Tutorials, WordPress

Adding the IP Anonymisation Tag to Universal Analytics Properties

Following on from the recent rulings within various EU countries about the transfer of personal data on sites using Google Analytics, there are some changes that all Google Analytics users need to be aware of. The changes are described briefly below along with instructions on how to rectify this on your website.

Does this affect all Google Analytics users?

In short, no. If you are using the new GA4 property then IP anonymisation is already taken care of. This change only impacts sites that are using the older Universal Analytics property.

How do I check which property I am using on my website?

You can do this in Google Analytics but the fastest way is to take a look at the header code on your website.

  1. Go to your website.
  2. Right click and select View Source. Now you need to search for a few different terms.
  3. First let’s eliminate Google Tag Manager. If you’ve installed your Google Analytics code using Tag Manager these instructions won’t work for you!

Search your page source for Tag Manager code

  1. Click Ctrl+F to open a Search box and type gtm then press Enter. You’ll drop down the page to the location of your any tag manager tags.

    In this search below you can see the tag is managed by a plugin. We can still check for instances of Google Analytics code but, if we don’t find anything, we can assume our GA properties are implemented via GTM.

Search your page source for GA4 Property code

  1. Click Ctrl+F to open a Search box and type gtag then press Enter. You’ll drop down the page to the location of your Google Analytics tag.

    In this search shown below you can see the gtag code is prefixed with “G-“. This means it’s a GA4 property, so no updates are needed to this site.

Search your page source for Universal Analytics Property

  1. Click Ctrl+F to open a Search box and type UA- then press Enter. You’ll drop down the page to the location of your Google Analytics tag.

    In this search shown below we found the Analytics code prefixed with “UA-“. This means it’s a Universal Analytics property and must be updated.

    Another thing to note is that the tag is installed with the older ga script denoted by “ga” rather than “gtag”. The steps to update this are slightly different – and will be posted here shortly!) The best thing to do at this point is replace the ga tag with the gtag. Then you can continue with these instructions.

Now you’ve identified whether or not you need to update you tag, you can follow the appropriate instructions below to make the changes.

How do I update Google Analytics on my WordPress website?

There are many ways to implement Google Analytics on your WordPress site. Some will give you more control than others.

If you are using the a plugin that allows you to edit the code that is inserted into the header, you can simply fix it by adding the anonymize IP parameter. The example below refers to the Header and Footer plugin. Read this post for instructions on using this to add your Google Analytics property code to your website.

  1. Copy and paste the below code block into the Header section of the Header and Footer plugin.
gtag('config', '<GA_MEASUREMENT_ID>', { 'anonymize_ip': true });
  1. Replace <GA_MEASUREMENT_ID> with your UA property tag (e.g., UA-12345678).
  2. Delete the old line of code starting with gtag etc.

If you’re unable to edit the code (perhaps because the plugin links to your GA account and doesn’t have an edit option, I recommend you remove the plugin and install it again using the method described in this post about installing Google Analytics with the Header and Footer plugin.

How do I update Google Analytics on my Wix website?

  1. Login to your Wix website Dashboard.
  2. From the menu selection Marketing & SEO and then Marketing Integrations.
  3. Select Google Analytics and then View.
  1. Click the blue button and select Edit.
  1. Here you can see whether you have the GA or the UA tag installed.
  2. Check the IP Anonymisation option (if not already selected) and then Save your changes.

That’s it!

Note: It is only possible to implement GA on a Premium subscription to Wix.

How do I update Google Analytics on my SquareSpace website?

How you update Google Analytics will depend which of the two possible ways you used to set it up in the first place.

Method 1: Using the External API

  1. First check this method.
  2. Select Settings then Advanced.

If you have GA setup this way you’ll see the tracking code here.

Unfortunately, it’s impossible to update the actual content of the code if you have setup GA up with this method as, unlike in Wix, there isn’t an option for IP Anonymisation, so you should

  1. Make a copy of the Google Analytics code (cut and paste it into a note or text file) then delete it.
  2. Follow the steps in Method 2 to setup and amend the code.

