GDPR Tag Audit Process

GDPR Tag Audit
Estimated Reading Time: 9 minutes

[cs_content][cs_element_section _id=”1″][cs_element_row _id=”2″][cs_element_column _id=”3″][cs_element_text _id=”4″][/cs_element_column][/cs_element_row][/cs_element_section][cs_element_section _id=”10″][cs_element_row _id=”11″][cs_element_column _id=”12″][cs_element_headline _id=”13″][/cs_element_column][/cs_element_row][cs_element_row _id=”19″][cs_element_column _id=”20″][cs_element_text _id=”21″][/cs_element_column][/cs_element_row][cs_element_row _id=”27″][cs_element_column _id=”28″][x_blockquote cite=”” type=”left” style=”border-color: #238b97;font-size: 18px;”]Tag Piggybacking [tag pig-ee-bak-ing]: The practice of loading third party tags within the javascript configuration of other third party tags.[/x_blockquote][/cs_element_column][/cs_element_row][cs_element_row _id=”35″][cs_element_column _id=”36″][cs_element_text _id=”37″][/cs_element_column][/cs_element_row][cs_element_row _id=”43″][cs_element_column _id=”44″][x_blockquote cite=”” type=”left” style=”border-color: #238b97;font-size: 18px;”]Important Note
Within the Regulation, Article 5(2) explicitly states that it is the responsibility of the Controller to demonstrate compliance with the Principles of GDPR. This means that it is your responsibility, as the owner and operator of the website, to ensure protections for your users.[/x_blockquote][/cs_element_column][/cs_element_row][cs_element_row _id=”51″][cs_element_column _id=”52″][cs_element_headline _id=”53″][/cs_element_column][/cs_element_row][cs_element_row _id=”59″][cs_element_column _id=”60″][cs_element_image _id=”61″][/cs_element_column][/cs_element_row][cs_element_row _id=”67″][cs_element_column _id=”68″][cs_element_button _id=”69″][/cs_element_column][/cs_element_row][/cs_element_section][cs_element_section _id=”75″][cs_element_row _id=”76″][cs_element_column _id=”77″][cs_element_text _id=”78″][/cs_element_column][/cs_element_row][cs_element_row _id=”84″][cs_element_column _id=”85″][x_feature_list][x_feature_box title=”” title_color=”” text_color=”” graphic=”icon” graphic_size=”50px” graphic_shape=”circle” graphic_color=”#ffffff” graphic_bg_color=”rgb(35, 139, 151)” align_h=”left” align_v=”middle” side_graphic_spacing=”20px” max_width=”none” child=”true” connector_width=”1px” connector_style=”solid” connector_color=”#272727″ graphic_icon=”list-ul”]A list of all platforms loading on the site[/x_feature_box][x_feature_box title=”” title_color=”” text_color=”” graphic=”icon” graphic_size=”50px” graphic_shape=”circle” graphic_color=”#ffffff” graphic_bg_color=”rgb(35, 139, 151)” align_h=”left” align_v=”middle” side_graphic_spacing=”20px” max_width=”none” child=”true” connector_width=”1px” connector_style=”solid” connector_color=”#272727″ graphic_icon=”code”]Identification of How Platforms are Loading: From the source code, through a TMS, or piggybacking and loading through another third party[/x_feature_box][x_feature_box title=”” title_color=”” text_color=”” graphic=”icon” graphic_size=”50px” graphic_shape=”circle” graphic_color=”#ffffff” graphic_bg_color=”rgb(35, 139, 151)” align_h=”left” align_v=”middle” side_graphic_spacing=”20px” max_width=”none” child=”true” connector_width=”1px” connector_style=”solid” connector_color=”#272727″ graphic_icon=”tag”]Categorization of the Tag: What the platform is and its function on your site[/x_feature_box][x_feature_box title=”” title_color=”” text_color=”” graphic=”icon” graphic_size=”50px” graphic_shape=”circle” graphic_color=”#ffffff” graphic_bg_color=”rgb(35, 139, 151)” align_h=”left” align_v=”middle” side_graphic_spacing=”20px” max_width=”none” child=”true” connector_width=”1px” connector_style=”solid” connector_color=”#272727″ graphic_icon=”search”]Identification of where these various tags are implemented across all pages of your site[/x_feature_box][/x_feature_list][/cs_element_column][/cs_element_row][/cs_element_section][cs_element_section _id=”96″][cs_element_row _id=”97″][cs_element_column _id=”98″][cs_element_video _id=”99″][/cs_element_column][/cs_element_row][/cs_element_section][cs_element_section _id=”105″][cs_element_row _id=”106″][cs_element_column _id=”107″][cs_element_text _id=”108″][/cs_element_column][/cs_element_row][/cs_element_section][cs_element_section _id=”114″][cs_element_row _id=”115″][cs_element_column _id=”116″][cs_element_headline _id=”117″][/cs_element_column][/cs_element_row][cs_element_row _id=”123″][cs_element_column _id=”124″][cs_element_text _id=”125″][/cs_element_column][/cs_element_row][cs_element_row _id=”131″][cs_element_column _id=”132″][x_blockquote cite=”” type=”left” style=”border-color: #238b97;font-size: 18px;”]Added Bonus!
