Following rigorous assessment by UKAS accredited standards auditors, URS, we’re pleased to announce that we’ve met the requirements of ISO27001 certification, meaning that our internal processes and procedures have been approved by the world’s best-known standard on information security management.

ISO27001 sets out what is required to effectively implement a robust information security management system (ISMS). It provides a framework and guidelines for organisations like us to follow and supports the maintenance and improvement of our ISMS going forward. 

We’re a full-service digital agency who endeavour to do the very best for all our clients. While we have always been compliant with the principles of the ISO27000 series of information security standards (cybersecurity has, of course, always been a top priority in our line of business), our ISO27001 information security management system has now been officially recognised and certificated.

Information security demands a strategic approach. Achieving and maintaining ISO27001 assures our clients and partners that we’re protecting their information and data by carrying out thorough risk assessments, applying stringent policies and controls, and operating as safely and securely as possible at all times. 

It’s not only about the technical measures we put in place though; we also ensure that our business controls and management processes adequately address the information security threats and opportunities that we’ve identified and evaluated in our risk assessment. By implementing best-practice, we ensure a well-rounded perspective that addresses people, processes and technology.  

With our holistic approach to ISMS now backed by ISO27001 certification, we’re a digital agency that you can trust to secure and maintain the confidentiality and integrity of your business. We can assure you that our robust policies, procedures and controls will keep your information assets protected and secure.

 Demonstrating our commitment to information security as an ISO27001 certified digital agency

If you are a business of any shape, size or sector with an online presence, cookies will (or should) have become a key consideration in recent years. Online privacy and data protection has become a prime concern (and rightly so), with users far more savvy as to how their data is or isn’t being stored and utilised.

We strongly suggest a level of cookie control is implemented as a standard on all sites (e.g. OneTrust, Civic etc) which safeguards businesses against potential cookie breaches. With such tools cookies are separated into categories - including ‘necessary’ (cookies that simply have to be created for the website to function), ‘analytics’ (cookies that are used to collect data as regards website performance e.g. Google Analytics), ‘marketing’ (cookies that collect user information in order to fuel marketing campaigns e.g. remarketing). Users are then able to select or deselect each cookie category and only those cookies which have been selected will be created.

Although it sounds relatively straightforward, the trouble comes when merging this concept with any tracking or tagging you might have already created or wish to create in the future (certainly if there is a degree of complexity to it). For example if you were to implement cookie control on a site which already had hundreds of tags attached to fire onsite via a number of different ways (e.g. page load, user interaction), that’s a lot of rewiring you’re going to have to do to get your site up to code!

It is with this backdrop of site owners wrestling with both these enhanced expectations when it comes to user privacy and desire to holistically monitor website performance that Google launched Consent Mode as a beta offering in September 2020. In its own words it:

‘…lets you adjust how your Google tags behave based on the consent status of your users. You can indicate whether consent has been granted for Analytics and Ads cookies. Google's tags will dynamically adapt, only utilizing measurement tools for the specified purposes when consent has been given by the user.’

What this means in effect is that Google will do the ‘heavy lifting’ in deciding what tags should fire (and where the data is sent to) based off a user’s consent settings.

Implementation is achieved through configuration of your Google Tag Manager and your Consent Management Platform. This process is far slicker than a host of other alternatives to Consent Mode (such as trigger groups) and also takes up far less space in your GTM container (with one such client we implemented Consent Mode on saving around 42% worth of container space!). However to emphasise this point, as it’s an important one, Consent Mode does not replace a Consent Management Platform. You will still need a OneTrust or a Civic or another CMP in order for Consent Mode to function.

A fundamental difference between how Consent Mode works and other cookie control methods is that Consent Mode doesn’t prevent data from being collected even if consent is denied, it simply anonymises the data and prevents you from viewing it (Google still receives the data).

This is where somewhat of a grey area comes into play, so as to answering the question; ‘is Google Consent Mode privacy law compliant?’ The answer really is ‘according to Google, yes’. Now is that good enough?

