Ideal GDPR Setup & Key Takeaways
Google Tag Manager
& GDPR
Google Analytics &
GDPR
Google Ads Conversion Tracking & GDPR
Facebook Pixel
& GDPR
It’s a fact that GDPR comes with many challenges, and it is not always easy to find answers to these questions:
We have prepared this guide to help you execute & improve your GDPR-compliant tracking and targeting. As Shopify experts, we are going to discuss the Shopify environment but the facts you can find here easily apply to all businesses. As a business, you need to:
To be GDPR compliant so that you do not get fined - and to give users a way to protect and manage their privacy.
To make sure your tracking & targeting work when the users provide consent.
The problem with most GDPR solutions is that they overdo this. It causes your tracking to be interrupted even when the user provides their consent due to a wrong implementation.
To exemplify this, most GDPR apps block the Google Tag Manager containers by default because the GTM’s cookie is not defined in their list. However, the GTM itself is not against GDPR and it has a consent mode. It has the feature to trigger the tags according to the user’s consent.
You can respect the user’s privacy and be GDPR compliant while keeping the tracking and marketing capabilities at the maximum level according to the user’s consent. So, the following takeaways will both protect the user and your business.
What should Shopify merchants do to be GDPR compliant?
Oftentimes, GDPR solutions overlook or ignore Google Tag Manager (GTM). They either don’t classify it correctly or they block it outright. Google Tag Manager can actually be a big help to make your Shopify store GDPR compliant.
In fact, GTM should be treated specifically from a GDPR standpoint as it might carry out a lot of TAGS that are super useful for tracking & targeting.
Ideally, GTM should be in the ‘strictly necessary’ cookies/scripts section. Yet, it should NOT TRIGGER any tag before the user provides consent.
The consent data should be passed to the GTM instantly (not on the next page) preferably using data layers.
GTM should trigger the related tags according to their categories and users’ consent using GTM’s Consent Mode or a manual setup based on triggers.
As the Analyzify team, we have asked our GDPR solution partners to adjust their setup accordingly. Thanks to our partners; Analyzify Google Tag Manager Integration works seamlessly for Shopify merchants.
Keep in mind that while your store is GDPR-compliant, you are also capturing all the data possible within the user’s consent.
Google Analytics is definitely not a GDPR friendly tracking tool by default as it creates many cookies and stores the user’s data.
However, as it is the most popular tracking solution; almost all GDPR apps on Shopify (including Shopify’s Customer Privacy app) block the scripts and cookies by default and only trigger them when the user provides consent.
You can never be sure about it before you actually test it yourself because Google Analytics scripts might be integrated with your website in many different ways, and your GDPR solution might be blocking only the main integration.
Two common examples below might not be blocked with common Shopify GDPR solutions unless you have a completely proper GDPR integration:
You should be careful with your Google Analytics integration to be fully GDPR-compliant. Make sure to follow our step-by-step GDPR checklist for Shopify merchants.
We have requested our GDPR solution partners to make the necessary changes. Now, Analyzify Google Tag Manager Integration works effortlessly for Shopify merchants thanks to our partners.
Note that while your business is GDPR compliant, you’re tracking all data you can with the user consent.
Google announced “consent mode” to minimize the harm caused by tracking. Here’s what Google tells us to do:
As you can see on the related help center page by Google, if the user permits the ad_storage=’granted’ and analytics_storage=’granted’; everything will work as it used to do in the Pre-GDPR era.
And if “ad_storage=’denied’:” by the user then
If you trust Google and use the consent mode, you do so at your own risk. Don’t forget that it is your responsibility – not Google’s – if your company is not GDPR-compliant.
Analyzify’s GDPR integration works with Google Consent Mode by default. However, you always have the option to remove this.
The information you are going to get here is taken from Facebook’s related guide.
Facebook simply tells you to fire Facebook Pixel on each page but also to attach the user’s consent preference within the pixel so that they’ll process the data accordingly.