The removal of legacy tags can also result in page load performance improvements on the site. Some clients have seen up to a 20% reduction in page load time following tag cleanup efforts. [/x_blockquote][/cs_element_column][/cs_element_row][cs_element_row _id=”139″][cs_element_column _id=”140″][cs_element_text _id=”141″][/cs_element_column][/cs_element_row][cs_element_row _id=”147″][cs_element_column _id=”148″][cs_element_text _id=”149″][/cs_element_column][/cs_element_row][cs_element_row _id=”155″][cs_element_column _id=”156″][cs_element_text _id=”157″][x_blockquote cite=”” type=”left” style=”border-color: #238b97;font-size: 18px;”]Pro Tip
Use the information collected in the Tag Inventory about how tags are loading to first focus on those “under your control”. These are any tags that load either directly from your source code or through a container tag (such as your Tag Management System) that you own and operate.
Once you have worked through these, then move on to any third parties that are piggybacking. For piggybacked tags, you’ll often need to have a discussion with the team responsible for and/or the vendor of the platform through which those third parties are loading. This part of the process is the most difficult within the Stakeholder Mapping phase, so it’s best to address the easy ones first so you at least know with whom the conversations need to be had. [/x_blockquote][/cs_element_column][/cs_element_row][cs_element_row _id=”164″][cs_element_column _id=”165″][cs_element_text _id=”166″][/cs_element_column][/cs_element_row][/cs_element_section][cs_element_section _id=”172″][cs_element_row _id=”173″][cs_element_column _id=”174″][cs_element_video _id=”175″][/cs_element_column][/cs_element_row][/cs_element_section][cs_element_section _id=”181″][cs_element_row _id=”182″][cs_element_column _id=”183″][cs_element_text _id=”184″][/cs_element_column][/cs_element_row][/cs_element_section][cs_element_section _id=”190″][cs_element_row _id=”191″][cs_element_column _id=”192″][cs_element_headline _id=”193″][/cs_element_column][/cs_element_row][cs_element_row _id=”199″][cs_element_column _id=”200″][cs_element_text _id=”201″][/cs_element_column][/cs_element_row][cs_element_row _id=”207″][cs_element_column _id=”208″][cs_element_headline _id=”209″][cs_element_text _id=”210″][/cs_element_column][/cs_element_row][cs_element_row _id=”216″][cs_element_column _id=”217″][cs_element_headline _id=”218″][cs_element_text _id=”219″][/cs_element_column][/cs_element_row][/cs_element_section][cs_section parallax=”false” separator_top_type=”none” separator_top_height=”50px” separator_top_angle_point=”50″ separator_bottom_type=”none” separator_bottom_height=”50px” separator_bottom_angle_point=”50″ style=”margin: 0px;padding: 15px 0px;”][cs_row inner_container=”true” marginless_columns=”false” style=”margin: 0px auto;padding: 0px;”][cs_column fade=”false” fade_animation=”in” fade_animation_offset=”45px” fade_duration=”750″ type=”1/1″ style=”padding: 0px;”][cs_element_headline _id=”228″][/cs_column][/cs_row][cs_row inner_container=”true” marginless_columns=”false” style=”margin: 0px auto;padding: 0px;”][cs_column fade=”false” fade_animation=”in” fade_animation_offset=”45px” fade_duration=”750″ type=”1/2″ style=”padding: 0px;”][cs_element_text _id=”237″][/cs_column][cs_column fade=”false” fade_animation=”in” fade_animation_offset=”45px” fade_duration=”750″ type=”1/2″ style=”padding: 0px;”][cs_element_image _id=”239″][/cs_column][/cs_row][cs_row inner_container=”true” marginless_columns=”false” style=”margin: 0px auto;padding: 0px;”][cs_column fade=”false” fade_animation=”in” fade_animation_offset=”45px” fade_duration=”750″ type=”1/1″ style=”padding: 0px;”][x_blockquote cite=”” type=”left” style=”border-color: #238b97;font-size: 18px;”]Evaluating your consent mechanism?
