Skip to content
Facebook Twitter Github RSS
Google Tag Manager for WordPress
  • Home
  • FeaturesExpand
    • Basic features of GTM4WP

      You can use many post or page attribute in you Google Tag Manager setup even for custom post types and taxonomies.

      Basic data

      Page / post attributes

      Site search

      User data

      Multisite data

      3rd party data

      Browser attributes

      Device attributes

      Operating system attributes

      Weather conditions

  • SetupExpand
    • Setup advanced GTM4WP features

      Integrate your measurement with WooCommerce, setup Google Analytics 4, Google Ads remarketing or conversion tracking maximizing capabilities.

      WooCommerce related

      Google Analytics 4

      Google Ads – Dynamic Remarketing

      Google Ads – Conversion tracking

      Google Ads – Enhanced Conversions

      Other setup articles

      Exclude WordPress admins

      Embedded media players

  • DevelopersExpand
    • Information for developers and WP managers

      There are several tools in GTM4WP to support your special needs and to adjust plugin behavior to your website or WooCommerce shop.

      Do you want to contribute with a bugfix or a new feature? Visit the GTM4WP’s GitHub page!

      For Developers

      Actions and filters

      WP themes + Proper ecommerce tracking

      For WP managers

      Setup GTM Environments

      Hard code GTM parameters

  • Blog
  • GDPR
Download
Google Tag Manager for WordPress
Home / GDPR

GDPR

GTM4WP and GDPR

The General Data Protection Regulation (GDRP) of the European Union has been with us for many years. Data collection with Google Tag Manager is part of the compliance process for most of you. This also means that many GTM4WP users are interested in be GDPR-compliant when using this plugin.

Disclaimer: I am not a lawyer, but I participated in many GDPR-related projects across many small and large companies. Here I will explain the whole GTM+GDPR topic based on what I have learnt from these projects, but you should always discuss it with your own lawyers. What I can tell you below is logical and makes sense if you read the article carefully.

  • How GTM4WP fits into the GDPR compliance process?
    • 1. While collecting data with your tags
    • 2. While using specific plugin features
  • That is all fine, but I still want to block the GTM container

How GTM4WP fits into the GDPR compliance process?

GTM4WP is a plugin that will help you integrate your Google Tag Manager container (GTM) into your website. For the purpose of simplicity, the term “personal data” should always be understood as “data that can identify a specific person directly or indirectly”.

What does ‘indirectly’ mean? It refers to an identifier that does not directly identify someone, but can be used to join this identifier with another data set to make the identification possible. For example, an order ID. If you have access to the list of orders in a webshop, you can use the order ID to see who was the one ordering the products. If you do not have this access, the order ID itself is not enough to see a specific name or email address.

There are two main cases where personal data processing can take place.

1. While collecting data with your tags

This one is obvious. If you add a marketing tag into your GTM container that collects personal data, you need to ask for the consent of your site visitor in order to do so. Here you need to see the process clearly to understand what can be done with GTM4WP and what is not the responsibility of GTM4WP.

Begin with the soup

As you know, by default, this plugin adds the so-called container code of GTM into your website. This ensures that the data collection mechanism in your GTM container can be executed while a user visits your site. However, this GTM container is empty by default. So if you activate this plugin and you ask the plugin to load an empty GTM container, basically nothing happens. Not only technically, but in terms of GDPR as well: no personal data collection, no personal data processing.

Do you need to ask for consent in this case? No!
Do you need to block the loading of the GTM container itself? No!

Add some spicy ingredients

Now add a web analytics tracking tool into your GTM container.

(Side note: there is another misconception among users as to where personal data is collected. For example, if you are using Matomo to collect visitor data into your own server, that does not make the data collection GDPR-compliant, as the question is WHAT data is collected and processed and not WHERE you are storing the data)

Adding a web analytics tracking code means that there is a chance you will start collecting personal data. It is not necessarily the case, but it can happen. For example, if this web analytics tool processes the IP address of your visitor to populate geographic reports, you are likely in a situation where user consent needs to be handled. But there can be more sophisticated techniques like fingerprinting where someone combines individual, innocent data points and identifies an individual using lots of these innocent data points.

Question: In this case, what needs restricted usage if no consent has been given? The whole container or the tracking code that does the data collection? My answer is: the tracking code. Why would you want to block the whole container if you can block the tag with exception triggers?

Now add a second tracking code that will give you the opportunity to retarget previous site visitors. Does this require user consent? As far as I know, yes. Do you want to block the whole container if no consent has been given? My answer is: no! You should block the corresponding trigger.

Finally, add a tag that does not collect any GDPR-related data. For example, a custom HTML tag that replaces some texts on your site while developers are working on the same but that will release it only 2 weeks from now. No consent management is needed. If, in the first 2 cases, you say that you want to block the whole container, you will block this harmless tag as well.

Should GTM4WP have an option to block the loading of the container based on user consent?

