How to be GDPR compliant with DNN Google Analytics Advanced

Please note that this blog post is based on our own research and interpretation of the General Data Protection Regulation (GDPR). We can’t guarantee that the information provided here is correct and complete. To be safe, please contact your legal counsel to make sure your organization meets all requirements to be GDPR compliant.

The General Data Protection Regulation (GDPR) is a European Union (EU) data privacy regulation that goes into full effect on May 25, 2018. If you use Google Analytics in your DNN environment, you might have some actions to perform.

The purpose of the blog post is to summarize the actions you should execute and how they can be performed easily with our module DNN Google Analytics Advanced.

Enable IP anonymization

You should enable the Google Analytics feature for anonymizing the IP addresses. If you use our module DNN Google Analytics Advanced this can be done by activating the checkbox “Anonymize IP” in the portal settings (see our documentation for more details).

If you already collected tracking data with Google Analytics before enabling the IP anonymization, you should delete the property including all its data and create a new one.

Include an opt-out option in your data privacy

You should provide an option for your visitors to opt-out from the Google Analytics tracking in your data privacy. You should link Google’s “Google Analytics Opt-out Browser Add-on” (link) and provide a cookie opt-out option for browsers that are not supported by the add-on. If you use DNN Google Analytics Advanced you can use the following HTML code that creates a link which uses JavaScript to set the opt-out cookie (see our documentation for more details):

<a href="javascript:weweave.dnngaa.optOut()" onclick="alert('Opt-out successful');">clicking this link</a>

Use “User-ID feature” only after opt-in

You should disable the “User-ID feature” unless you have explicitly asked your (registered) users for their permission to enable this feature. If you do not have your users’ opt-in and you use DNN Google Analytics Advanced, make sure “Enable User-ID feature” is disabled in the portal settings (see our documentation for more details).

Update your Google Analytics account

You should accept the “Data Processing Amendment” in your Google Analytics account (under Admin > Account Settings > Data Processing Amendment).

For each property you should also update the “Data Retention” settings (under “Tracking Info”) and set “User and event data retention: 14 months” and “Reset on new activity: Off”.

Make sure page titles and URLs do not contain personal information

You should make sure your URLs and page page titles do not expose any personal information like e-mail addresses or names. Especially make sure that such information are not passed from one page to another by using the URL query string (like …[email protected]).