Server-Side Tracking, Step by Step

Looking to implement server-side tracking at your organisation? Here is our guide with the necessary steps on your way to compliant, first-party data collection.

Server-side tracking is probably one of the biggest trends in 2022. It touches many different fields – e-commerce, analytics, digital marketing, IT & legal – but it is a complex technology that requires care to select and consequently implement.

During the most recent Heroes of Data Privacy online conference, our Co-CEO and CTO Thomas Tauchner presented the necessary steps that need to be considered when implementing a server-side tracking solution – touching both the legal and the technical aspects.

Below you can find a summary of the steps he listed during his presentation.

Step 1: Read and get familiar with the Guidelines of the European data protection board (EDPB)

This point is critical to understand one essential part of the problem. So much has changed in tracking that any professional in online marketing and related fields should have some basic grasp of regulation and how “it can be solved”. The Guidelines of the European data protection board are a very good starting point. By the way, that’s also how we started when we focused on GDPR compliance.

Step 2: Get professional assistance from legal and technical experts

Both the regulatory and technical landscapes are changing rapidly. As a result, it makes a lot of sense to get in touch with experts in these respective fields. Alternatively, you will find many social media accounts that share important information about GDPR, ePrivacy, tracking and much more, especially on LinkedIn. (But be careful, there are also lots of wannabes out there.)

Step 3: Select a European provider of server-side tracking

If you want to ensure a GDPR-compliant server-side tracking setup, a European provider will be essential. This solution also needs to be hosted on European servers, which must be owned by a European company to make sure that the required data governance is given. 

Step 4: Identify the personal data you collect, process and transfer

In order to comply with GDPR, which essentially handles how you can use personal data, you have to understand which personal data you actually collect and own. This way you can also determine which data you need to modify (pseudonymisation/anonymisation). Assistance from legal and technical experts can be useful here.

Step 5: Document your legal decisions

In order to take the next steps successfully, you should document your legal decisions and link them to the guidelines of the EDPB.

Step 6: Assess & Guarantee the same level of data protection

Following these steps, you can now make a transfer impact assessment and reach a conclusion like “yes, I as a website owner can guarantee that there is now the same level of data protection”. This is critical for GDPR compliance and the privacy of your users.

Step 7: Sign the standard contractual clauses with Google (or other solutions)

You are now ready to sign the standard contractual clauses (SCCs).

Step 8: Implement and configure server-side tracking

You can now implement JENTIS server-side tracking – either on your or with the help of technical experts – and configure the tool in accordance with the steps above. Only accurate compliance with data protection rules guarantees full GDPR compliance.


Link: Read Guidelines of the European data protection board (EDPB) .

Server-Side Tracking, Step by Step

THOMAS TAUCHNER @ HEROES OF DATA PRIVACY

More articles

Blog

The forgotten Data Protection regulation that started it all

Do you know the story of the groundbreaking EU data privacy regulation that threatened to disrupt data flow between the EU and the US? Hint: it’s not the GDPR.

Blog

The 3 biggest Challenges for Digital Marketing 2023

What will be important in the coming year? What will pose the most difficult challenges for digital marketing? An analysis from a marketer's point of view.

Blog

How DPAs determine the level of GDPR fines

The GDPR applies as a legal basis to all EU data protection authorities. But there is far less uniformity when it comes to the level of fines. How high can they get? A quick guide to what companies can expect.