collection for Advertising Features
    Disable Data Collection for Advertising Features
    1. Click ‘Admin‘.
    2. In the middle column, underneath ‘Property‘, select ‘Tracking Info‘ and ‘Data Collection‘.
    3. If you’re using Adsense or Adwords, the two visible options will be enabled by default. Disable them.
    4. Click ‘Save‘.

    4. Make sure the User-ID feature is disabled

    The User-ID feature lets you associate engagement data from different devices and multiple sessions, so you can discover how users interact with your content over an extended period of time. GDPR doesn’t agree with this. Luckily, it can easily be disabled.

    1. Click ‘Admin‘.
    2. In the middle column, underneath ‘Property‘, select ‘Tracking Info‘ and go to ‘User-ID‘.
    3. If the toggle at the end of the page is turned off, you’re done. If not, disable it and click ‘Save‘.

    After you’ve followed all of the above steps you’ve done everything you can to protect your visitors’ private data. It also means that you can almost remove that stupid Cookie Notice from your blog. Google Analytics will from now on respect your visitors privacy. You’ve used all options available in the Dashboard to protect your users’ data. But you’re not done yet. To fully comply to the GDPR you need to make some adjustments in your Analytics tracking-snippet…

    Leave a Comment

    Your email address will not be published. Required fields are marked *

    This site uses Akismet to reduce spam. Learn how your comment data is processed.