Method 2: Using Code InjectionDon’t panic – this is not as dangerous as it sounds.

  1. Select Settings and then Advanced, then Code Injection.
  2. Copy this block of code into the Header section.
<!-- Global site tag (gtag.js) - Google Analytics -->
<script async src="https://www.googletagmanager.com/gtag/js?id=YOURPROPERTY"></script>
  window.dataLayer = window.dataLayer || [];
  function gtag(){dataLayer.push(arguments);}
  gtag('js', new Date());
  gtag('config', 'YOURPROPERTY', { 'anonymize_ip': true });
  1. Change the text that says YOURPROPERTY to the property code (starting with G- or UA-) that you copied from the previous section.
  2. Click Save.

And breathe.

Checking Google Analytics still works

After making changes like this it’s useful to be able to check that it is all working.

To do this go to SiteChecker Pro and insert the URL of your website. Just click the blue arrow button to check the result.

If you like found this post helpful and want to support me, please click the button below!

What if you need help?

If you don’t like the idea of messing with code of feel daunted by the idea of doing this yourself, you can book my time for the Google Analytics Quick Fix. In this time I can check your Google Analytics on any website, make any updates, or implement a completely new tag. Book it now!

Tools & Tips

Your Website and GDPR: Privacy Policy and Consent Copy

In my previous post, Are You GDPR Ready?, I suggested seven steps you should take to get ready for GDPR. In this post I’ll address numbers two and three:
How to Publish a Privacy Policy on your site to gain your user’s consent and Implement an Opt-In policy.

Publish Your Privacy Policy

Step 1:  Write Your Privacy Policy

Yes, the first thing to do, if you don’t already have one, is to write the policy. The new regulations advise businesses to use ordinary language so the best way to do this is to write it yourself. Take a look at the one on this site and also take a look at others, ideally for businesses similar to your own. Assuming you’ve done your audit already, you should understand exactly what data you have, how and why you use it, and where and how it is stored. All of that information needs to go into your policy document.

Step 2: Publish the Privacy Policy

To publish this to your site, create a new page for your website or blog and copy the policy text there.

It’s good practice to make this easy to find, so add a link to it from your website’s menu or somewhere out of the way but not hidden, like the page footer.

Step 3: Share Your Privacy Policy with Visitors to Your Site

If you have a website built around one of the many CRM platforms – Joomla, WordPress, SquareSpace, or Wix – the developers are ahead of the game, and there are a number of plugins that will make your work easier.

This site, based on WordPress, uses the plugin called GDPR by TrewKnowledge. It’s easy to set up and requires linking to your privacy policy page and some text added for the cookie consent popups. It has a bunch of other advanced features that you can use, if you need to.

Search Google and you can easily find similar tools for the other platforms listed above. If you’re not sure what any of this means, ask your web developer for help but don’t ignore the issue! It’s a necessary step in ensuring your site (and therefore your business) is compliant.

If you’ve got a static website, the simplest way to do this is make your new privacy policy page the landing page for your site. That way you know anyone who visits your site will have read it. Create a link to your main site, hidden behind the policy page, and require them to click link text that makes it clear that by clicking on the link to accept the site they accept the policy.

The downside of this approach is that it’s fairly unsophisticated: anyone visiting the site again will again be taken to the same policy page and will be required to consent on each repeat visit.

Implement an Opt-In Policy

If you collect email addresses for a mailing list or use forms, you need to ensure that users opt-in to any use of or storage of their data.

Opt-In to Mailing Lists

Most mailing list forms require the user to enter their name and email address before clicking a button to submit the form. Make sure that your text explicitly states how this information will be used (e.g., “in order to send you the weekly newsletter”, or whatever) whether or not it will be shared with or used by third parties, and anything else relevant to the person signing up in order that they can consent to it. You then need to ensure that any emails that are sent to the list, including any welcome message, makes it clear how the person who has signed up unsubscribes. That’s pretty standard stuff these days, but it’s worth checking that you have your house in order.

