I’ve already written a lot of posts ever since the new GDPR laws were introduced. Most of CAOS’ code had to be rewritten for the sake of GDPR Compliance. Now we’re nearing — the big — v2.0 and many options have been added. To WordPress — and CAOS. This post will function as a Complete Guide through the jungle that is called GDPR Compliance.
GDPR Compliance in a Nutshell
According to Wikipedia, the GDPR…
…aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
In human English, to be GDPR compliant means that you can’t process any personal data of people you’re doing business with, without their consent. But what is personal data?
Let’s get Personal…
‘Personal data’ means any information relating to a natural person. So, an awful lot of information.
In certain circumstances, someone’s IP address, hair colour, job or political opinions could be considered personal data, but whether information is considered personal data often comes down to the context in which data is collected.
You might think that someone’s name is always personal data, but it’s not that simple.
By itself the name John Smith may not always be personal data because there are many individuals with that name. However, where the name is combined with other information (such as an address, a place of work, or a telephone number) this will usually be sufficient to clearly identify one individual.
Confused yet? Good.
Let me tell you what this means for you as a WordPress Google Analytics user.
It is our Choices, that show us how GDPR we are.J.K. Rowling
The GDPR draws the line where it gets personal. In many other cases this line might be blurry, as the previous chapter explains. However, in WordPress- and Google Analytics-land — lucky for you — it isn’t!
If you want to use Google Analytics as a WordPress Blogger and comply with GDPR you can either:
- collect not personal data and not notify your users, or
- collect personal data and notify them.
These are your choices. The path you choose depends on the goal you want to achieve.
A regular, personal blog can easily collect enough relevant data without getting too personal, but if you need to make data-driven decisions (e.g. for marketing or advertising purposes) collecting personal data might be interesting to you.
To Cookie Notice or Not To Cookie Notice
That is the question, actually.
You could assume that GDPR means you should add a cookie notice to your WordPress blog, but this isn’t true for most EU countries. The configuration of Google Analytics and your WordPress-blog depends on the data you’re planning to collect.
If you’re using Google Analytics for e.g. a personal or educational blog (such as this one) you could only be interested in cold statistics: location, bounce rate, duration, etc. This isn’t considered personal i.e. you can’t identify an individual with this information. In this case, you don’t have to ask for consent.
All you need to do is configure Google Analytics and WordPress to not collect personal data.
If you need personal data for e.g. remarketing or personal advertising purposes you need to show a cookie notice.
This can be done in multiple ways and if you’re already a CAOS-user, it’s just smoooth sailin’ from here! Since version 1.60, CAOS is compatible with all Cookie Notice plugins for WordPress.
I’ve written multiple tutorials to cover the most-used plugins in the WordPress repository. You can either use Cookie Notice for GDPR or GDPR Cookie Consent to configure a Cookie Notice in WordPress.
Contact me if you’re using another Cookie Notice plugin and you want to make it work with CAOS.
E-commerce and GDPR Compliance
Are you a WooCommerce user? Then I suggest you combine CAOS with one of many WooCommerce Google Analytics plugins available, each has their own approach to comply with the GDPR and can be easily configured.
GDPR Compliance and Privacy
Whether you collect personal data or not, you’ll need to inform your visitors of how the data is collected and processed. As WPBeginner puts it:
All websites collect information about their visitors in different ways. In many countries (including the United States), websites are required by law to disclose the information they collect about their visitors and how this information is used.
There are many ways to create, generate and integrate this into your blog. Check out WPBeginner’s tutorial, cause I couldn’t have done it better.
In this guide I have collected and summarized information from relevant sources to make you have a better understanding of what GDPR Compliance means for your WordPress website to collect data using Google Analytics. If you have any remarks and questions or you simply want to say thank you, leave a comment!