GDPR (General Data Protection Regulation)

Definition

The GDPR (General Data Protection Regulation), known as RGPD in French, is a European regulation that came into force on May 25, 2018. It governs the collection, storage and processing of personal data of European Union residents. In web analytics, it requires obtaining consent before setting any cookie or tracker not strictly necessary for the site’s operation.

Impact on web analytics

The GDPR has transformed web audience measurement. Before it took effect, analytics tools collected data by default. Now, without explicit consent, analytics tags must not execute (or must operate in degraded mode via Consent Mode). In France, the CNIL estimates that 30 to 40% of visitors decline cookies, creating a significant blind spot in the data.

Key principles

The six GDPR principles applicable to tracking are: lawfulness (legal basis for each processing operation), purpose limitation (specific and declared objective), data minimization (collect only what is necessary), accuracy, storage limitation and security. The most common legal basis in analytics is consent, although legitimate interest is invoked by some exempt tools like Matomo (under certain conditions).

Practical compliance

Analytics compliance requires a properly configured CMP, an operational Consent Mode and documentation of processing activities. Expert consent support helps maximize the consent rate while meeting legal requirements.