How to capture visitor source with GTM, if they have agreed to privacy policy (GDPR)

Question

I have a website in the UK that needs to comply with GDPR, so we ask for consent (via a standard banner with an 'accept' button) before we run scripts like GTM.

Many of our visitors do click that 'accept' button when they arrive on the site (before they move onto another page); upon that event, we lazyload GTM, and within it, Google Analytics (see Is it a good idea to lazy load GTM) however that doesn't seem to capture their referral source/medium (whilst as an example, if we were to load it immediately in it does capture it, but that's not GDPR compliant as I understand).

What then happens is that we have a lot of traffic with no known source, which makes business management / marketing decisions very difficult.

Is there a better way of loading GTM to ensure we do capture the medium/source in Google Analytics for visitors who consent on their landing page?

Answer 1

Google Analytics reads the source based on the referrer, if this is lost it cannot know where the user came from. It is not a good practice to block the tracking, it can probably be enough to anonymize the IP with anonimyzeIp.

Even if you were able to do as you said, it makes no sense that Analytics start tracking from the second page and that the source is attributed to this page, because it is not the reality, this is not really the langing, you would base the analysis on untrue data...