Server-side tracking step by step.
Server-side tracking is probably one of the biggest trends in 2022. It touches many different departments – Ecommerce, Analytics, Digital Marketing, IT & Legal – which makes a complicated technology to select and consequently implement.
During the most recent Heroes of Data Privacy online conference, our Co-CEO and CTO Thomas Tauchner talked about the necessary steps people need to take to implement a server-side tracking solution – touching both the legal and the technical aspects.
Below you can find a summary of the steps he listed during his presentation. Alternatively, you can watch his presentation here.
Step 1: Read and get familiar with the Guidelines of the European data protection board (EDPB)
This point is critical to understand one essential part of the problem. So much has changed in tracking that any professional in online marketing and related fields should have some basic grasp of regulation and how “it can be solved”. The Guidelines of the European data protection board are a very good starting point. By the way, that’s also how we started when we focused on GDPR-compliance. You can read them here – Link.
Step 2: Get professional assistance from legal and technical experts.
Both the regulatory and the technical landscape is changing rapidly. As a result, it makes a lot of sense to get in touch with experts in these respective fields. Alternatively, especially on LinkedIn you can find many accounts that share important information about GDPR, ePrivacy, Tracking and much more. (be careful there are also a lot of wannabes out there).
Step 3: Select a European provider of server-side tracking.
If you want to ensure a GDPR-compliant server-side tracking setup, a European provider will be essential. This solution also needs to be hosted on European servers, which are themselves owned by a European company to make sure that the required data governance is given.
|This is a very critical part of this whole process. Please reach out to one of our experts if you want to know the key check points to select a GDPR-compliant provider. You can schedule a 15 min slot right here.|
Step 4: Identify the personal data you collect, process and transfer.
In order to comply with GDPR, which essentially handles how you can use personal data, you have to understand which personal data you actually collect and own. This way you can also determine which data you need to modify (pseudonymisation/anonymisation). The assistance from legal and technical experts can be useful here.
Step 5: Document your legal decisions
In order to take the next steps successfully you should document your legal decisions and link them to the guidelines of the EDPB.
Step 6: Assess & Guarantee the same level of data protection
Following these steps you can now make a transfer impact assessment and reach a conclusion like “yes, I as a website owner can guarantee that there is now the same level of data protection”. This is critical for GDPR compliance and the privacy of your users.
Step 7: Sign the standard contractual clauses with Google (or other solutions)
Step 8: Implement and configure server-side tracking
Either alone or with the help of technical experts you can now configure the tool in accordance with the steps from above. If you diverge from the “privacy-settings” you can have troubles with GDPR again.