Download the Everything Marketing and Advertising Professionals Need to Know about GDPR ebook now for a helpful checklist![/x_blockquote][/cs_column][/cs_row][/cs_section][cs_section parallax=”false” separator_top_type=”none” separator_top_height=”50px” separator_top_angle_point=”50″ separator_bottom_type=”none” separator_bottom_height=”50px” separator_bottom_angle_point=”50″ style=”margin: 0px;padding: 15px 0px;”][cs_row inner_container=”true” marginless_columns=”false” style=”margin: 0px auto;padding: 0px;”][cs_column fade=”false” fade_animation=”in” fade_animation_offset=”45px” fade_duration=”750″ type=”1/1″ style=”padding: 0px;”][cs_element_headline _id=”255″][cs_element_text _id=”256″][/cs_column][/cs_row][/cs_section][cs_element_section _id=”262″][cs_element_row _id=”263″][cs_element_column _id=”264″][cs_element_headline _id=”265″][/cs_element_column][/cs_element_row][cs_element_row _id=”271″][cs_element_column _id=”272″][cs_element_text _id=”273″][/cs_element_column][/cs_element_row][cs_element_row _id=”279″][cs_element_column _id=”280″][cs_element_text _id=”281″][/cs_element_column][cs_element_column _id=”282″][cs_element_image _id=”283″][/cs_element_column][/cs_element_row][cs_element_row _id=”288″][cs_element_column _id=”289″][cs_element_text _id=”290″][/cs_element_column][/cs_element_row][/cs_element_section][cs_element_section _id=”296″][cs_element_row _id=”297″][cs_element_column _id=”298″][cs_element_headline _id=”299″][/cs_element_column][/cs_element_row][cs_element_row _id=”305″][cs_element_column _id=”306″][cs_element_text _id=”307″][/cs_element_column][/cs_element_row][cs_element_row _id=”313″][cs_element_column _id=”314″][cs_element_image _id=”315″][/cs_element_column][cs_element_column _id=”316″][cs_element_text _id=”317″][/cs_element_column][/cs_element_row][/cs_element_section][cs_element_section _id=”322″][cs_element_row _id=”323″][cs_element_column _id=”324″][cs_element_headline _id=”325″][/cs_element_column][/cs_element_row][cs_element_row _id=”331″][cs_element_column _id=”332″][cs_element_text _id=”333″][/cs_element_column][/cs_element_row][cs_element_row _id=”339″][cs_element_column _id=”340″][cs_element_text _id=”341″][/cs_element_column][/cs_element_row][cs_element_row _id=”347″][cs_element_column _id=”348″][cs_element_text _id=”349″][/cs_element_column][cs_element_column _id=”350″][cs_element_image _id=”351″][/cs_element_column][/cs_element_row][cs_element_row _id=”356″][cs_element_column _id=”357″][cs_element_text _id=”358″][/cs_element_column][/cs_element_row][/cs_element_section][cs_element_section _id=”364″][cs_element_row _id=”365″][cs_element_column _id=”366″][cs_element_headline _id=”367″][/cs_element_column][/cs_element_row][cs_element_row _id=”373″][cs_element_column _id=”374″][x_feature_list style=”margin-left: 3em;”][x_feature_box title=”” title_color=”” text_color=”” graphic=”icon” graphic_size=”50px” graphic_shape=”circle” graphic_color=”#ffffff” graphic_bg_color=”rgb(35, 139, 151)” align_h=”left” align_v=”middle” side_graphic_spacing=”20px” max_width=”none” child=”true” connector_width=”1px” connector_style=”solid” connector_color=”#272727″ graphic_icon=”question”]Would the user reasonably expect the processing to be taking place?