Turn on/off GDPR compliance on the website
April 6, 2018
Turning the GDPR compliance on/off has a great impact on firing tags mechanism. These features change how tags are triggered and how data is collected:
GDPR compliance is off – visitors are opted-in by default
GDPR compliance is on – visitors are opted-out by default and Piwik PRO Consent Manager serve consent form pop-up for new visitors.
To turn the GDPR compliance on/off:
1. Log into your Piwik Pro application and in the top left corner click on Menu and choose Websites option.
2. Click on Create new website button at the bottom of the websites list (or, if you want to change settings for one of the existing sites, please go to the fourth point).
3. Type website name and website’s URL and confirm clicking the Save
4. Pick up the website, on the right menu find the GDPR compliance switch:
a) turn it on (default value) – visitors will be opted-out by default and Piwik PRO Consent Manager will serve consent form pop-up for new visitors.
b) turn it off – visitors will be opted-in by default
5. Turn on Restrict GDPR compliance only to EU visitors option if you want to serve consent form popup only for visitors from countries which respects GDPR. This option base on visitor’s GeoIP.
If the option is turned on, then consent form pop-up will be fired for visitors from the particular countries. Full list of countries:
Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, UK, Iceland, Liechtenstein, Norway, Switzerland.
Please note this list may change in future.
6. Set Custom privacy cookie domains
Set Custom privacy cookie domains if your website’s snippet will be implemented on more than one domains.
We use domain pattern list separated by comma, for example: *.piwik.pro, blog.piwik.pro, kariera.clearcode.cc.
Wildcard pattern at the beginning is possible as you can see above. *.piwik.pro works, but blog.*.piwik.pro not.
There is only one rule for writing and reading from a cookie on browser side: only one cookie is being used. This causes some impacts and you should be fully aware of all of them (more information below).
Shortest wildcard pattern has precedence. For example, if a user fills patterns: *.piwik.pro, *.blog.piwik.pro and current website is tech.blog.piwik.pro, wildcard cookie will be created for *.piwik.pro.
If patterns change after “publishing” initial configuration and some visitors have already saved cookies on the browser and we determine different cookie for privacy settings, pop-up with consents will display again and a user will have to decide again. We don’t copy any previous values and merge them with current ones because it causes a lot of pitfalls. This situation may happen when a user adds/removes wildcard.
If patterns contain piwik.pro without wildcard indicator, then we create an isolated cookie on piwik.pro domain, so settings are not visible on kariera.piwik.pro.
7. Set other website’s options and Save edit website form.
Please note that clicking on “Save” button equals turning on/off GDPR compliance without the need for publishing it in Tag Manager or Consent Manager.
8. Set privacy cookie expiration period
By default, the Privacy Cookie is set for 12 months and it’s counted since a visitor’s last interaction.
You can change this value if you want to keep shorter or longer cookie expiration date.
Thanks that you’ll be able to build own consents form with the behavior you expect.
If you’ll use the API you won’t be able to use options like:
- Predefined consent widgets (visual editor);
- Reacquire visitor’s consent;
- Consents content won’t be available in visitor’s consents history;
- You’ll be able to see visitor’s consents decisions (with no content).
10. Set other website’s options and Save edit website form.
Please note that clicking on Save button equals turning on/off GDPR compliance without the need for publishing it in Tag Manager or Consent Manager.