Many long-established advertising professionals long for the old days - the times when conversions and many other customer data could be tracked without problems and used for their own evaluations and optimizations. But with May 25, 2018, tracking changed abruptly! The GDPR came into force for German and Austrian companies. What has changed since then and what problems advertisers face - we explain.  

The GDPR and its effects

The five letters of the GDPR give many advertisers goose bumps - after all, the entry into force of the EU's General Data Protection Regulation in May 2018 was associated with significant changes in how companies are allowed to handle data from customers or store visitors in the future. Although the topic of e-commerce does not play a major role in the text of the law and is only mentioned at one point in a footnote, the effects on websites, stores and the like are enormous.

The GDPR as a further development of data protection

The fact that the GDPR creates a long overdue regulation for the handling of data can also be understood by looking at history. After all, the amount of data collected, transmitted, managed and used by each individual today is huge. The first data protection directive, which was adopted in 1995, could no longer be applied to these mountains of data in modern times. So, the GDPR sees itself as a Europe-wide evolution of guidelines previously in place at the country level and obliges organizations to adhere to responsible data collection and use. The goal :to protect the rights and privacy of users. Advertisers are also obliged to explain to users why and how data is collected and what happens to it. In addition, users of stores, websites and the like have since been given the option of not consenting to the collection of this personal data - the birth of the famous Consent Banner. If organizations do not comply with this requirement, they face penalties that can reach into the high 6-figure range. The seven principles of the GDPR are as follows:

• Good faith, legality, transparency
• Earmarking
• Data minimization
• Correctness
• Memory limitation
• Integrity and confidentiality
• Accountability 

To whom does the law actually apply?

It's also important to know that the GDPR applies not only to companies based in Europe, but also to anyone who offers their products or services within European borders. So the directive regulates all interactions with customers in Europe - no matter if your business is located on the European mainland, another continent or a desert island.  

The GDPR causes problems in conversion tracking

The integration of a graphical consent banner is not a problem for most advertisers - but the associated changes in data collection are! If a user does not agree to the collection of his personal data, there are quickly unprecedented holes in the data analysis - in this case, you can not only not understand what content this user has consumed, but also do not know whether the user has bought something in your store or not. This means that your own successes can no longer be fully tracked, data can no longer be fully analyzed, and optimizations can no longer be carried out on a stable basis. Due to data breaches or a lack of expertise in DSGVO-compliant tracking, conversions are simply no longer tracked at all in some stores or appear twice in later analyses. Setting up data protection-compliant and yet reliable tracking should therefore be the top priority for every store operator!

Here's what you need to keep in mind when setting up tracking

To set up privacy-compliant tracking in e-commerce, you need to meet three important criteria:

• the opt-in consent
• the order processing contract
• the privacy policy

But first things first: Let's take a look at opt-in consent. If cookies essential for tracking are to be set and personal data processed, you must first obtain consent from the users of your store. This is usually done via the so-called Consent Banner - here there are ready-made plugins for common CMS systems such as Typo3 or WordPress, with which the Consent Banner can be designed quickly and easily in compliance with data protection. In the second step, you should keep in mind that you must always conclude a commission processing contract in accordance with DSGVO Art. 28 if an external company is to process your personal user data. This contract ensures that the outsourced work is also carried out in compliance with data protection regulations. What else must not be missing? Of course, a well-developed privacy policy, in which you must explain to users exactly what data is collected, how long it is stored and how it is processed.

Typical errors in conversion tracking in e-commerce

So far so good - but even if you comply with all the requirements of the GDPR, the data may still not enter your tracking tool correctly. Therefore, first check whether one of the following typical errors is present:

• The tracking code is incorrectly implemented on the website
• There are several analysis codes on the same page
• Instead of the general tracking code, another marketing code (e.g. a remarketing code) has been implemented. 

GDPR-compliant e-commerce tracking: What to do in case of problems or questions?

Your tracking still doesn't work properly and counts conversions twice or doesn't show a shopping cart value for some purchases? In order to evaluate the success of your store correctly and to design your marketing measures in a target-oriented way, a clean data basis is essential. If you have problems here, it is advisable to consult an expert. This is because data protection-compliant tracking can be associated with a number of stumbling blocks that laypeople are often unable to overcome themselves.

By the way, we also have the whitepaper "Conversion Tracking made easy" on the topic of conversion tracking, which might be of interest to you:

‍

‍

Sources:

https://www.oberlo.de/blog/dsgvo-im-ecommerce
https://devowl.io/de/2022/google-ads-dsgvo-website/
https://conversionpipeline.com/common-conversion-tracking-problems/

‍