[/x_feature_box][x_feature_box title=”” title_color=”” text_color=”” graphic=”icon” graphic_size=”50px” graphic_shape=”circle” graphic_color=”#ffffff” graphic_bg_color=”rgb(35, 139, 151)” align_h=”left” align_v=”middle” side_graphic_spacing=”20px” max_width=”none” child=”true” connector_width=”1px” connector_style=”solid” connector_color=”#272727″ graphic_icon=”comment”]Are you happy to explain to the user exactly what the processing is and the effect on them?[/x_feature_box][x_feature_box title=”” title_color=”” text_color=”” graphic=”icon” graphic_size=”50px” graphic_shape=”circle” graphic_color=”#ffffff” graphic_bg_color=”rgb(35, 139, 151)” align_h=”left” align_v=”middle” side_graphic_spacing=”20px” max_width=”none” child=”true” connector_width=”1px” connector_style=”solid” connector_color=”#272727″ graphic_icon=”child”]What value is added to the user as a result of the processing?[/x_feature_box][x_feature_box title=”” title_color=”” text_color=”” graphic=”icon” graphic_size=”50px” graphic_shape=”circle” graphic_color=”#ffffff” graphic_bg_color=”rgb(35, 139, 151)” align_h=”left” align_v=”middle” side_graphic_spacing=”20px” max_width=”none” child=”true” connector_width=”1px” connector_style=”solid” connector_color=”#272727″ graphic_icon=”thumbs-down”]Are the individuals rights likely to be negatively impacted?[/x_feature_box][x_feature_box title=”” title_color=”” text_color=”” graphic=”icon” graphic_size=”50px” graphic_shape=”circle” graphic_color=”#ffffff” graphic_bg_color=”rgb(35, 139, 151)” align_h=”left” align_v=”middle” side_graphic_spacing=”20px” max_width=”none” child=”true” connector_width=”1px” connector_style=”solid” connector_color=”#272727″ graphic_icon=”building”]Would there be a negative impact to the Controller if the processing does not happen?[/x_feature_box][x_feature_box title=”” title_color=”” text_color=”” graphic=”icon” graphic_size=”50px” graphic_shape=”circle” graphic_color=”#ffffff” graphic_bg_color=”rgb(35, 139, 151)” align_h=”left” align_v=”middle” side_graphic_spacing=”20px” max_width=”none” child=”true” connector_width=”1px” connector_style=”solid” connector_color=”#272727″ graphic_icon=”database”]Is the processing in the interest of the individual whose data is being processed?[/x_feature_box][x_feature_box title=”” title_color=”” text_color=”” graphic=”icon” graphic_size=”50px” graphic_shape=”circle” graphic_color=”#ffffff” graphic_bg_color=”rgb(35, 139, 151)” align_h=”left” align_v=”middle” side_graphic_spacing=”20px” max_width=”none” child=”true” connector_width=”1px” connector_style=”solid” connector_color=”#272727″ graphic_icon=”connectdevelop”]What is the connection or relationship between the organization and the data subject?[/x_feature_box][x_feature_box title=”” title_color=”” text_color=”” graphic=”icon” graphic_size=”50px” graphic_shape=”circle” graphic_color=”#ffffff” graphic_bg_color=”rgb(35, 139, 151)” align_h=”left” align_v=”middle” side_graphic_spacing=”20px” max_width=”none” child=”true” connector_width=”1px” connector_style=”solid” connector_color=”#272727″ graphic_icon=”bar-chart”]What data is being processed?