How to align your website with GDPR regulations, remove all cookies and still keep all functionalities?

This is a topic that we all put off until it starts to really pressure us. And it begins. Since we have a lot of clients from the EU, we are up to date with the big panic that is related to the GDPR in most countries. Everyone sorted it out a bit, and adjusted their websites and online business, but more like a mask. When you scratch behind the surface, you can see that many things in 90% of the websites are not even close to complying with the GDPR regulations. And the pressure began to be exerted by groups of law offices that joined together, surfing online and suing in turn, demanding huge damages, if the website did not comply with all the required rules.

So we were pressed by that and had to find the best solutions for our clients. And trust me, you should too. Already today.

Learn more about GDPR.

Cookie selection/acceptance pop-up

Ouch, how we all hate those pop-ups for choosing cookies. I mean really, you're just looking to put that away, but it won't do it, it's asking you to choose, to accept. The horror. But that's nothing of the horror of how difficult it is to create such functionality.

1. Each website analytics, Google map, YouTube video, various pixels from social networks have their own specific system for leaving cookies, and each one of them leaves several cookies
2. Most have either terrible documentation or none at all
3. Plus they change their functioning at least once a year and sometimes once a month

So creating and maintaining such a solution costs a lot of time, which means money. Which explains why most of these ready-made solutions cost from 15 to several hundred euros per month. And the chances are that you will end up with such a single solution and monthly subscription. As an expense, it is not a problem for many people/companies who do great business, but for most, it is too big and an unnecessary waste of resources.

What turned out to be a much better solution is to disable all cookies on your website (except the mandatory functional ones) and keep the functionality. How? Well, read more.

How to align your website with GDPR regulations, remove all cookies and still keep all functionalities?

The following tips will help you align your online presence with GDPR regulations, remove all unnecessary cookies, and can be a complete solution for most websites. Of course, for some of you who find it very important to follow your visitors everywhere, in order to sell them something, it will not be enough. But I have to tell you that you should organize your business a little different because what you are doing is not in accordance with GDPR rules, but also with moral standards. I'll stop there.

Self-host your fonts

I know it's easy to go to Google Fonts, Adobe Fonts, or a similar service, select the fonts, and put in a link, but there are a number of reasons why you shouldn't do that:

1. These services track your visitors
2. They are banned in many countries, which means that your website will not appear there either
3. With self-hosted fonts, you have full control over your website
4. Faster website speed

I don't know if you know, but you can download every font from the "Google fonts" collection as a desktop version and install it on your computer, but you can also convert every font into a web font. The following services can help you with this:

• transfonter.org (recommendation)
• www.fontsquirrel.com/tools/webfont-generator
• www.creativefabrica.com/webfont-generator/

Don't worry, it's a simple thing for any developer, so ask him (or her 🙂 ) to optimize the fonts on your website so you host them yourself.

Website videos (YouTube without cookies)

Definitely, the best solution is to host your own video materials, but this always requires a little more effort to optimize and compress the video well, especially the larger ones.

Which makes YouTube an easier, more obvious, and faster solution for most. But standard YouTube video embedding on a website leaves cookies on your website visitors and makes you violate GDPR rules.

The solution is simple, just use www.youtube-nocookie.com instead of www.youtube.com in the URL you receive for embedding.

The example URL structure of an embedded video:

https://www.youtube-nocookie.com/embed/[videocode]

Location map on your website

Any map you embed on the website will also leave cookies for visitors, so that also violates GDPR rules. The easiest solution to that problem is to screenshot the requested location on the map, crop the image, put it on the website instead of the map, and link it so that clicking on the map-image takes you to the location on the real map (Google, Bing, OpenStreetMap or any other you want ).

If advanced use of the map is required, then of course your developer (or you if you are a developer 😎) will integrate the map using the Google map API.

Website visit analytics

And we come to the most important thing for many, visit analytics. Thank God, many have wised up in recent years and now there are plenty of solutions for website visit analytics without using cookies.

We now present our selection of the best alternatives to Google Analytics, which can be set to work without cookies:

• matomo.org (recommendation)
• posthog.com (recommendation)
• plausible.io
• usefathom.com
• goaccess.io

Our number one recommendation goes to Matomo Analytics. There are two options, to host it for free on your server (very easy installation, PHP + MySQL), or to pay a monthly subscription to have Matomo do everything for you, similar to Google Analytics. Matomo has been around for a long time and can cover almost all needs and rival Google Analytics in most respects:

• Option to create segments, goals
• eCommerce support
• Android/IOS application where you can monitor visits at any time
• Heatmap tracking
• A/B testing
• White-label
• And much more (list of Matomo featured features)

But I have to use Google Analytics? And Facebook pixel, Ads tracking and similar?

Well, if you really have to use Google analytics, Facebook pixel, Ads tracking and similar things, there is no help, you will have to use some popups for users to accept tracking cookies. That is, you will be able to follow only those users who accept to be followed. The following list of solutions that you can integrate into your website can help you here:

• Free
  • www.iubenda.com/en/help/23648-cookie-banner-generator-for-your-site-or-app
  • www.cookieconsent.com
  • www.websitepolicies.com/cookie-consent-banner-generator
  • cookie-bar.eu
• Premium
  • www.cookiehub.com
  • www.cookiebot.com/en
  • cookie-script.com
  • www.clickskeks.at

Contact forms

Yes, contact forms do not leave cookies, but it is important to align them with GDPR rules. It is necessary that every contact form, including the newsletter, also contains a checkbox that the visitor/user of the website must accept in order to be able to send it. That checkbox simply says "You must accept our privacy terms" indicating that the user has voluntarily agreed to share their personal information with you.

Unfortunately, that's not all

Although you have seen by now that there are a lot of settings to follow GDPR rules, what we have listed is only one part. To fully comply with the GDPR, you must answer yes to each of the following questions:

1. Does your company list all types of personal data it collects and holds about users?
2. Do you know why you collect user data and how?
3. Can you provide the source of all personal data, as well as who you share it with and what happens to it?
4. Do you have a list of places (eg servers) where personal data is stored, do you know how it is secured, whether the data is encrypted during transfer, how it is stored, and for how long?
5. Is your privacy policy publicly available to anyone who enters your website, is it written in plain language that the average user can understand, and does the document detail everything about data collection and storage processes?
6. If your company is based outside the EU, do you have a designated representative in the EU?
7. Have you trained your employees on personal data protection?
8. Have you taken all the necessary measures to prevent the misuse of collected personal data within the company by employees?
9. Can your users easily request access to the personal data that you hold about them, can they easily update that data, and can they easily request that you delete all data about them?
10. Have you given your users the ability to receive aggregated data from you in a portable format upon their own request?
11. If the data you collect is processed and stored on servers in countries outside the EU, are you sure of the degree of their protection, can you guarantee data security?

Please also note that many countries in the world (some of them in Europe) do not allow Google products that leave cookies, which may result in users in those countries not being able to access your website.

Conclusion

Like it or not, GDPR rules are something we have to adapt to, but when you look at everything, they are rules that we should all accept, not only in online business but also in offline/life relationships. Less peering into the neighbor's yard, staring into other people's drawers and wallets, and more respect for the privacy of others.

If you don't like someone following you, rummaging through your private things, or trying to cunningly sell you something (be it a product or some ideology) by finding out some of your weaknesses, others certainly don't like you doing that to them either.