Privacy and GDPR compliance

Starting at 25 May 2018, GDPR comes in place.

Recommendations below are based on our experiences in systems we have. Goal is to use only cookies that are allowed, without confronting the user with a cookie popup.

This is only the case for functional cookies and session cookies.

Even when only using this kind of cookies, a cookie disclaimer is needed, which documents the need for each cookie.

Configure Google Analytics with GDPR complaince

  • Use the ‘anonymizeIp’ option in the tracking code, as documented here
  • Configure Google Analytics using the web interface to make it privacy friendly.

To make Google Analytics privacy friendly, log in to the web interface and check following options:

  • In Admin > Tracking Info > Data Collection; set Remarketing to OFF; set Advertising Reporting Features to OFF;
  • In Admin > Tracking Info > User ID: set I Agree to the UserID Policy to OFF

Configure embedded Youtube with GDPR compliance

When embedding Youtube videos in a webpage, use the domain www.youtube-nocookie.com.

Configure Social sharing widgets

We use a Social share component on some of our websites.

Disable the counter to prevent related sharing sites from creating cookies. Code fragment:

$("body").floatingSocialShare({
    ... // other options
    counter: false
    ... // other options
});

Privacy by Design, Privacy by Default

Privacy by Design and Privacy by Default are in general covered by following best practices for Software Development. Read the Wikipedia article to make sure that practices are covered.

A cookie disclaimer is a page on a website that describes cookies on the site and its purpose.

Visitors need to be able to disable non-functional cookies there.