This article shatters the most common myths about GDPR & SEO. Discover useful tips for smart search engine optimization settings and learn effective best practices to ensure that your use of Google Analytics and AdWords are GDPR-compliant.

Author: Andra Iliescu - SEO Specialist - OSF Digital.

The first proposal for GDPR was released in 2012. Since then, numerous data reform policies were enacted by the EU, eventually leading to the European Parliament’s support for the current version of GDPR.

This article from one of OSF Digital’s SEO Specialists will shatter the most common myths about GDPR & SEO and share what you need to pay attention to as well as the smart search engine optimization settings you should perform to obtain full GDPR alignment.

Myth #1: You Can Just Block EU Users

Regardless of this being viewed as an extreme way to avoid issues with GDPR, many merchants actually take this path of least resistance and block visitors by countries. While this tactic does work, it works against your business. First, it prevents you from expanding your business presence globally. Considering that EU was ranking second in the list of the world’s largest economies in 2017 and it definitely may become a valuable business opportunity. Second, restricting access to EU users will have a negative effect on your SEO results with declining traffic, higher bounce rates, and eventually causing damage to your brand image.

Myth #2: Improving SEO Through Keyword Research is No Longer an Option

On the contrary, if you’re using tools that rely on anonymous, non-identifiable data, as this is defined under GDPR, keyword research on optimized content may become the most effective technique you can use to attract new visitors.

Myth #3: GDPR compliant websites’ rankings will suffer

For the time being there’s no announcement from Google that GDPR compliance influences your ranking in any way, but it might be possible, taking into account that Google has always been a proponent of secure websites. For example, until now HTTP websites could have the same ranking as HTTPS, but since July 2018 Google protocols are marking HTTP websites as not secure.

Myth #4: GDPR cookie consent pop-ups are messing with your SEO

It’s become a common false belief that cookie pop-ups may have a negative effect on your website’s ranking within search engines. Actually, if set correctly, cookie consent banners or pop-ups won’t affect your SEO and the information on your website will still be visible to GoogleBot. You just have to make sure your pop-ups are not intrusive and that they are not covering all of the website content preventing the user from viewing the page until they press a button or close the pop-up.

Tip: Design your cookie notice as a neat banner placed at the top, side or footer of your website so that both your website visitors and GoogleBot will be able to see your page content without any obstacles.

GDPR-Friendly SEO Tips

Even though On and Off Page SEO doesn’t collect any customer data, there are still some ways to improve your SEO so it’s aligned with GDPR.

  • Meta Tags

Use relevant meta tags and descriptions that will help users better understand whether the search results correspond to their search requests.

  • URLs

Make your URLs short and refine them with keywords to help users find your offerings easily and improve your website’s ranking.

  • Crawlable Pages

Boost your traffic by making your pages easy to read for search engine crawlers: add ALT tags to your images and videos.

  • Smart Keyword Usage

Do not neglect keywords, use primary and secondary keywords to move your website to a better ranking position within the search engines.

Best Practices: Steps to GDPR-Compliant Use of Google Analytics

If you’re using Google Analytics to collect data and measure your website’s performance, under GDPR Google Analytics acts as a data processor leaving you with data controller role. Here’s what you can do to ensure these relationships are safe in terms of GDPR:

  • Accept the Data Processing Amendment:
    • Log into Google Analytics.
    • Go to ‘Admin.’
    • In the Account column, click ‘Account Settings.’
    • Under Data Processing Amendment, click ‘Review Amendment.’
    • After you review the amendment, click ‘Done.’
    • Click ‘Done’ again to save your account settings.
  • Optimize the right to object:

    Google provides a deactivation add-on, but to secure GDPR compliance you can extend the script and set an opt-out cookie to prevent future data collection. Empower your users to declare objection on all systems used since a device-independent usage assignment for a created user ID is not allowed.

  • Set the data retention period:

    Within the Google Analytics menu go to ‘Administration’ and select ‘Property,’ from there click on ‘Tracking Information’ and continue to ‘Data Retention.’ Select the period of data retention from 14 to 48 months in the field ‘Storage of user and event data.’ Set the ‘Off’ status in the field ‘Reset on new activity.’

  • Delete old data:

    In ‘Administration’ select ‘Property Settings’ to delete the old identifiable data with the help of the ‘Move to recycle bin’ button. Expect this data to be deleted within 35 days.

What about AdWords?

Don’t worry, Google has you covered with that, but you still need to look after a few things.

  • Search advertising: The good news is that basic AdWords search advertising doesn’t deal with any personal data; therefore it won’t be affected by GDPR. However, you have to act carefully when it comes to conversion tracking. Since conversion tracking sets cookies in the browser of your site visitors in order to connect their personal data to their keywords searches, the possibility to collect protected data with your AdWords campaign arises.
  • Remarketing: This advertising technique presupposes showing ads based on the user’s previous interaction with your site, so personal data is involved which is the subject to GDPR compliance.
  • Geo-targeting: It’s common knowledge that thorough geo-targeting generates better results. While targeting under GDPR, create specific campaigns for each separate country. Keep in mind it’s a good practice to not target both GDPR and non-GDPR countries within the same campaign.

GDPR definitely brought with it a seismic shift so make sure your SEO and marketing teams are well informed about all the tools and techniques that have been affected by these regulations. Provide relevant training, or even get help by hiring a digital marketing services provider to help secure your company and avoid breaching GDPR compliance.

Don’t let your traffic drop, and most important, don’t lose revenue!