GDPR, Google Tag Manager

How to Set Up GDPR Cookie Consent From Google Tag Manager

Much talked and awaited, the day has finally arrived – May 25, 2018, when GDPR (General Data Protection Act) goes into effect across European Union.

Google Data Retention Controls

From now onwards, all websites, e-commerce, and other online businesses will need to comply with the new set of rules. In a recent email sent out to analytics admin by Google introduces product updates that will help all online businesses to get ready for data privacy compliance.

Besides the email, Google shared a product update. Google is introducing Data Retention Control, which will allow individuals and businesses to manage how long Google stores user data on their servers. Data Retention Control will come into effect today.

GDPR support

The new laws have been designed to give citizens across Europe, better control over their personal information usually collected, stored, analyzed, and used by social media companies, banks, retailers, and government agencies.

The new rules are aimed to simplify the regulatory environment for businesses so that citizens and businesses in the European Union benefit from the digital economy. The reforms are designed to protect personal data and privacy of internet users with their consent and permission.

Next action for businesses.

GDPR applies to all organizations operating within the EU, as well as all businesses outside EU which offer goods or services to customers in the EU. This means that every major corporation in the world needs to be ready with GDPR compliance from today.

The new regulations will change the way analytics, remarketing, and data collection will work for businesses and it is mandatory for them to set-up a cookie consent form using Google Tag Manager (GTM) on websites to comply GDPR Act. Given below are steps to furnish an ideal cookie consent form.

  • Detect the location of your business and check whether you’re in the EU
  • Based on your location, display the cookie consent (or not).
  • Request cookie consent.
  • If you approve, place analytics cookies.
  • By default, it lets the visitor browse the site, while turning off analytics cookies, provides a seamless experience.
  • Since GDPR goes into effect today, companies will need time for development.

Further, organizations will need to use GTM to create a cookie consent banner which will pop up at the bottom of their sites for EU visitors. The banner invites visitors to opt-in. If they don’t, they can still browse the website, but GTM will not fire cookies which require consent. Follow these steps.

Sign-up on for an account

This will help you identify visitors from the EU. An API will be provided after signing-up. The API will help in completing the task. Save it for later. It is free for 1000 requests per day. Check out pricing options.

Sign-up on for an account

Create a banner for cookie consent

Insites helps generate a Cookie Consent banner that matches the look and feel of the site. Link it to the privacy policy and choose the “opt-in” method under “Compliance Type.” Once the configuration is and banner style is ready; copy the code and save it for later.

Configure Google Tag Manager (GTM)

This is where codes, triggers, and tags will come into action.

  • Set-up country look-up – Set up a Custom HTML tag with a JavaScript to question the IP Info API and return the country code of the visitor.

  • Here, replace YOUR-TOKEN-GOES-HERE portion with the API Token from Step 1.
<script type="application/javascript">
  function callback(json) {
    dataLayer.push({'event': 'ipEvent', 'ipCountry':});	
<script type="application/javascript" src=""></script>
  •  Now create a data layer variable to pull the value of that Country Code.
  • Data Layer Variable

  •  Once the Country Code is available in the data layer, use a Lookup Table variable to look for each of the EU Alpha-2 Country Codes and return a “Yes” if they are in the EU and a “No” for rest of the Country Codes.
  • Country Codes

  •  This will trigger “IP Event – EU” that will show/hide the Cookie Consent banner based on visitor’s location.
  • Trigger Location

  •  Now take the Cookie Consent Banner from step 2 and create a Custom HTML tag to report when the “IP Event – EU” trigger matches its rules. If visitors accept, the banner sets a first-party cookie, else, no cookies for them.

  •  There’s a need for a trigger that verifies the corresponding cookie value if the visitors accept. Once the trigger executes, a data layer event will be triggered. The “cookieConsent” Custom Event becomes the trigger used to fire tags for EU visitors.
  • Verify cookie is in place

    dataLayer.push({'event': 'cookieConsent'});

For non-EU visitors, make sure this exercise does not affect tracking for non-EU visitors. If so, delay the tags to fire on Window Loaded and ensure “In The EU” variable equals “No.” This will give a chance for Country Code process to run.

Finally, before you go live, we suggest you test the process entirely or use preview mode on Google Tag Manager. We aren’t sure what and how GDPR rules will impact the businesses in EU in terms of website visitors, remarketing process, or penalties resulting from privacy abuse. But, yes, to be safe and to maintain reputation, we recommend complying with GDPR Act.