If you are running an honest small business, you are probably short on resources for GDPR compliance. Is there a simple bullet list of things to do to ensure that your analytics account & adwords account are GDPR compliant. Most of the blogs I've come across are full of legal mumbo-jumbo and screenshots of e-mail updates from Google.<p>I could gather this so far :<p>Google Analytics:<p>- Declare clearly what personal information is collected in your privacy policy. Any simple boiler plate avaible ?<p>- Have a cookie consent banner for EU that is opt-in i.e. no tracking cookies are set until the user says so. Hardly anyone is doing this yet.<p>- Use anonymizeIP function in google analytics i.e. : ga('set', 'anonymizeIp', true);<p>Google Adwords:<p>- Declare clearly what personal information is collected in your privacy policy. Any simple boiler plate avaible ?<p>- If you are using re-marketing, either disable it or let it be known in privacy policy ?
Hopefully this helps.<p>> Google Analytics:
> - Declare clearly what personal information is collected in your privacy policy. Any simple boiler plate avaible ?<p>If you only want to disclose what kind of personal information you collect, you don't need special clauses. Simply disclose what personal information you collect.<p>However, a Privacy Policy should include:<p>- What personal information you collect
- What are you doing with that information (the purposes)
- What controls users have
- Whom you share the information with (third parties)<p>> Google Analytics:
> - Have a cookie consent banner for EU that is opt-in i.e. no tracking cookies are set until the user says so. Hardly anyone is doing this yet.<p>You can have a look at <a href="https://privacypolicies.com/cookie-consent/" rel="nofollow">https://privacypolicies.com/cookie-consent/</a> as it's easy to implement with jQuery to categorize non-important cookies to not load before you get consent from users.<p>> Google Analytics:
> - Use anonymizeIP function in google analytics i.e. : ga('set', 'anonymizeIp', true);<p>Yes. This article, aimed at Rails developers, can help as well:<p><a href="https://pawelurbanek.com/gdpr-compliance-blog-rails" rel="nofollow">https://pawelurbanek.com/gdpr-compliance-blog-rails</a><p>> Google Adwords:
> - Declare clearly what personal information is collected in your privacy policy. Any simple boiler plate avaible ?<p>Same as above.<p>> Google Adwords:
> - If you are using re-marketing, either disable it or let it be known in privacy policy ?<p>You should disclose it in your Privacy Policy and inform users how they can opt-out from behavioral remarketing done by AdWords cookies.