Require explicit opt-in when a user comes to your website

While US-based companies are able to have a user opted-in by default, websites operating in the EU need to get permission from users before they can begin capturing user data. One exception to this rule is "strictly necessary" cookies, which are required for the functionality of the website. Websites can either use a custom solution to manage consent, or use a variety of consent tools, including Cookiebot, OneTrust, or Evidon/CrownPeak.

Anonymize IP addresses

IP addresses are considered PII (personally-identifiable information), and a whole extra set of rules applies to PII data under GDPR. While it isn't impossible to collect IP addresses and be GDPR-compliant, for most tools, like Google Analytics, it's safest to anonymize IP and avoid potential issues.

Switch to server-side tacking and ensure the server(s) are based in Europe

Various law suits have been seen in European courts regarding data processing in the US. While processing data in the US isn't a violation of GDPR per se, the relatively lax privacy laws in have EU officials insisting on keeping processing in the region. We can help you set up EU-based servers to avoid potential issues.

Disable GA demographic reporting

Opinions vary as to whether GA's demographic and interest reporting complies with GDPR. We aren't lawyers, but we recommend playing it safe and disabling demographic/interest reporting in GA.

Review website URLs for PII

Similar to the IP anonymization recommendation, avoiding PII in platforms like Facebook Ads and Google Analytics is important, if not required. Your website may be exposing 

Still unsure about GDPR, CCPA, or other privacy regulations? Reach out and we can help!