How to setup Google Analytics to be GDPR Compliant without a Cookie Notice

Are you the kind of person that wonders ‘How many visited yesterday?’ instead of ‘Who visited yesterday?’ Keep reading. I’ll show you how to set up Google Analytics to be completely GDPR Compliant and help you get rid of that cookie notice.

Recently I set up a cookie notice on my site, because I was under the impression that was necessary to comply with the new GDPR laws. So, after I published an update to CAOS and wrote a how-to for my users on how to use CAOS’ new GDPR Settings I found out that none of it was actually necessary. Because, basically, you only need to ask for permission if you want to re-use your visitors’ data (e.g. remarketing).

  • The Wait is Over.

    Get the Newsletter you've always wanted, now!

    Sign up to receive Biweekly, Free Optimization Tips for WordPress.

    No spam. I promise.

  • Configuring Google Analytics to be Privacy Friendly (so you can Remove that Cookie Notice)

    If you use Google Analytics, technically you’re processing data of your visitors. The new and improved GDPR laws are all about asking permission to your visitors. If you don’t (or don’t want to) ask for permission, these 6 steps will help you to configure Google Analytics to handle your visitors’ privacy responsibly so you can remove that Cookie Notice.

    Disclaimer: all information in this post is translated or derived from guides provided by the Dutch Personal Authority. I can give you no guarantee that following these steps will make you compliant with the version of the GDPR where your business is located, although I’m pretty sure that these laws are practically the same in the entire European Economic Space (EES).

    If you’re not sure what you’re doing and/or you’d like assistance with Google Analytics’ and CAOS’ configuration, request a CAOS Expert Configuration. I’ll help you out. Read more

    1. Accept the Data Processing Amendment

    Wow… That sounds fancy, right? It basically means that you have to agree to the fact that Google will act as the processor of all your visitor’s personal data.

    Here’s how you do it. Make sure you’re logged in to your Google Analytics-dashboard, and:

    1. Click ‘Admin‘.
    2. Click ‘Account Settings‘.
    3. Scroll down to a header, called ‘Data Processing Amendment‘.
    4. Click on ‘Updated Amendment‘. If you’ve already agreed to it, it’ll show ‘Review Amendment‘.
    5. In the pop-up, click ‘Done‘ and after the pop-up’s closed, click ‘Save‘.

    2. Disable Data Sharing

    By default, using Google Analytics means that you agree with Google using the data you provide for its own marketing and technical purposes. This includes benchmarking and improvement of Google’s services. To comply to the GDPR, you need to disable these settings:

    Remove Cookie Notice - Disable Data Sharing Settings in Google Analytics
    Disable Data Sharing Settings in Google Analytics
    1. Click ‘Admin‘.
    2. Click ‘Account Settings‘.
    3. Scroll down to ‘Data Sharing Settings‘ and remove all checkboxes.
    4. Click ‘Save‘.

    Sadly this doesn’t mean that Google will immediately remove all visitors’ data you’ve already sent. But at this point, they aren’t allowed to use it anymore — for technical and marketing purposes that is.

    3. Disable Data Collection for Advertising Features

    You told ’em once. Now tell ’em twice! You told Google to stop using your visitors’ data. But technically you only told them to stop using it for in-house purposes.

    Apparently there’s a technical difference between using data and processing data. Using data for technical improvement, benchmarking or e.g. access by an accountancy team is different from processing data for advertising features.

    In order to completely disable the usage of your visitors’ data and respect their privacy, you need to do the following:

    Remove Cookie Notice - Disable Data Collection for Advertising Features
    Disable Data Collection for Advertising Features
    1. Click ‘Admin‘.
    2. In the middle column, underneath ‘Property‘, select ‘Tracking Info‘ and ‘Data Collection‘.
    3. If you’re using Adsense or Adwords, the two visible options will be enabled by default. Disable them.
    4. Click ‘Save‘.

    4. Make sure the User-ID feature is disabled

    The User-ID feature lets you associate engagement data from different devices and multiple sessions, so you can discover how users interact with your content over an extended period of time. GDPR doesn’t agree with this. Luckily, it can easily be disabled.

    1. Click ‘Admin‘.
    2. In the middle column, underneath ‘Property‘, select ‘Tracking Info‘ and go to ‘User-ID‘.
    3. If the toggle at the end of the page is turned off, you’re done. If not, disable it and click ‘Save‘.

    After you’ve followed all of the above steps you’ve done everything you can to protect your visitors’ private data. It also means that you can almost remove that stupid Cookie Notice from your blog. Google Analytics will from now on respect your visitors privacy. You’ve used all options available in the Dashboard to protect your users’ data. But you’re not done yet. To fully comply to the GDPR you need to make some adjustments in your Analytics tracking-snippet…

    Daan van den Bergh

    Daan van den Bergh is a carefully seasoned web developer. His methods consist of thinly slicing your website’s beef and serve you with a platter of the best performance carpaccio on a bed of rocket — the only thing he’s more passionate about is food. Hire him at

    9 thoughts on “How to setup Google Analytics to be GDPR Compliant without a Cookie Notice”

    1. Great job, Daan, thanks for the work! I am a treehunter myself :-)

      Only the link to your opt-out article seems broken.

      Regards, Tez

      • Hi Tez, Thanks! It’s always good to meet a fellow treehunter!

        Thanks for the heads up! I just realized I pulled this article back, because the information in it needed to be refreshed.

    2. You’ve written and link to the how to add a snippet for users to opt out but you’ve removed the link. Can you link me here to that article part in adding the option to opt out?

      • Hi Randy,

        I temporarily removed that link, because I am in the middle of rewriting that article. After publishing it I figured out new, and easier ways to implement an opt-out option. Because I also updated CAOS a lot in the meantime, it’s in need of serious revision. As soon as I re-published it, I’ll let you know.

      • Hi Lorenz,

        Yes, as far as I know it’s still up-to-date!

        But, laws might differ per country. The rule of thumb is: as long as Google Analytics doesn’t track/save any information that can identify an individual, you don’t have to show a cookie notice.

    3. Hi Daan. Can Google still access my analytics data for its own purposes if I disable the remarketing and data sharing options?

      • If you use the disable display features option in CAOS: No, because the data isn’t sent to Google at all. If you disable it from your Google Analytics dashboard: I’m not sure, as you’re still sending the data to Google, they’re just not processing it. But you never know what they’ll do with in the background.

    4. Hello Daan,
      I just installed CAOS on client site, if all goes well I will generalize on all my clients’ sites, great job.
      I will focus on the French translation.
      I don’t speak English and I use the Google translator, excuse the level of English :-)


    Leave a Comment

    This site uses Akismet to reduce spam. Learn how your comment data is processed.