It’s fair to say the combination of Google and privacy law has been a topic of increased discussion in recent years, with rulings in 2022 by both Austria & France deeming GA’s implementation a breach of GDPR & EU privacy laws. Indeed although GA4, the newest iteration of Google Analytics, does have more of an accent on privacy, it certainly can’t be said that Google is seen as wholly privacy law-compliant by ruling bodies.

It is in this environment to which Consent Mode has been introduced. This has made some naturally more than a little sceptical, leaning more towards a judgement that any data collected by Google after a user has selected ‘no’ in tracking a breach of GDPR (even if no cookie is created). This is an argument which certainly could be argued.

Cookies - formerly only known as a snack now comes to represent something far more complex in the digital world. Is Consent Mode the answer?

Cookies and privacy are massively hot topics in the digital space at the moment, can Google Consent Mode be both a safe and effective solution?

Unsure if your site is cookie compliant? Get in touch to ensure your good to go with the latest security standards.

A common word which might feature in discussions around Consent Mode may be ‘interpretation’ - a word which could make some a little nervous when it comes to legality. However, we would also emphasise that, at this point, we cannot find legal precedent either way as regards to Consent Mode and you would also like to believe that given Google’s heightened awareness around privacy laws they would not be launching a new feature which would apparently flagrantly disregard these rules.

We would suggest implementation of Google Consent Mode will depend on which half of the above paragraph your sentiment is drawn to. We have witnessed first hand how much easier Consent Mode can make wiring up user consent to user tracking and how much it can optimise your Google Tag Manager container. However, there are still lingering privacy concerns which make it difficult to embrace fully as the future without a more definitive legal ruling. With this in mind it may indeed be useful to consult legal advice (if available to you) in order to gain that all-round perspective you might be seeking. 

If you’re in the UK, you may also be awaiting the progress through parliament of the new Data Protection and Digital Information Bill (completed its second reading at time of writing). The UK government seems to be adopting a slightly softer approach to cookies than their EU counterparts and it will be interesting to see how any amendments or subsequent adoption of this bill will affect data gathering generally or Consent Mode specifically here.

Let us know if you have any thoughts around Google Consent Mode and we’d be delighted to take the conversation further, we think it’s a topic primed for a debate! Find us on Twitter, LinkedIn & Instagram or give us a shout at hello@wearecore.co.uk.

I don’t want to alarm you too much but this time next year you could be seeing this when you login to your Google Analytics account.

In this article we discuss the upcoming arrival of the much-discussed GA4 reporting iteration of Google Analytics and what it could mean for your data.

Google Analytics is the reporting behemoth that changed the game. Owners of sites of all sizes and sectors can today accurately judge the performance of their online presence with this free bit of software. Its popularity reflects its value, with over 60% of all the top 100,000 sites with the highest traffic volume on the web utilising it.

However, note the graph below and its drop off in recent years.

While there are other reasons this dip may have occurred (namely the cookie quandary as regards EU law discussed later in this article), we do also wonder whether another bit of news has caused some to question their reporting choices.

GA4 is the latest version of Google Analytics, launched in October 2020 and is now the default version when setting up a website with GA reporting. Since launch, however, you have still been able to both continue to utilise Universal Analytics*, the previous iteration, and set up new accounts with UA if you desired. 

That has now changed. In March 2022, Google announced that from July 2023 it would stop processing hits for Universal Analytics properties and GA4 will become the only option in Google Analytics tracking.

But that’s no big deal right? It's the same company providing the service, it’s just a new iteration of reporting tool surely? The change from GA2 (Classic) to GA3 (Universal Analytics) in 2012 wasn’t a huge change at all, I’ll just swap out the code and job done.

We have to emphasise GA4 is a fundamentally different entity to Universal Analytics. It reflects Google’s move to an events-based system of measurement as opposed to Universal Analytics’ recording of page hits, event hits, ecommerce hits & social interaction hits which we have been used to for a long time.

Put simply this means there are a number of metrics which we know are currently key reporting points for many of our clients which will no longer be available in GA4. This includes (but is not limited to):

We’d be surprised if in your current reporting set up you don’t use any of the above metrics!

