Since the 25th of May, our (online) lives have been blessed with a new and improved GDPR. You might’ve noticed my shiny new Cookie Notice! For novice users it raised a lot of questions. Because as a law-abiding citizen, what the hell do I have to do to keep a good, law-abiding website? If you’re a Google Analytics user, look no further. Today I’m going to show you how you can use CAOS (and all of its locally hosted analytics.js goodness!) to make your WordPress-blog GDPR-proof.
This tutorial covers one of the most used Cookie Notice-plugins for WordPress.
Since version 1.60 I’ve made some impactful changes to CAOS to increase compatibility with other Cookie Notice WordPress-plugins. Since then, CAOS isn’t just compatible with the plugin mentioned in this post, but basically with all of them!
Are you using another Cookie Notice plugin for WordPress? You can still give CAOS a try. If you can’t figure out how to make CAOS compatible, contact me and I’ll help you make it work.
First off, I have some good news. I know it’s been a while (!) but I recently released CAOS v. 1.50 to celebrate the coming of GDPR. Err, no. Not exactly. Let’s say I updated CAOS to allow you to keep using it in a GDPR complaint way.
So, before you continue. Make sure you’re using CAOS v. 1.50 or higher. Besides that, we’re going to call in the help of another nifty, little plugin called GDPR Cookie Consent to generate the Cookie Notice for you.
This is how it works: Basically, the plugin renders a Cookie Notice to any new visitors of your website. When a user clicks the ‘Approve’-button, a cookie is created. In turn, CAOS checks whether this cookie is present and renders its locally hosted Analytics-tracking script.
How to Configure CAOS to be GDPR Compliant
After following the steps below, your WordPress-blog will abide to the new laws enforced by the GDPR. Your Google Analytics-tracking scripts will still be locally hosted so you can have the best of both worlds. Follow the rules, and maintain your high score on Pingdom and Google Pagespeed. Let’s get started!
Enabling the Cookie Notice
The Cookie Notice will be provided by an external plugin, because I thought it was beyond the scope of my CAOS-plugin to build a Cookie Notice into it. I recommend using ‘GDPR Cookie Consent‘ by Webtoffee. It’s light-weight, easily configurable and fully tested and compatible with CAOS.
- Open the ‘Plugins‘ menu and click ‘Add new‘.
- In the next screen that opens, search for ‘GDPR Cookie Consent‘.
- The plugin will show at the top of the search results. Click ‘install now‘.
- After it’s finished downloading, click ‘activate‘.
A new menu-item will be added to your Administrator-menu, called ‘Cookie Law Info‘. Right underneath your ‘Comments‘-manager. Open it and you’ll see four options. ‘Cookie List‘, ‘Add new‘ and ‘Non-necessary Cookie‘ are beyond the scope of this post. So click on ‘Cookie Law Settings‘ to configure the cookie notice’s visuals and functioning.
Configuring CAOS and Google Analytics for GDPR Compliance
So now you’ll probably have a shiny new Cookie Notice on your WordPress-blog… Like mine! (We could be Cookie buddies! :D) Now all you need to is tell CAOS to check for the cookie created by Webtoffee’s plugin. Don’t worry, it’s as easy as cake… or Cookies!
- Open the ‘Settings‘-menu and click on ‘Optimize Analytics‘ to open CAOS’ configuration screen.
- Select the value ‘When cookie has a value‘ in the ‘Allow tracking…‘-section.
- In the field named ‘Cookie name‘ enter ‘viewed_cookie_policy‘. This is the name of the cookie generated by GDPR Cookie Consent once a user clicked the ‘Approve‘-button.
- In the field named ‘Cookie value‘ enter ‘yes‘. This is the value that is set to the cookie once the user clicks ‘Approve‘ in the Cookie Notice.
- Enter a value in the ‘Cookie expiry period‘-field. I use ‘30‘, since I don’t think I can keep following you around for more than a month. I get tired, you know…
- Press ‘Save Changes‘ and if you use any caching-plugins, make sure you flush your cache.
That’s it! You’re done. You’ve now configured CAOS and Google Analytics with a cookie notice to be fully compliant with GDPR. Enjoy!
Hello i have configured Caos plugin for GDPR cookiebot plugin:
https://wordpress.org/plugins/cookiebot/
check this
https://github.com/CybotAS/CookiebotAddons/issues/51
i have replaced ‘viewed_cookie_policy‘ with ‘CookieConsent‘
It’s correct?
Thanks
I’m not sure. I have no experience with Cookiebot. But you can check which cookie Cookiebot generates after you ‘Approve’ the usage of cookies, using your Inspector tools in your browser. I’ll check it out soon and get back to you, okay?
I’m sorry. I tried installing Cookiebot in a local environment, but since it needs registration it’s hard for me to test compatibility with CAOS. The only answer I can give you is: if ‘CookieConsent’ is the name of the cookie generated after the user gives consent to use cookies, then that should work!
Hi Daan,
CAOS is a great plugin and I use it on my webpage, thank you! But after the last update to 1.5 version it seems not working anymore. I tried to install ‘GDPR Cookie Consent‘ plugin, but this plugin also not working, it simply won’t create any cookie and nothing happens after pressing “Accept” button.
Hi Saulius,
It was my fault! I’m sorry! There was a bug in my code that would cause CAOS to only work if GDPR was fully enabled. Please update to version 1.53 and everything should work fine. If local-ga.js becomes empty after the update, please de-activate and activate the plugin to trigger the cron. It should be fine then!
Good luck!
The cookies and active agreement is not necassery in case you make Google Analytics GDPR proof. Check: https://www.autoriteitpersoonsgegevens.nl/sites/default/files/atoms/files/handleiding_privacyvriendelijk_instellen_google_analytics_mrt_2018.pdf
Thanks for the suggestion! CAOS actually already implements a feature to Anonymize IP. And all the other steps in the provided PDF are settings in Google Analytics. This gives food for thought, Bertjan. So thanks, I might actually write up another article on how to make CAOS GDPR Proof without a Cookie Notice! Thanks!
Hi Daan,
I can’t seem to understand if the Anonymize IP is included in the free version or not.
Of CAOS? Yes, it is!
hello dou you have a pdf in english i don’t understand dutch
thanks
Hi Frank,
I’m working on a write-up how to implement the above PDF into Google Analytics (combined with CAOS). So, stay tuned!
Hi Frank, just wanted to let you know that I’ve written a complete write-up (in English) on how to setup Analytics and CAOS to be GDPR Compliant without a Cookie Notice.
Hi Daan,
I’ve configured the plugin CAOS as you describe, but I have a doubt.
When Analytics start to work and collect data?:
– After press the ‘accept’ button? or
– After press the ‘accept’ button and reload web?
Thanks for your time
Good question! I’ve configured it to reload the page after accepting or rejecting. Because then it immediately starts tracking.
Hi Daan, after playing around with this a little: if i want GA to be considered non-essential for my website, shouldn’t CAOS check for 2 cookies here? I think it needs both the cookielawinfo-checkbox-non-necessary and the viewed_cookie_policy cookie to be set to yes before activating GA. Or am I mixing up something here?