How to make Google Analytics GDPR compliant
Firstly, what is GDPR?
GDPR stands for General Data Protection Regulation and it is a new regulation created by the European Commission which will strengthen data protection for individuals within the European Union (EU) and also addressed the export of personal data outside the EU.
What is Google Analytics?
Google Analytics is software created by Google which tracks website traffic and provides this information to website owners.
How does GDPR impact Google Analytics?
For the most part, Google Analytics captures data which is anonymous.
The software tracks website usage such as pages visited, traffic sources, devices used, time spent on each page… etc.
All of that information cannot be linked to an identifiable individual.
However, they also provide geographical data which details what towns and cities your visitors are located in. In order form them to do this, they use IP addresses.
What is an IP address?
An IP address is a unique string of numbers separated by full stops that identifies each device that connects to the Internet. So an example would be 18.104.22.168.
Note: Just for you techy people, the example above is for an IPv4 Ip Address, but this also works on IPv6s as well.
So why is an IP address important?
According to the GDPR guidelines, an IP address is ‘Personally Identifiable Information’.
While we, as website owners, cannot access the IP addresses ourselves on Google Analytics, Google employees can and this information is also stored outside of the EU too.
Therefore, you cannot be GDPR compliant if you continue to use Google Analytics on your website in the normal way.
Good news, there’s a solution…
Luckily you can force Google to mask all IP addresses.
This means Google changes an IP address from 22.214.171.124 to 126.96.36.199.
This IP masking takes effect before Google sees or stores it and this anonymises all IP addresses and makes your use of Google Analytics GDPR compliant.
The only downside is your geographical data may be less accurate.
Putting the solution into practice
There is a really easy fix to ensure your Google Analytics account isn’t capturing IP addresses.
The Google Analytics code which is added to most websites looks like this:
You need to simply add the following line:
So the new version would look like this:
This simple change to your Google Analytics code makes you GDPR compliant.