Opt-In for Forms

For contact forms, you must add a check box alongside a statement requiring consent for the data you provide to be used and stored. It’s also worth putting a link to your privacy policy but that alone is not good enough: you need to spell it out to the user there and then, in order that they can consent. An example of this is to say: “By submitting this form you consent to [company name] using and storing my information in order to respond to my inquiry.”

As with anything, there is more you can do but for small business and organisations it’s unlikely they will be necessary.

Disclaimer: This information is intended as guidance only. It is not a substitute for legal advice and is based on personal research conducted by the of the author. Ensuring your business is GDPR compliant is the responsibility of your Data Controller. 

Now read part 3 in this series.

In the next post find out how to makes sure files you create and store, on your laptop or other device, are secure.

Image credit: iStock.com/oatawa

Do you need help? Contact me now to arrange a personalised tech support or training session.

Your Computer and GDPR: Secure File Storage and Encryption

If you’re running a business you will definitely be storing and using personal data. That means you have obligations under the new GDPR rules. In my last post, Your Website and GDPR: Privacy Policy and Consent, I described what’s needed to get the online side of your business compliant. But what about any files, documents, or invoices, or any other records you keep? This post will explain ways to ensure your customer records are secure.

Know What, Why & Where Information is Stored

When you audited your business (you’ve done that, right?) you will have created a list of the types of information you hold, why and where. In all likelihood this will include some electronic files stored on your local computer and maybe also paper copies or other paper-based records.

For example, maybe you keep it all in entry in your Outlook address book, or you might have a customer-registration form, or a database entry in a CRM application.

If you’re creating electronic copies, are they backed up anywhere? Are you backing up to a physical drive or to the cloud? Is your cloud storage secure, in the EU,  and GDPR compliant?

Any method of collecting or storing data falls under GDPR, so read on to find out ways to ensure your computer and any paper copies of files, and therefore your customers’ data, are protected and secured.

Storing Digital Records and Files

Using a Third-Party Tool

If you are using a third-party application, for example, using an application like Wave or Freshbooks to generate and track your invoices, you will have to check on the GDPR compliance policy of that company. Most companies are busy working towards compliance but the onus is on you to check. Because any software like that will require you have an account with a secure login process, as long as the company says they’re compliant, you’re probably good to go: just make sure your password is as secure as it can be. If you’re not using one of the many password manager tools, now would be a good time to start (although they come with their own risks, of course!)

If you’re not sure, get in touch. Most software providers are fully aware of the demands being placed by the new GDPR rules and are keen not to lose business due to non-compliance.

On your Computer

If you are keep data locally, on your PC, you need to know where this is so you can find it to provide it on customer request and/or remove it. And it needs to be secure. The question to ask yourself is this: if someone steals my computer, my phone, my iPad (or whatever piece of tech you store your files on) can the personal data of my customers be accessed? If the answer is yes, there are a few simple things you can do to lock that information down.

Encrypt Your Computer, Files and/or Folders

First, you need to ensure that your PC and the files you stored there are encrypted, which is just a fancy word for password-protected.

You want to make sure your PC is locked. Think about whether someone who finds or steals your PC could open it and start working without having to jump through any security hoops. Make sure you have a login password, pin, or fingerprint scan set up to enable access your device.

Then, make sure you have an encrypted folder specifically for any files that include customer data. There are several ways to do this: you can pay for software, you can use a ZIP or other password-protected archives in place of folders  for customer files (a bit clunky, but it would do the job), or – chances are you can use software that is already installed on your computer, either bundled with the OS or as part of your internet security package. If you’re running paid-for software from one of the main internet security companies it’what’s available. For example, Kaspersky Total Internet Security provides a tool called Secure Folders and Comodo Internet Security has Protected Data Folders. No need to spend any more money. Bonus.

Secure your Backups

Backing up to The Cloud

If you’re backing up to The Cloud (think Google Drive or Dropbox) you need to ensure that their service is secure and GDPR compliant. More and more of us are using cloud storage these days, but as that will involve passing digital information from your computer to the cloud how secure is that really? Is encryption used when the files are transferred? Is it a US or EU based company? What happens in the event of a data breach? Where the data is stored?

