Google Analytics Settings for GDPR

If your business operates in areas that are governed by the General Data Protection Regulation, some of the default settings of Google Analytics

must be modified to comply with the regulation. Follow these steps to ensure that your use of customer data remains in compliance with the GDPR.

Google Data Sharing Settings

Step 1: Update Google Settings

  1. Sign in to your company’s Google Analytics account.

  2. At the bottom of the left sidebar, choose Admin. Then, navigate to the account that you want to edit, if applicable.

  3. In the Account column, click Account Settings. Then, adjust the following settings to support GDPR requirements:

    Turn Off Data Sharing

    The default Google Analytics settings share your company data with Google and other parties, To turn off data sharing, remove the checkmark from the following settings:

    • Google products & services
    • Benchmarking
    • Technical support
    • Account specialists

    Accept the Data Processing Amendment

    The Google Ads Data Processing Terms describe how Google processes data, and the measures it takes to ensure data security for business that are subject to the GDPR. A record of your legal entities and contact information is also maintained with the amendment. To learn more, click the link in the message at the top of the page.

    1. Scroll down the page to Data Processing Amendment. Then, tap View Adjustment.

    2. Tap Review Amendment to read tead the Google Ads Data Processing Terms.  Then, tap Accept..

    3. To complete the DPA Administration details, click Manage DPA Details.

    4. In the Legal Entities section, click Edit ( ).  Then, do the following:

      • Enter the registered name(s) of your organization.
      • When complete, tap Save.
    5. In the Contacts section, click Add ( ). Then, do the following:

      • Enter the information for the first contact. Then, mark the checkbox of each applicable role.

        Primary Contact (Notification Email Address) The contact to whom notices are sent.
        Data Protection Officer (If applicable) The person who is designated to facilitate GDPR compliance,
        EEA Representative (If applicable) The person who represents customers outside of the EU regarding their GDPR obligations.
      • When complete, tap Add.

      • Repeat to add a contact for each role, if applicable.

    6. When complete, tap Save.

Step 2: Modify Your Google JS Libraries

Google supports three JavaScript libraries to measure website usage, depending on the Google product: gtag.js, analytics.js, and ga.js. To meet GDPR requirements, the standard code must be modified to:

Anonymize IP Addresses

  1. To anonymize the IP addresses used by Google Universal Analytics, add the following snippent to the analytics.js library on your web server:

    analytics.js
    ga(’set’, ‘anonymizeIp’, true);

    To learn more, see the Analytics.js Field Reference.

    If you use the legacy ga.js library, add the following snippet:

    ga.js
    pre>ga(’set’, ‘anonymizeIp’, true);</pre>
  2. To anonymize the IP addresses used by Google Tag Manager, set the anonymize_ip parameter to true in the gtag.js library on your web server.

    gtag.js
    gtag(’event’, ’your_event’, { ‘anonymize_ip’: true })

    To learn more, see: IP Anonymization in Analytics in Google Help.

Force SSL

To force all Google data to be transmitted over a secure socket layer (SSL), add the following snippet to the analytics.js library on your web server.

analytics.js
ga(’set’, ‘forceSSL’, true);

Step 3: Update Your Privacy Policy

Update your privacy policy to state that your company:

  • Uses Google Analytics
  • Masks IP addresses to hide personal information
  • Has turned off Google Data Sharing
  • Does not use other Google services in conjunction with Google Analytics cookies.