![\"\"](\"http:\/\/digitalsrc.com\/blog\/wp-content\/uploads\/2018\/05\/Google-Analytics-GDPR-Compliance.png\")
<\/p>\n<\/p>\n
Google Analytics is by far the most popular web analytics application that is used across the world. It is used both by individuals and small companies to large Fortune 500 brands. As per this study in 2015, almost 70% of Fortune 500 used Google Analytics as their web analytics platform. If you are one of those millions of Google Analytics users and you are in Europe or deal with clients\/ visitors from EU, you need to ensure that you are GDPR compliant.<\/p>\n
While we love to rely on Google and think that they will take care of everything for proper GDPR compliance there are few things that you need to do too.<\/p>\n
At a very broad level GDPR asks you not to collect and process any personal data without the consent of the data subject (user). Now before you tell me that Google Analytics data is anonymized and aggregated, let me show you couple of personal data points that could be captured in Google Analytics and put you on the wrong side of GDPR.<\/p>\n
<\/p>\n
Anonymize IP Address<\/strong> This again will depend on the version of Google analytics code you are using. There are three versions that most people are using. You are either using universal analytics using ANALYTICS.JS or GA.JS or the latest GTAG.JS.<\/p>\n Anonymize<\/b>\u00a0IP for analytics.js<\/strong><\/p>\n <script> Your analytics code probably looks like the one given above. Look at the highlighted line. You need to add that one line of code to anonymize IP address and it is important that the line is set before the ga(\u2018send\u2019, \u2018pageview\u2019); line.<\/p>\n Anonymize IP for gtag.js<\/strong><\/p>\n This is the latest Google analytics code and if you are already using gtag.js, you can follow the below process to anonymize IP for GDPR compliance.<\/p>\n In your gtag code you will notice the following line \u2013<\/p>\n gtag(‘config’, ‘UA-XXXXXX-XX’);<\/p>\n This needs to be replaced with<\/p>\n gtag(‘config’, ‘UA-XXXXXX-XX’, { ‘anonymize_ip’: true });<\/span><\/strong><\/p>\n Anonymize IP for ga.js<\/strong><\/p>\n In case you are still using the old ga.js Google analytics library, you can try using the below code. Note the line highlighted, you will need to add that to the script.<\/p>\n <script type=”text\/javascript”> Now let\u2019s talk about how to remove the personal data that we might send to Google through URL parameters. It is not just important for GDPR compliance but it is also important for ensuring that you are compliant with Google Analytics\u2019 terms of service.<\/p>\n You should ideally try to remove any PII right at the collection level of Google analytics and this requires some coding skills. Two excellent solutions for this has been given below and you can use any one of them that works for you.<\/p>\n Simo Ahava\u2019s Solution to Removing PII from GA<\/a><\/p>\n
\nGoogle Analytics does provide you an option to anonymize IP addresses. If done properly Google will anonymize the users IP address while still in memory and the data will be written to disc for processing only after the IP addresses have been anonymized. If you are interested in the technical details, you can read the technical explanation here.<\/p>\nHow to Anonymize IP Address in Google Analytics for GDPR Compliance<\/h2>\n
\n(function(i,s,o,g,r,a,m){i[‘GoogleAnalyticsObject’]=r;i[r]=i[r]||function(){
\n(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
\nm=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
\n})(window,document,’script’,’\/\/www.google-analytics.com\/analytics.js’,’ga’);
\nga(‘create’, ‘UA-XXXXXXX-X’, ‘auto’);
\nga(‘set’, ‘anonymizeIp’, true);<\/strong><\/span>
\nga(‘send’, ‘pageview’);
\n<\/script><\/p>\n
\n
\n
\n\/\/ Old Script
\nvar _gaq = _gaq || [];
\n_gaq.push([‘_setAccount’, ‘UA-XXXXXX-XX’]);
\n_gaq.push([‘_gat._anonymizeIp’]);<\/strong><\/span>
\n_gaq.push([‘_trackPageview’]);
\n( function() {
\nvar ga = document.createElement(‘script’); ga.type = ‘text\/javascript’; ga.async = true;
\nga.src = (‘https:’ == document.location.protocol ? ‘https:\/\/ssl’ : ‘http:\/\/www’) + ‘.google-analytics.com\/ga.js’;
\nvar s = document.getElementsByTagName(‘script’)[0]; s.parentNode.insertBefore(ga, s);
\n})();
\n<\/script><\/p>\nHow to Remove Personal Data from Google Analytics for GDPR Compliance<\/strong><\/h2>\n