Do you have clients / website visitors from the EU / EEC?

If so, then GDPR applies to you.






1. Do you use Google Analytics or any other website traffic tracking tool? If so, then audit your data collection process in order to make sure that you are NOT collecting and/or processing any so called PII (Personally Identifiable Information). Note: IP address is considered PII under GDPR. Here some best practices to avoid sending PII recommended by Google.






2. Turn on IP anonymization by editing the code directly or You can also use Google Tag Manager in order to make sure that IP addresses are anonymized.




3. Review the collection of Pseudonymous Identifiers such as user IDs and transaction IDs. Also, make sure that your privacy policy is up to date and clearly reflects the way of such data collection, the usage and purpose of such data. Such Pseudonymous Identifiers can only be collected after gaining explicit consent from the users.







4. Only deploy Google Analytics tracking or any other tracking practice, if you already have the user’s consent (via opt-in form). You can utilize some advanced feature of Google Tag Manager to achieve this. You can build your own cookie consent form or you can use 3rd party tools.



5. Make sure that your privacy policy gives an easy to understand answer to at least the following questions:

  • What exact information is being collected about the website visitors?
  • Who and how is collecting it?
  • How long will the data be stored?
  • Why is it being collected?
  • By Whom and how is it being processed and used?
  • What will be the effect of this on the users?
  • What are the potential risk?
  • What right does the visitors have regarding their data?
  • How can the visitors file a complaint / request to remove any information about themself?


6. Follow the experts and never stop learning: