Recherche avancée

Sur d’autres sites (7734)

• Understanding GDPR compliance : Key principles and requirements

  28 août, par Joe

  Any company with an online presence will likely collect customers’ personal data in the normal course of business. But those with customers residing in the European Economic Area (EEA) — basically, the European Union (EU) plus Iceland, Liechtenstein and Norway — must comply with the General Data Protection Regulation (GDPR). Companies serving UK data subjects post-Brexit must also abide by the UK GDPR, which includes certain regional variations.

  GDPR authorities are only concerned with personal data (not with non-personal or anonymous data), ensuring that it’s collected, used, and stored in a way that respects users’ rights and privacy.

  Failure to comply can present serious business risks, including :

  • Financial penalties (more about that shortly)
  • Compensation claims from data subjects for mishandling their information
  • Reputational damage (if/when a data breach does occur)
  • Disruption to operations
  • Personal accountability of executives (including potential sanctions)

  This article explores the GDPR and personal data protection, the rights it confers on European data subjects, and how those rights are enforced. We’ll wrap up with an 11-step plan for GDPR compliance. 

  Let’s begin.

  The price of non-compliance

  The largest fine so far levied for GDPR non-compliance is €1.2 billion in May 2023. It was imposed by the Irish Data Protection Commission (DPC) on Meta (previously Facebook). And it was because of Meta’s transfers of EU/EEA data subjects’ personal data to the US from 16 July 2020 in breach of GDPR international data transfer rules.

  Many other fines have been levied for GDPR non-compliance, and there’ll probably be a lot more in the future :

  Penalty	Company	Supervisory Authority	Date
  €746 million	Amazon	Luxembourg National Commission for Data Protection (CNDP)	16 July 2021
  €405 million	Meta	Ireland’s Data Protection Commission (DPC)	5 September 2022
  €390 million	Meta	Ireland’s Data Protection Commission (DPC)	6 January 2023
  €345 million	TikTok	Ireland’s Data Protection Commission (DPC)	1 September 2023
  €310 million	LinkedIn	Ireland’s Data Protection Commission (DPC)	30 October 2024
  €290 million	Uber	Dutch Data Protection Authority (DPA)	26 August 2024

  Those are big numbers. European supervisory authorities take enforcement seriously

  So, what is personal data anyway ?

  GDPR defines personal data as any information about a data subject (an identified or identifiable individual). This covers both direct (name, address, ID numbers, etc.) and indirect identifiers (IP addresses, location data, etc.). It categorises personal data into two types : general and special category.

  General data includes identifiers like names, contact details, and financial information. 

  Special category data, such as racial or ethnic origin, health data, biometric information, and sexual orientation, needs more protection. 

  The processing of special category data is only allowed under certain conditions, for example, if consent was given explicitly or if vital interests (e.g., a threat to life), legal obligations, or public interest are involved. GDPR emphasises safeguarding sensitive data due to its potential impact on individuals’ privacy and rights.

  Important GDPR terminology

  Apart from the data subject, personal data, and special category data mentioned above, GDPR introduces other legal terms and concepts organisations must understand. A data controller decides what personal data to collect and how to use it. A data processor processes the data on behalf of the data controller.

  A Data Protection Officer (DPO) oversees GDPR compliance. Processing is any operation performed on data, such as collecting, analysing or storing it. That processing must also have a lawful basis, such as consent, contract, or legitimate interests. And consent must be freely given, specific, and easily withdrawable. 

  A data breach involves unauthorised access to or loss of personal data. A Data Protection Impact Assessment (DPIA) identifies risks to individuals’ rights. Data minimisation requires organisations to minimise what data they collect. Countries in the EU/EEA have appointed a supervisory authority to enforce GDPR in their territory.

  Rights of EU/EEA data subjects under GDPR 

  GDPR grants specific rights to individuals (data subjects) who are physically present in the EU/EEA when their personal data is processed, regardless of nationality or residence status. The business’s physical or legal presence is irrelevant, as the determining factor is the data subject’s location at the time of processing.

