Visit Düsseldorf Logo
Customer Success Story

How Düsseldorf Tourism generated 40% more data in compliance with the GDPR with DWC

Düsseldorf Tourismus, like many companies, uses analytics data, always taking care to collect it in a GDPR-compliant way from the web analytics tool Google Analytics to improve the user experience on their website. DWC assisted with the setup of a Google Server Tag Manager, which not only significantly improved the amount and quality of data collected, but also implemented an effective, privacy-compliant strategy by transitioning to first-party data.

40% More Data

By integrating a Google Tag Manager, Düsseldorf Tourism generated 40% more data.

100% Compliant

Our expertise in the area of consent management ensured data protection compliance.

100% Data Control

Full data control by bypassing all common browser tracking preventers and adblockers.

The Approach

About Düsseldorf Tourism

Düsseldorf Tourismus GmbH is a modern urban tourism organization that promotes Düsseldorf as a tourist destination nationally and internationally. Products, services, stories, and events are designed to inspire and evoke the dynamic and hometown-loving spirit of the city, creating a desire to experience its lively atmosphere. The company works closely with local, regional, national, and international partners. Its services for guests include hotel accommodations in the incoming sector, city tours, and tourist information.

With a constant stream of current travel reasons, Düsseldorf Tourismus presents the destination in relevant source markets and actively supports the local industry with the B2B networking event “Travel InDUStry Forum.” Various communication measures showcase events, culture, shopping, and cuisine in a manner targeted to potential visitors.

The Problem

Düsseldorf Tourismus GmbH, which is operated by a public body, attaches great importance to compliance with German data protection laws, including the General Data Protection Regulation (GDPR) and the Telecommunications and Telemedia Data Protection Act (TTDSG). The use of Google Analytics, a web analytics software from an American provider, has been criticized internally. This is due to the fact that the software transfers personal data to the USA. This is particularly problematic as most of the metrics analyzed by Düsseldorf Tourismus – such as page views, popular products and entry and exit pages – do not actually contain any personal data.

However, the way client-side tracking works means that a large amount of metadata, including some personal information such as IP addresses, is sent directly to the web analytics provider (in this case Google) every time a page is accessed. Due to this metadata, explicit consent is always required for client-side tracking. The lack of consent, together with browser tracking prevention (e.g. in the Safari browser) or ad blockers, means that a significant proportion of the available data is lost.

The Challenge

The key challenge for Düsseldorf Tourismus was to implement a tracking system that would both personalize the customer experience and meet the strict data protection requirements of a public institution. The aim was to comprehensively protect customer data and at the same time enable effective tracking in order to generate personalized recommendations and offers. By using the previous cookie banner, many consents and therefore important customer data for analysis purposes were lost. For this reason, the company decided to engage a consulting firm specializing in consent management and server-side tracking.

The Solution

Düsseldorf Tourismus faced various challenges: the impossibility of processing basic data without personal data, a reduced database due to a lack of consent and browser tracking prevention, and a lack of control over data sent to Google.

To overcome these problems, the company decided to use a server tag manager. This first-party server receives data directly from the user’s browser and forwards it to Google to varying degrees depending on the consent status. If a website visitor does not give consent, no personal data is collected and no cookies are used. In this case, the server tag manager only transmits basic data to Google, but without any meta information. Users who have consented to the processing of their personal data via the consent management tool will continue to be tracked in full. The use of the first-party server tag manager also ensures that browser tracking prevention and ad blockers cannot take effect.

Used Technology:

Cloudflare
Google Server Tag Manager
Google Web Tag Manager

Privacy Compliant According to:

DSGVO
TTDSG
Server Side Tagging Progress

The Collaboration

The Path to DWC

In their search for an expert in consent management and server-side tracking, Düsseldorf Tourismus came across DWC. DWC was chosen due to its extensive expertise and many years of experience in the areas of consent management and server-side tracking. The decisive factor was DWC's ability to effectively mediate between data protection, digital analytics and cloud management. This interface competence ultimately convinced Düsseldorf Tourismus of its suitability as a partner.

First-Party setup

The first-party construct consists of a Google server tag manager in the cloud and the Cloudflare content delivery network. Within this system - depending on the consent given - personal data is removed or data is enriched before it is forwarded to Google Analytics. This procedure enables user data to be processed and analyzed in compliance with data protection regulations.

The infrastructure

The infrastructure was designed to enable efficient use of cloud resources and thus offer a cost-effective overall model. The use of caching and a firewall minimizes the load on the origin server. This results in less traffic and computing power being charged in the cloud. The App Engine, a cloud product, is particularly characterized by its ability to scale quickly and automatically with increased traffic and short latency times.

The process

For users who have given their consent, comprehensive tracking takes place. For users without consent, however, data collection is limited to so-called “basic data”, which does not contain any personal information. This basic data only includes anonymous values, as shown in the image on the right.

In addition, this information is transmitted to Google with a generated user ID. In contrast to tracking with consent, this user ID is not stored in the browser as a cookie. Instead, it is calculated on the server side based on various characteristics of the visitor, supplemented by a date stamp and a security key (salt), and encrypted using the SHA256 method. Neither Google nor Düsseldorf Tourismus are able to decrypt the original values of this ID.

The Result

The collaboration between Düsseldorf Tourismus and DWC has created considerable added value for the customer. By introducing its own tagging server, Düsseldorf Tourismus can now capture 100% of customer data while maintaining data protection compliance. Compared to conventional client-side tracking, the amount of data collected has increased by almost 40%.

The comprehensive analysis of customer data enables the company to better understand the preferences and needs of visitors and offer customized content. This increases customer satisfaction and contributes to achieving business goals in the long term. The implementation of first-party data collection ensures the customer has complete control over the data, giving Düsseldorf Tourism great flexibility for the future. Updated data protection guidelines or the introduction of new tracking services can thus be integrated quickly and efficiently.

The close cooperation with DWC enabled the project to be implemented quickly and cost-effectively, resulting in a significant increase in efficiency and business optimization.

Leverage our expertise in a free initial consultation

Find out more about how you can benefit from consent management as a critical component of your company’s strategy.