And it’s not so simple as you think: lots of us use Google Drive nowadays and while it’s really easy to backup your files using their Backup and Sync tool, which is fine for your personal files, unfortunately (at least at the time of writing) it’s not a workable option for your customer files. Why? Because Google have said that unless you’re paying for the service as part of a My Business account, Google Drive (personal) is not GDPR compliant.

Backing up to an External Drive

If you’re backing up to an external drive, you need to make sure that access is encrypted. As with your physical computer, ask whether someone who took your drive could open it and access your files. Protected your device and your files in the same way you would on your computer.

Secure your Hard Copies

So much for the paperless office. We all end up with paper copies of some sort – and some of us prefer to keep records that way. If you are keeping records on paper, the question re security goes back to the what happens if someone accesses your files. In the same way that you are responsible for protecting electronic files, you’re required to ensure paper files are secure. With paper files that means keeping them under lock and key. That means getting a lockable draw or filing cabinet – ideally something fireproof, just to be sure – and locking them away.

And Last Steps…

Lastly, document it all. You should have all this in a single file as the result of your audit. If not, now would be a good time to do it.

Image credit: iStock.com/drogatnev

Disclaimer: This information is intended as guidance only. It is not a substitute for legal advice and is based on personal research conducted by the of the author. Ensuring your business is GDPR compliant is the responsibility of your Data Controller. 

If you need help with this or any other aspect of your home or business IT, contact me to arrange a free consultation.

Zeros and Ones with a Padlock and text " Are You GDPR Ready?"

Are You GDPR Ready?

What is GDPR?

From May 28th the new general data protection regulations (GDPR), Regulation (EU) 2016/679, come into effect. These will give individuals far greater control over their personal data, with the scope of what constitutes personal data greatly enhanced to include:

“any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;”

For businesses in or trading within the EU, this means much tighter controls need to be in place to ensure that the terms of the GDPR are not being breached. The full text of the regulations is available online from the GDPR Info website and is required reading for anyone who is responsible for data within a company of any size and all sole traders.

For small businesses, this may seem daunting, but there are a few simple things you can do.

7 Steps to Get Ready for GDPR

  1. Audit all the personal data you use or hold. This means information for customers, visitors to your website, newsletter or mailing list subscribers. This means data you hold or collect both on and offline.
  2. Publish a Privacy Policy on your site. This must be written in plain and readable language and clearly state what information you use and hold, why it is used, where it is held (if it is stored), and how individuals can request details about their personal data and also request its removal.
  3. Implement an Opt-In policy. For your website, this means you need to ask every visitor to your site whether they are happy with your Privacy Policy before they access the site and any information is transmitted.
    For any mailing list subscribers, you need to contact them asking them to confirm that they are accept your privacy policy and wish to continue their subscription.
    And any forms on your site need a consent button, so people know what information you will hold and an opt-in for any related mailing lists.
  4. Move your site from HTTP to HTTPS. This is vitally important if you run an online store or accept credit card details. It’s less of a priority for non-commercial sites but does give your visitors a level of reassurance and also has advantages for your site’s SEO.
  5. Update your Terms & Conditions. These must specify what data you hold, why, where, and how customers can find out about this. Communicate any changes to an existing policy to your customers.
  6. Document your Data Retention Policy. Know what you are storing where so that if someone asks what you are holding or asks for information to be deleted, you can easily find it and comply.
  7. Ensure all Personal Data you hold is stored securely. This means checking that any cloud storage you use is GDPR compliant (for example, Google Drive is not unless you have a My Business account), and any files that you keep in your home or on your laptop are secured, either with a physical key or with a digital one.

Now read part 2 in this series.

In this next post find out how to makes sure your website is GDPR ready by publishing your privacy policy and obtaining consent from new visitors.

Image credit: iStock.com/Matthew de Lange

Do you need help? Contact me now to arrange a personalised tech support or training session.