If that’s caused a bead of sweat to form on your brow then let’s get started on what should be done to tackle this. There are two options we would consider:

This move is happening, so we really want to gain as much time as possible in acclimatising your reporting requirements within this new system. This will allow for as seamless a transition as possible in July of next year, while we can also compare data between Universal Analytics and GA4 accounts in the meantime to get a sense of perspective between the two data sets.

Additionally we’re not really sure how Google is going to be dealing with historical Universal Analytics data once the switchover occurs (although they have said they will allow us to view historical UA data for six months after July 1st), so as much historical data as possible in GA4 is going to give us more data period in which to work with in the future.

Option 2 - Move to a different reporting solution

As referenced earlier on in this article, Google has come under a fair bit of heat in recent years as regards to how it complies with EU privacy law & GDPR, with Austria at the beginning of 2022 ruling that the use of Google Analytics itself was illegal! 

So perhaps with Google now no longer able to show you the data you are used to and with its very presence deemed illegal to some, now is the time to consider alternatives?

There are plenty of reporting platforms out there which can provide similar data points to what you might require. However, to clarify these will be paid solutions which might be difficult to stomach after so many years of previously free reporting.  

No matter which option you might be leaning towards we’d be happy to provide our own opinion on what might be right for you and your business.

The important takeaway from this article is that you need to be proactive. Data provides the backbone on both how your site (and by extension a proportion of your business) is performing and how you can improve it. Don’t be left behind on the big switchover July 1st and be prepared!

*Just a note if you’re wondering whether you use Universal Analytics currently (you’re very likely to be doing so!) if you quickly hop on a Google Tag Assistant extension for your website and you note a Google Analytics tag which has a code starting with ‘UA’ (e.g. UA-12345678-9) then you are indeed a UA user.

**Update 14/07/22 - Google has now announced they are introducing bounce rate into GA4 although it is calculated slightly differently to that of UA. It'll be interesting to see how this different way of measuring bounce rate will affect benchmarks!

It’s true to say we’re approaching a potentially vital turning point in the reporting of your website and you might not even know it.

What does the move to GA4 actually look like and what should you do to safeguard your ability to accurately monitor website performance moving forwards?

Cyber Essentials Plus is the highest level of certification awarded by the Cyber Essentials scheme. It shows that we’ve passed an information security and cyber threat audit conducted on our processes and systems by external cyber security experts. 

While we’re delighted to have achieved Cyber Essentials Plus certification, it’s only one part of making sure that our systems and professional practice are as watertight as possible against today’s ever-increasing risks of doing business online. We’ve also secured accreditation from FSQS and we’re currently working towards ISO 27001 accreditation (scheduled for assessment in Autumn 2022).

The Financial Services Qualification System provides a cohesive and collaborative platform for managing supplier compliance assurance information. It provides finance companies with a fast and efficient system for assessing suppliers, therefore cutting out a lot of red tape.

We’ve gained this key accreditation through our ongoing commitment to excellent security and compliance, and the process has also enhanced the professional development of our team. We completed a rigorous audit process, meeting standards across several areas.

The bottom line is that financial institutions know they can trust us as a provider. Having achieved the FSQS benchmark for potential partners we can approach them knowing that we can deliver the extra assurance they need and make it easier for good, safe business to happen. 

We’re extremely proud to have reached these milestones with FSQS and Cyber Essentials Plus. Our dedication to ongoing professional development, both as individuals and as an agency, is vital in providing our clients with an exemplary service that operates at the cutting edge—digital evolves and so must we.

Update: In Autumn 2022 we successfully passed ISO 27001 accreditation - read more about what this entails in our insight post

We're pleased to announce that our team has achieved Cyber Essentials and Cyber Essentials Plus certification for a third year running. 

Strengthening security for ourselves and our clients

ISO27001 certified digital agency

Certification vs compliance

For you and us

A safe pair of hands

View more insights

Introducing Google Consent Mode

GA4: revolution not evolution

Strengthening security for ourselves and our clients