Server-side tracking is probably one of the biggest trends in 2022. It touches many different fields – e-commerce, analytics, digital marketing, IT & legal – but it is a complex technology that requires care to select and consequently implement.
During the most recent Heroes of Data Privacy online conference, our Co-CEO and CTO Thomas Tauchner presented the necessary steps that need to be considered when implementing a server-side tracking solution – touching both the legal and the technical aspects.
Below you can find a summary of the steps he listed during his presentation.
Step 1: Read and get familiar with the Guidelines of the European data protection board (EDPB)
This point is critical to understand one essential part of the problem. So much has changed in tracking that any professional in online marketing and related fields should have some basic grasp of regulation and how “it can be solved”. The Guidelines of the European data protection board are a very good starting point. By the way, that’s also how we started when we focused on GDPR compliance.
Step 2: Get professional assistance from legal and technical experts
Both the regulatory and technical landscapes are changing rapidly. As a result, it makes a lot of sense to get in touch with experts in these respective fields. Alternatively, you will find many social media accounts that share important information about GDPR, ePrivacy, tracking and much more, especially on LinkedIn. (But be careful, there are also lots of wannabes out there.)
Step 3: Select a European provider of server-side tracking
If you want to ensure a GDPR-compliant server-side tracking setup, a European provider will be essential. This solution also needs to be hosted on European servers, which must be owned by a European company to make sure that the required data governance is given.
Step 4: Identify the personal data you collect, process and transfer
In order to comply with GDPR, which essentially handles how you can use personal data, you have to understand which personal data you actually collect and own. This way you can also determine which data you need to modify (pseudonymisation/anonymisation). Assistance from legal and technical experts can be useful here.
Step 5: Document your legal decisions
In order to take the next steps successfully, you should document your legal decisions and link them to the guidelines of the EDPB.
Step 6: Assess & Guarantee the same level of data protection
Following these steps, you can now make a transfer impact assessment and reach a conclusion like “yes, I as a website owner can guarantee that there is now the same level of data protection”. This is critical for GDPR compliance and the privacy of your users.
Step 7: Sign the standard contractual clauses with Google (or other solutions)
You are now ready to sign the standard contractual clauses (SCCs).
Step 8: Implement and configure server-side tracking
You can now implement JENTIS server-side tracking – either on your or with the help of technical experts – and configure the tool in accordance with the steps above. Only accurate compliance with data protection rules guarantees full GDPR compliance.