Google Analytics is one of the tools most used by marketers, since it allows analyzing and understanding the behavior of website visitors. However, with the entry into force of the GDPR many questions have arisen regarding the legitimacy of continued use of this tool. Google Analytics uses visitor data, so you need to be careful not to break the law. In today’s article, we’ll explain how to apply GDPR in Google Analytics.
Google changed the settings of this tool to comply with the RGPD and requested that several actions be taken before May 25, 2018, when the legislation came into force. This means that the tool is in compliance, but some action needs to be taken.
There is a lot of confusion between cookies, privacy policy and data protection laws. There is the misconception that cookies are governed by the GDPR. However, the use of cookies is not required by the GDPR, but by the ePrivacy Directive. Cookies are small files with information that is stored on the user’s computer through the browser. Its function is to offer a better experience in the use of the website, storing login information, products added to the shopping cart, among other features. This means that cookies do not store personal data.
However, the cookies law requires the user to send consent to the storage of cookies on your device. Without this consent, no cookie may be installed. To obtain this consent, it is enough that there is a banner with information about the cookies and the user will have to click “ok” so that it is possible to install the cookies in your browser. There are, however, cookies that are exempt from the obligation to obtain consent, namely: technical cookies essential for the provision of the service, statistical cookies managed directly by the site owner and third party statistical cookies, for example Google Analytics!
For each form that exists on the site, there must also be:
• A link to the page of the general conditions of use;
• A checkbox that requests the approval of the visitor’s general conditions of use. Please note that this box can not be selected by default!
The data privacy policy must be updated according to the new requirements of the legislation. A scale of classification and processing of personal data should be defined. The legal department of the company should be involved in this process and this policy should include all information related to the actual treatment of the data, including its purpose.
About the author