Integrating Google Analytics on your WordPress site is a common practice for tracking user behavior. However, compliance with GDPR and ePrivacy regulations is crucial. This guide helps you achieve compliance while seamlessly integrating Google Analytics and Google Tag Manager through AesirX Analytics & Consent Management Platform (CMP). As a bonus, you also gain first-party analytics with AesirX, reducing reliance on third-party tracking.
Compliance Risk: Using Google Analytics and Google Tag Manager without explicit and informed consent is not compliant. Read More to understand the legal requirements and risks associated with consent. |
Overview of the Approach
AesirX CMP handles consent for both Google Analytics and Google Tag Manager while ensuring all data collection aligns with GDPR and ePrivacy standards. Initially, you can keep using Google Analytics, and as you gain confidence in AesirX, consider transitioning to its first-party analytics for a more privacy-focused setup.
Step 1: Prepare Your WordPress Site
- For Existing Sites:
- Ensure your WordPress core, theme, and plugins are up-to-date.
- Perform a site backup before proceeding.
- For New Installations:
- Set up WordPress on your hosting provider.
- Choose a responsive theme and install essential plugins for SEO, security, and performance.
Step 2: Set Up Google Analytics and Google Tag Manager
For Sites Already Using Google Analytics and Google Tag Manager:
- Backup Your IDs:
- Save your Google Analytics Tracking ID and Google Tag Manager Container ID for later use.
- Remove Google Analytics and Google Tag Manager from Your Site:
- Deactivate and Delete Google Analytics Plugins:
- Go to Plugins > Installed Plugins, deactivate and delete the Google Analytics plugin.
- Remove Google Tag Manager Scripts:
- If you have manually added Google Tag Manager scripts to your WordPress theme (in the header or footer), remove these scripts.
- If you used a plugin to install Google Tag Manager, deactivate and delete the plugin.
- Leave Existing GTM Tags:
- You can keep existing GTM tags. After adding the IDs to the AesirX Consent Template (in step 3), AesirX will automatically use the tags already in your theme.
- Deactivate and Delete Google Analytics Plugins:
For Sites Without Google Analytics and Google Tag Manager:
- Create Google Analytics and Google Tag Manager Accounts:
- Set up accounts for Google Analytics and Google Tag Manager.
- Copy the tracking and container codes provided for later use.
Step 3: Integrate AesirX’s Consent Management Platform
With Google Analytics and Tag Manager temporarily removed, proceed with setting up AesirX Analytics & CMP:
- Install the AesirX Analytics & CMP Plugin:
- In your WordPress dashboard, go to Plugins > Add New and search for "AesirX Analytics".
- Click "Install Now" and then "Activate".
- Create an AesirX Account and Obtain an Analytics License:
- Register on the AesirX Sign-Up Page and choose “First-Party Analytics”.
- Receive the license ID and a confirmation email to finalize the account.
- Configure AesirX Analytics:
- Navigate to Settings > AesirX Analytics in your WordPress dashboard.
- Configure server setup (internal or external) and ensure consent is required before data collection.
- Paste your solution key and click “Save” to apply changes.
- Set Up Consent Templates: AesirX supports both basic and advanced consent modes compatible with Google Consent Mode V2.
- Simple Consent Mode: No data is collected until users provide explicit consent - ideal for strict GDPR compliance.
- Default Template: Tags load immediately, with minimal, non-identifiable data sent to Google/AesirX until consent is given - ideal for balancing privacy and data collection needs.
- Steps:
- Go to AesirX BI > Consent > Consent Templates.
- Input your Google Tag ID and Google Tag Manager ID.
- Choose your preferred consent mode and customize the consent text.
- Click “Save”.
Step 4: Implement Site-Wide and Opt-In Consent
To comply with GDPR and ePrivacy, manage user consent effectively through a two-tiered approach:
- Site-Wide Consent:
Customize Site-Wide Consent:
AesirX integrates automatic site-wide consent, prompting users to provide general consent before loading any tracking scripts or third-party services. Customize the consent text to be clear and informative.
- Go to AesirX BI > Consent Templates and update the consent text.
- Example Text:
“We use AesirX Analytics and Consent Management Platform (CMP) to manage your data preferences. You can choose to:
Data may be used for profiling, analytics, and marketing, including Google, Google Tag Manager and AesirX Analytics tracking per our Privacy Policy.” |
Note: Please include any other third-party services as applicable in your implementation. For step-by-step instructions, refer to our How-To Guides.
Handling Consent Rejection:
If a user rejects consent, explain the limitations and suggest using decentralized methods for better control. Currently, you can't customize the site-wide rejection message.
To manage rejections effectively, switch to opt-in consent. This allows you to handle rejections on a case-by-case basis. Follow the instructions in the opt-in consent setup guide.
Revoking Consent:
AesirX supports decentralized consent management via a wallet and Shield of Privacy (SoP). Users can revoke consent directly on the site or through the AesirX dApp. This process ensures that data collection stops immediately and gives users full control over their data, enhancing compliance and trust.
- Opt-In Consent for Specific Functionalities:
For features like payment processing or customer support tools, use opt-in consent to activate third-party services only after explicit user approval. This approach minimizes data collection, limits third-party sharing, and enhances user trust by clearly explaining how their data will be used.