[/x_feature_box][x_feature_box title=”” title_color=”” text_color=”” graphic=”icon” graphic_size=”50px” graphic_shape=”circle” graphic_color=”#ffffff” graphic_bg_color=”rgb(35, 139, 151)” align_h=”left” align_v=”middle” side_graphic_spacing=”20px” max_width=”none” child=”true” connector_width=”1px” connector_style=”solid” connector_color=”#272727″ graphic_icon=”gavel”]Does the processing undermine the rights of the individual?[/x_feature_box][x_feature_box title=”” title_color=”” text_color=”” graphic=”icon” graphic_size=”50px” graphic_shape=”circle” graphic_color=”#ffffff” graphic_bg_color=”rgb(35, 139, 151)” align_h=”left” align_v=”middle” side_graphic_spacing=”20px” max_width=”none” child=”true” connector_width=”1px” connector_style=”solid” connector_color=”#272727″ graphic_icon=”wpforms”]Has the personal data been obtained directly or indirectly?[/x_feature_box][x_feature_box title=”” title_color=”” text_color=”” graphic=”icon” graphic_size=”50px” graphic_shape=”circle” graphic_color=”#ffffff” graphic_bg_color=”rgb(35, 139, 151)” align_h=”left” align_v=”middle” side_graphic_spacing=”20px” max_width=”none” child=”true” connector_width=”1px” connector_style=”solid” connector_color=”#272727″ graphic_icon=”search”]Could the processing be considered intrusive to the individual?[/x_feature_box][x_feature_box title=”” title_color=”” text_color=”” graphic=”icon” graphic_size=”50px” graphic_shape=”circle” graphic_color=”#ffffff” graphic_bg_color=”rgb(35, 139, 151)” align_h=”left” align_v=”middle” side_graphic_spacing=”20px” max_width=”none” child=”true” connector_width=”1px” connector_style=”solid” connector_color=”#272727″ graphic_icon=”file-text”]Are you sufficiently clear in the notice given to the individual about the processing that is occurring?[/x_feature_box][x_feature_box title=”” title_color=”” text_color=”” graphic=”icon” graphic_size=”50px” graphic_shape=”circle” graphic_color=”#ffffff” graphic_bg_color=”rgb(35, 139, 151)” align_h=”left” align_v=”middle” side_graphic_spacing=”20px” max_width=”none” child=”true” connector_width=”1px” connector_style=”solid” connector_color=”#272727″ graphic_icon=”hand-paper-o”]Can the user easily object to the processing?[/x_feature_box][x_feature_box title=”” title_color=”” text_color=”” graphic=”icon” graphic_size=”50px” graphic_shape=”circle” graphic_color=”#ffffff” graphic_bg_color=”rgb(35, 139, 151)” align_h=”left” align_v=”middle” side_graphic_spacing=”20px” max_width=”none” child=”true” connector_width=”1px” connector_style=”solid” connector_color=”#272727″ graphic_icon=”lock”]Are any safeguards in place to minimize the risk of privacy impact to the individual?[/x_feature_box][/x_feature_list][/cs_element_column][/cs_element_row][cs_element_row _id=”395″][cs_element_column _id=”396″][cs_element_text _id=”397″][/cs_element_column][/cs_element_row][/cs_element_section][cs_element_section _id=”403″][cs_element_row _id=”404″][cs_element_column _id=”405″][cs_element_video _id=”406″][/cs_element_column][/cs_element_row][/cs_element_section][cs_element_section _id=”412″][cs_element_row _id=”413″][cs_element_column _id=”414″][cs_element_headline _id=”415″][/cs_element_column][/cs_element_row][cs_element_row _id=”421″][cs_element_column _id=”422″][cs_element_text _id=”423″][/cs_element_column][/cs_element_row][cs_element_row _id=”429″][cs_element_column _id=”430″][x_blockquote cite=”” type=”left” style=”border-color: #238b97;font-size: 18px;”]Are You Using a Processor?