  Non-compliance can lead to significant penalties and even criminal charges in jurisdictions where such penalties are enforced under national law. 

  To support responsible data practices, the GDPR defines key foundational rights.

  Transparency

  Two rights granted to data subjects in the EU/EEA under GDPR relate to transparency :

  1. The right to be informed (proactive, applies at data collection)
  2. The right of access (reactive, applies when the data subject makes a request)

  They provide transparency by mandating that data subjects be provided specific details about that process, including :

  • Company or organisation processing the data (with contact details)
  • Reasons for using the data
  • Categories of personal data involved
  • Legal basis for processing the data
  • How long data will be stored
  • Other companies, organisations, or third parties with access to the data
  • Whether data will be transferred outside the EU/EEA

  Privacy notices should meet the standards in GDPR Articles 12–14, covering what data is collected, for what purpose, and how users can exercise their rights. 

  For a deeper dive, check out : How to write a GDPR-compliant privacy notice.

  Objections and restricted processing

  Under GDPR, individuals in the EU/EEA have the right to object to the processing of personal data in two key respects :

  1. They can object to direct marketing, after which organisations must stop processing their data immediately, with no justification required.
  2. If data is being processed on the basis of the organisation’s legitimate interests or for tasks carried out in the public interest, data subjects can object if they believe their own rights and freedoms outweigh those interests. Again, processing must stop unless the organisation proves compelling legitimate grounds outweighing the individual’s rights.

  Individuals can also request temporary restrictions on data processing when : 

  • Their data isn’t accurate (until verified).
  • Processing is unlawful, but they prefer restriction over deletion.
  • Their data is no longer being used, but must be retained for legal purposes.
  • After they object to processing while verification of legitimate grounds is pending.

  During restriction, the organisation can continue storing the data, but may not process it without explicit consent or when certain exceptions apply.

  Rectification and erasure

  Individuals have the right to rectify errors in their data and to erasure (deleting data). First, they can request corrections to inaccurate or incomplete personal data. GDPR requires organisations to act without undue delay to ensure that stored data remains accurate and up to date.

  The right to erasure (aka the right to be forgotten) enables individuals to request deletion of their personal data when :

  • It’s no longer needed for its original purpose
  • They withdraw consent, and no other legal basis exists
  • Processing is unlawful
  • They object to processing, and no overriding legitimate grounds exist
  • The data must be deleted to comply with a legal obligation

  Organisations must delete data unless exemptions (e.g., legal compliance, public interest, or legal claims) apply.

  Data portability

  GDPR provides the right to data portability. People can request their personal data in a structured, common, and machine-readable format so it’s easier to review or transfer to another service provider. This applies when data is :

  • Provided by the individual, either directly (e.g., name, email) or indirectly through use of a service (e.g., purchase history)
  • Processed based on consent or a contract
  • Handled using automated means

  Portability does not apply to personal data processed on the basis of legal obligations or legitimate interests. ItT only applies when processing is based on consent or a contract, and carried out by automated means.

  Where technically feasible, GDPR also requires organisations to facilitate direct transfers of personal data to another controller at the subject’s request.

  

  Automated decision-making and profiling

  GDPR grants EU/EEA data subjects the right not to be subject exclusively to automated decision-making, with legal or similarly significant effects, without human involvement. This applies to issues affecting them, such as job screening, loan approvals, or insurance pricing. They can :

  • Request human intervention : A real person must review the decision.
  • Express their viewpoint : Provide additional information or dispute the outcome.
  • Challenge the decision : Demand justification and correction if unfair.

  For example, imagine someone applying for a loan online, and the algorithm rejects the application based on credit history. They can request a human review to ensure fairness and consider special circumstances, such as recent debt clearance.

  However, GDPR also provides for some exceptions. Automated decisions are allowed if one of the following statements is true :

  • It’s obtained with explicit consent.
  • It’s necessary for a contract.
  • It’s permitted by law, with safeguards.