I do not think so. If you have a cookie consent solution, most probably it will store the chosen consent level into a cookie or a browser local storage object. This can be read by GTM itself. You can set up your firing and blocking triggers to stop data collection if proper user consent is missing. In some cases, this means that GTM4WP will load your GTM container, but GTM itself (!) will not fire any tag due to the lack of proper consent.

Also, Google’s Consent Mode can also help you to configure proper tag behavior based on user consents.

2. While using specific plugin features

Besides the GTM container, there is another entity that can be really useful while setting up your tracking in GTM. The data layer is a small data storage in the memory of your browser that is created by GTM4WP. It is important to know that the data layer gets created on each page load and gets destroyed while the page is unloaded from the browser. It does not provide persistent data storage..

Some plugin features add personal data into the data layer. For example, the name and email address of the customer in your WooCommerce shop. All features that put such data into the data layer are disabled by default.

How to deal with personal data in the data layer?

The first option is quite obvious: you can choose not to enable those features. You will see a short notice next to each such feature on the admin area so that you are aware of what kind of data is used there.

The second option is more complicated, but should work as well. In my opinion, as long as you do not set up tracking in your GTM container to read these personal data and transmit them to a specific service, I do not see any reason to ask for the user’s consent. If you set up such a tag, you will need to get the consent from the user using a cookie consent banner software. Then read the status of the consent from the appropriate cookie and block this tag or the specific tag parameter if no consent has been given.

Most importantly, you are in charge, you are the one adding personal data processing into your measurement and you have the necessary controls in GTM to make it GDPR-compliant.

And what about cookies stored by GTM4WP?

Specific GTM4WP features store cookies indeed. Remember: GDPR is not about asking for consent to store cookies. It is about asking for consent to store and process personal data. Some cookies can support processes that involve personal data processing, while some do not. Cookies of GTM4WP are harmless and do not involve personal data processing, thus there is no need to ask for user consent to create them.

That is all fine, but I still want to block the GTM container

If the above explanation does not satisfy your needs, there is still a way to block the loading of the container in case of missing user consent. Since there are many cookie consent solutions on the market, there is no way I can provide you a unified way to achieve this. You will need a developer to make this work.

  1. Select the “Off” container placement option in the plugin options. This will disable the output of the container code, but will keep the data layer intact
  2. Create a code that checks for user consent. This might be a JavaScript code that you place into the header.php file in your template directory or a PHP code placed into the same file, but with a different technique
  3. If user consent is present, create a code that will output the GTM container manually

This way, you will have full control over GTM container loading. Based on my standpoint above, I would really encourage you not to do so.

© 2025 Google Tag Manager for WordPress - Privacy policy

  • WordPress.org plugin page
  • Plugin support
  • Plugin reviews
Cookies are not evil
This website may use cookies to remember your log-in details, to optimize site functionality for your use, and deliver marketing based on your interests.

This does not include collecting any personal data of you. In any case we need to process any of your personal data, we will ask for your specific consent later for sure.

Accepting this message only means that we will be able to analyze site content performance using larger buckets of users and to deliver tailored messages to those user buckets. We will be not able to analyze your activity alone especially not in a way where your name or any personal data of you is attached to this analysis.

Accept Settings
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-*1 yearUsed by the cookie consent manager of this website to remember your choice of cookie usage.
gtm4wp_last_weatherstatusend of user sessionUsed by a plugin of this WordPress website to dump debug related non-personal data about the weather data identified during your site visit.
Advertising
Tracking codes that could be used to tailor our messages based on your interests. This does not mean that we will be able to track your activities alone especially not in a way that would allow us to connect your name or other personal data to your website activities.
Statistical
Tracking of website usage without using any feature that would involve personal data processing either by us or by our tracking vendor. This includes IP address anonymization and disabling features related to interest based advertising.
Save & Accept
  • Home
  • Features
    • Basic features of GTM4WP

      You can use many post or page attribute in you Google Tag Manager setup even for custom post types and taxonomies.

      Basic data

      Page / post attributes

      Site search

      User data

      Multisite data

      3rd party data

      Browser attributes

      Device attributes

      Operating system attributes

      Weather conditions

  • Setup
    • Setup advanced GTM4WP features

      Integrate your measurement with WooCommerce, setup Google Analytics 4, Google Ads remarketing or conversion tracking maximizing capabilities.

      WooCommerce related

      Google Analytics 4

      Google Ads – Dynamic Remarketing

      Google Ads – Conversion tracking

      Google Ads – Enhanced Conversions

      Other setup articles

      Exclude WordPress admins

      Embedded media players

  • Developers
    • Information for developers and WP managers

      There are several tools in GTM4WP to support your special needs and to adjust plugin behavior to your website or WooCommerce shop.

      Do you want to contribute with a bugfix or a new feature? Visit the GTM4WP’s GitHub page!

      For Developers

      Actions and filters

      WP themes + Proper ecommerce tracking

      For WP managers

      Setup GTM Environments

      Hard code GTM parameters

  • Blog
  • GDPR
Search