GDPR makes it a requirement that whenever a controller uses a processor (any of the third parties being used for digital marketing and advertising on the site) they must have a written contract relating to processing in place. Similarly, if a processor is using another processor, it also needs to have a written contract in place.[/x_blockquote][/cs_element_column][/cs_element_row][cs_element_row _id=”437″][cs_element_column _id=”438″][cs_element_text _id=”439″][/cs_element_column][/cs_element_row][/cs_element_section][cs_element_section _id=”445″][cs_element_row _id=”446″][cs_element_column _id=”447″][cs_element_headline _id=”448″][/cs_element_column][/cs_element_row][cs_element_row _id=”454″][cs_element_column _id=”455″][cs_element_text _id=”456″][/cs_element_column][/cs_element_row][cs_element_row _id=”462″][cs_element_column _id=”463″][cs_element_text _id=”464″][/cs_element_column][/cs_element_row][cs_element_row _id=”470″][cs_element_column _id=”471″][x_blockquote cite=”” type=”left” style=”border-color: #238b97;font-size: 18px;”]Use This Checklist!
Check off the boxes as you evaluate your current Privacy Notice. When you’re done, you’ll have a good idea of where to make improvements and/or additions![/x_blockquote][/cs_element_column][/cs_element_row][cs_element_row _id=”478″][cs_element_column _id=”479″][x_raw_content]

[/x_raw_content][/cs_element_column][/cs_element_row][cs_element_row _id=”486″][cs_element_column _id=”487″][cs_element_text _id=”488″][/cs_element_column][/cs_element_row][/cs_element_section][cs_element_section _id=”494″][cs_element_row _id=”495″][cs_element_column _id=”496″][cs_element_headline _id=”497″][/cs_element_column][/cs_element_row][cs_element_row _id=”503″][cs_element_column _id=”504″][cs_element_video _id=”505″][/cs_element_column][/cs_element_row][cs_element_row _id=”511″][cs_element_column _id=”512″][cs_element_text _id=”513″][/cs_element_column][/cs_element_row][cs_element_row _id=”519″][cs_element_column _id=”520″][x_blockquote cite=”” type=”left” style=”border-color: #238b97;font-size: 18px;”]1) Tag Audit
Tag Audit to understand the platforms on the site that are collecting data about users[/x_blockquote][/cs_element_column][/cs_element_row][cs_element_row _id=”527″][cs_element_column _id=”528″][x_blockquote cite=”” type=”left” style=”border-color: #238b97;font-size: 18px;”]2) Establish Ownership
Assign ownership and responsibility within the organization for each platform[/x_blockquote][/cs_element_column][/cs_element_row][cs_element_row _id=”535″][cs_element_column _id=”536″][x_blockquote cite=”” type=”left” style=”border-color: #238b97;font-size: 18px;”]3) For Each Technology Used

  • Is there Personal Data being collected?
  • If yes:
    • What is the Legal Basis for Processing
      • If Consent
        • Is the consent given by users specific, explicit, and unambiguous?
        • Do you have a record of consent?
      • If Legitimate Interest
        • What is the Legitimate Interest for processing?
        • Is the processing necessary for the stated interest?
        • Does it pass the Balance Test to ensure the interest outweighs the risks to the user’s privacy?
        • Is all of this documented and available?
    • Are the proper legal and security reviews completed? Are the required contracts and documentation in place?
    • Is the Processing reflected in the Privacy Notice?
      • Is the notice in clear, intelligible, and plain language?

[/x_blockquote][/cs_element_column][/cs_element_row][cs_element_row _id=”543″][cs_element_column _id=”544″][cs_element_text _id=”545″][/cs_element_column][/cs_element_row][cs_element_row _id=”551″][cs_element_column _id=”552″][cs_element_image _id=”553″][/cs_element_column][/cs_element_row][cs_element_row _id=”559″][cs_element_column _id=”560″][cs_element_button _id=”561″][/cs_element_column][/cs_element_row][/cs_element_section][/cs_content]

Originally Published On April 25, 2018
October 8, 2020