A core challenge of managing compliance policies for a website using server-side tag management is the lack of visibility for the privacy office to what platforms are loading and what data is being collected by each. Server-side Tag Monitoring in Tag Inspector provides the visibility necessary to audit and document compliant behavior across all consumer consent conditions. Taking this one step further, Tag Policy monitoring in Tag Inspector’s Governance Module allows an organization to proactively monitor server-side data flows to identify instances of non-compliant data collection.
Once a site is configured to be scanned with their Server-side GTM Container Configuration, all tags loading in a server-side context are available within reporting. Tags loaded from the Server-side GTM instance are also made available for classification in an Allowed Tag Policy.
Adding a Server-Side Tag to a Tag Policy
All tags found, regardless of their load behavior in a client-side or server-side context, are by default “Not Allowed” in the Tag Policy view. Only once a tag has been reviewed and “approved” by the organization will the tag’s presence in a scan not be flagged as a compliance risk. Managing the classification process for server-side tags is a seamless experience.
- Navigate to the “Policies” section of Tag Inspector Governance
2. Select the Policy to configure
3. By default, all tags are in the “Not Allowed” classification at the start; to view only tags loading via Server-side GTM, use the “Load Origin” filter box at the top
4. Approve any platforms allowed to be loaded
5. Once approved, select the right-hand arrow on the tag list for more granular options
6. For tags only allowed to be loading via Server-side GTM, select only the “Server-side” option for tag load behavior
7. Save the Policy rule condition
Once server-side tags are defined in the Compliance Policy, any violations or instances where the tag is loading in a client-side context will be flagged for review. Concurrently, any new tags added to the Server-side GTM Container Configuration for websites being monitored will be flagged unless/until they are reviewed and approved in the Compliance Policy. The ongoing monitoring of policies via Tag Inspector helps maintain a proactive posture to identify and remediate compliance risks as they arise across all websites in scope.