Customize Opt-in Consent:
- Example JavaScript for Opt-In Consent: (Use Site Consent and Opt-In Consent in Combination)
<script>
window.optInConsentData = `[
{
title: "payment",
content: "<div>YOUR_CONTENT_INPUT_HERE</div>",
}
]`;
</script>
- Optional Configuration: Replace Site Consent with Opt-in Consent
<script>
window.optInConsentData = `[
{
title: "payment",
content: "<div>YOUR_CONTENT_INPUT_HERE</div>",
replaceAnalyticsConsent: "true",
}
]`;
</script>
Handle Reject Consent:
- If a user rejects consent, display a message indicating that consent is required for the functionality to work.
- Example:
- Wide-site consent:
window.funcAfterReject = async function () {
// Show a message or label indicating that consent is required
alert(
"Consent is required for this functionality to work. We use this third-party service for [specific purpose], and it cannot operate without your consent"
);
};
-
- Opt-in Consent:
window.funcAfterRejectOptIn = async function () {
alert(
"Consent is required for this functionality to work. We use this third-party service for customer support, and it cannot operate without your consent."
);
};
Notify Users About Consent Status:
- Inform users if they have rejected consent and how it affects their experience on the site.
- Example Notification:
document.addEventListener("DOMContentLoaded", function () {
if (sessionStorage.getItem("aesirx-analytics-consent") !== "true") {
alert(
"Consent is required for payment processing through [Payment Processor Name]. We cannot complete transactions without your consent. Please adjust your preferences to continue using our payment services with [Payment Processor Name]"
);
}
});
Customize Consent Messages:
- Edit your consent forms to include clear information about the use of these third-party widgets and the purpose of data collection.
- Example Alert Text: “We use a payment processor to handle transactions. To process your payment, we need to track and collect data related to your order. This includes sharing relevant information with the payment processor. If you do not consent to this data sharing, you will not be able to complete your purchase. For more details, please refer to our Privacy Policy.”
Installation Tip: When setting up AesirX Analytics & CMP for compliant consent handling with Google Analytics and Google Tag Manager, follow this approach:
Implement a site-wide banner that gathers general consent for data collection, including Google Analytics, Google Tag Manager, and AesirX Analytics + CMP. This ensures that these tools and necessary site functions are covered under the site-wide consent, allowing your website to operate smoothly while staying compliant with GDPR and ePrivacy regulations.
Use opt-in consent for third-party tools related to specific functionalities, such as payment processing, CRM systems, or AI chatbots. This ensures data is collected only after users explicitly consent, supporting data minimization and improving user experience while maintaining compliance.
By integrating AesirX Analytics & CMP, you not only achieve compliant consent management but also gain access to privacy-focused, first-party analytics. Unlike Google Analytics, which relies on third-party data, AesirX Analytics collects data directly from your visitors. This allows you to compare insights between Google Analytics and AesirX Analytics, showcasing the benefits of first-party data. You'll experience firsthand how AesirX’s direct data collection delivers more accurate and privacy-conscious insights into user behavior. |
Step 5: Utilize AesirX Tools for Enhanced Compliance
- First-Party Server:
Transitioning to AesirX’s first-party tools significantly enhances performance and scalability. While the AesirX Analytics WordPress Plugin defaults to using the internal WordPress database for data storage and processing, opting for a dedicated first-party server offers even greater benefits.
Configuring your own server allows you to optimize performance for your site’s specific needs, effectively scale resources to handle increased traffic, and maintain complete control over your data. This setup ensures that your data is hosted and managed entirely within your own infrastructure, free from third-party limitations. For detailed guidance on implementing and configuring your first-party server, refer to our First-Party Server How-To Guide.
- Privacy Scanner:
Regularly use AesirX Privacy Scanner to monitor and ensure ongoing compliance. The Privacy Scanner helps ensure that your site adheres to the ePrivacy Directive and GDPR by identifying non-compliant elements such as cookies, trackers, and beacons. It provides detailed compliance reports and actionable insights for resolving detected issues. For detailed instructions on using the Privacy Scanner, refer to our Privacy Scanner How-To Guide.
- Privacy Monitoring:
Implement AesirX’s Privacy Monitoring to continuously track and manage privacy compliance on a daily, weekly, monthly, or custom schedule. These services provide real-time updates and alerts on any changes that could impact your compliance status, ensuring you stay informed and can take prompt action when needed. Discover how to set up and utilize privacy monitoring in our Privacy Monitoring How-To Guide.
Step 6: Ongoing Monitoring and Optimization
To maintain compliance and ensure optimal performance, regularly review and refine your consent management setup:
- Test and Review Consent Records:
- Consistently monitor consent records in AesirX BI > Consent > Overview. This helps ensure that all consent activities are accurately tracked and aligned with compliance requirements.
- Update Consent Forms:
- Periodically update your consent forms to reflect any changes in data collection practices or third-party integrations. Keeping these forms current ensures that users are always informed about how their data is used.
- Verify Third-Party Integrations:
- Routinely check that all plugins and third-party services adhere to the consent choices configured through AesirX CMP. This ensures that your data practices remain compliant and transparent.
- Analyze Performance Metrics:
- Continuously analyze consent and engagement metrics in AesirX BI > Consent > Overview. Use these insights to refine your consent management approach and enhance the user experience.
By integrating Google Analytics with AesirX’s Analytics & CMP, you achieve a GDPR-compliant setup while benefiting from first-party data collection. This approach helps maintain user trust, ensures data privacy, and provides a solid foundation for managing consent across your site.
For more detailed guidance, explore AesirX’s resources on digital privacy and compliance management.