2. #MeasureCamp @philpearce
Web Analytics
Exchange mentor
750 GA
questions answered
Tracking
protection group
(DNT)
Welcome
Phil Pearce
Analytics Expert & Master of the Dark Arts
Accelerate-Agency.com
@philpearce
linkedin.com/in/philpearce
3. Just a quick Leia Disclaimer...
#SPWK @philpearce
I`m not her!
13. 2 Strikes… before fine
For any new law… there will be a grace period
to account for accidental non-compliance or to
give large enterprise time to adjust their systems
18. PERC vs GDPR
PERC GDPR
IP Address Not personal data Personal Data
UserID Not personal data Personal Data
TransactionID Not personal data Personal Data
Cookie Identifier Not personal data Personal Data
Device Signature Not personal data Personal Data
Standardisation Different in EU countries Harmonised Across EU
Charge for Subject
Access Request
£10 Free
Max fine £500,000 £17,500,000
22. How to avoid being fined…
Principles…
1. Notify & provide reason for data collection
2. Allow users to View/Edit/Delete their data
3. Special Categories of Data require Consent
4. Consent must be Pro-active tickbox
5. Any financial decision based on user-data
must have consent, such as pricing
personalisation
30. GTM
Accept GDPR
AnnonIP
CD20 for consent
CD19 for consentTimeStamp
2year to 1.5yr cookie
Disabled Remarketing
non-loggined
new users
IP resolves to EU
42. Mistakes to avoid implementing
1. Mobile popups
2. Asking for consent on Newsletters
3. Triggering Adwords pop-up on
landing page cpc fine
4. Asking users in China or USA for
consent
5. Excessively confusing pop-ups
46. Google Adwords privacy cpc tax
SSL as ranking signal SERP ranking
organic bonus.
Google “trusted stores” program
Note: See “Privacy as a ranking factor slides” and TrustFactor video.
48. Light Score
1. Do you have a Privacy Policy? +1
2. Do you link to Privacy Policy on global footer(or header) try.powermapper.com +1
3. HTML links on Privacy Policy:
• Do you mention you use cookies OR link to “How Google uses cookie data“
www.google.com/policies/privacy/partners/ +0.25
• Do you mention the word “Do Not Track” or DNT on privacy policy +0.25
• Link to GA opt-out plugin OR GA opt-out page +0.25
• Link to DoubleClick remarketing opt-out OR Adchoices link +0.25
4. Has your Privacy Policy has been updated within the last 12months +1
5. If your using session recording (e.g. ClickTale) have you set sensitive fields to either
type=password OR have relevant class: <input id="CreditCardPin" class="tracking-
sensitive ClickTaleSensitive -metrika-nokeys“type="text"> +1
6. Is AnonymiseIP enabled for EU Visitors +1
7. Is GTM`s 2 stage authentication login setting enabled OR similar TMS setting +1
8. Do you have a GA custom email alert for URLs containing “@” or “@gmail” +1
9. GA exclude traffic from robot setting is enabled +1
10.You have actioned atleast one GA heathcheck alert +1
Ref: www.google.com/analytics/terms/us.html
[n] / 10
50. Darkness and the
Light - scorings
10 Yoda
6-8 Luke
3-5 Leia
0-2 Chewbacca
0 Neutral Zone
- 0-2 Darth Maul
- 3-5 Count Dooku
- 6-8 Darth Vader
- 10 Darth Sideous
Light
score
-
51. Dark Score
1. 3rd party cookies are being deployed on your website -1
2. Have not enable frequency capping on Display network -1
3. UserID tracking is enabled, but not declared to users on privacy page.
4. GA`s data append via CSV upload (dimension widening) for userID as a
customDimension using sensitive data (e.g. Financial grouping/status
based on users postcode/address) -1
5. Using Device Signature (Android App only) -1
6. Email address stored in GA url report -1
7. Storing passwords in GA URL report -1
8. Respawn of users sessionID cookie, after the user tries to clear cookie -1
9. Using any of the techniques mentioned on evercookie -1
10.Using opt-in ClickJacking to install a trojan virus -100
[n] / 10
55. Darkness and the
Light - scorings
10 Yoda
6-8 Luke
3-5 Leia
0-2 Chewbacca
0 Neutral Zone
- 0-2 Darth Maul
- 3-5 Count Dooku
- 6-8 Darth Vader
- 10 Darth Sideous
Light
score
Dark
Score
Sum
of both
- - -
57. If you got a dark score join these…
“MOA code of conduct” or “DAA code of ethics” will eventually introduce
one
www.digitalanalyticsassociation.org/codeofethics
www.moaweb.nl/Richtlijnen/internationale-gedragscodes-en-richtlijnen/2012-09-17%20GRBN%20Code%20Comparison.pdf/view
59. Links to resources
GDPR video playlist
https://www.youtube.com/watch?v=PMHO2T1p0g8&index=68&list=PL45AABD8BB96D3785&t=0s
CookieLaw video playlist
https://www.youtube.com/playlist?list=PL45AABD8BB96D3785
checklist
https://www.omnisend.com/blog/gdpr-for-ecommerce-definitive-guide-free-gdpr-checklist/
essentials blog post by webguild
https://www.thewebguild.org/news/gdpr-essentials-for-web-developers-and-site-owners
post on GooglePlus
https://plus.google.com/u/0/+StephaneHamel-immeria/posts/YcnrmoQQpT4
GDPR view by a marketer
https://www.portent.com/blog/internet-marketing/gdpr-29-things-marketers-must-know.htm
vendor - HotJar Webinar
https://www.hotjar.com/privacy/gdpr-compliance-with-hotjar-webinar
vendor - WooCommerce
https://woocommerce.com/2017/12/gdpr-compliance-woocommerce/
GDPR supplier template
http://bit.ly/gdpr-supplier-contract