  How is GDPR enforced ?

  GDPR enforcement is carried out primarily by national supervisory authorities in each EU/EEA country. These authorities investigate complaints, conduct audits, and impose penalties for non-compliance within their jurisdictions. In cross-border cases, they collaborate through the one-stop-shop mechanism, which designates a lead authority to coordinate enforcement.

  The European Data Protection Supervisor (EDPS) is the independent data protection authority for EU institutions and agencies. It does not supervise private-sector or national public-sector organisations and is not a general enforcer of the GDPR.

  The European Data Protection Board (EDPB) is the body responsible for ensuring consistent application of the GDPR across the EU/EEA. Made up of representatives from national supervisory authorities and the EDPS, the EDPB issues guidelines, resolves disputes between authorities, and adopts binding decisions in cross-border matters.

  The origins of GDPR

  The EU’s regulation was adopted in 2016 to replace the 1995 Data Protection Directive (DPD), which predated the digital age. As technology use increased, vast amounts of personal data were collected, analysed, and stored, often without people’s knowledge, threatening their privacy and security.

  The main motivation behind GDPR was to unify the application of data protection rules across the EU/EEA through a directly applicable regulation, rather than a directive that required separate implementation by each member state. The aim was to eliminate fragmentation, ensure consistent enforcement, and strengthen individuals’ rights.

  Enter GDPR. It was agreed upon after years of negotiations between the 27 EU member states, the European Parliament, and the European Commission. It was formally adopted in 2016 and became fully enforceable on May 25, 2018. But there’s a difference. DPD was a directive that had to be implemented separately by member states. From that date, GDPR has been applied uniformly across the EU/EEA.

  The EEA adopted the GDPR on 6 July 2018 and went into force on 20 July 2018. It’s since become a global template, influencing data protection and privacy laws in countries like Brazil (LGPD), India, and Japan. The UK retained GDPR after Brexit, adapting it into the UK GDPR, which closely mirrors the EU version but allows for future divergence.

  Who does it apply to ?

  GDPR protects the personal data of individuals who reside in the EU/EEA. It applies to any organisation processing that data, no matter where it’s located in the world. This remains true even if the data is transferred outside the EU/EEA for storage and/or processing.

  Organisations are having difficulty with this regulation, as evidenced by the fines that have been meted out. Whether the penalties are paid, reduced through negotiation or still owed, their existence is a lingering uncertainty for the companies involved.

  Who must comply

  GDPR applies if you :

  • Have an office or another form of establishment in the EU/EEA, or
    
  • Offer goods/services to data subjects located in the EU/EEA (even if free) or
    
  • Monitor EU/EEA data subjects’’ behaviour (e.g., via cookies or analytics)
    

  What does GDPR require ?

  GDPR requires organisations to respect a clear set of data protection principles : lawfulness, fairness and transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality, and accountability. It also obliges them to ensure that they always have a valid legal basis (consent, contract, legal obligation, legitimate interests, etc.) to process the personal data.

  Data should also not be stored longer than necessary to fulfil the specific purpose for which it was collected. Appropriate organisational measures must be taken to ensure the security and integrity of the personal data and protect it from breaches, loss, or unauthorised access. Should a reportable data breach occur, it must be reported to the relevant supervisory authority within 72 hours. Affected individuals must be informed if the breach is likely to result in a high risk to their rights.

  Organisations must also demonstrate accountability by keeping detailed records of processing activities and conducting DPIAs for high-risk processing. If their core activities involve large-scale processing of special categories of data or regular and systematic monitoring of individuals, they must appoint a DPO. 

  Finally, organisations must implement adequate safeguards when transferring data outside the EU/EEA through the GDPR Chapter V mechanism, such as adequacy decisions, Standard Contractual Clauses, Binding Corporate Rules, etc.

  By adhering to these requirements, organisations ensure compliance with GDPR and protect the data privacy and rights of EU/EEA data subjects.

  11 steps to compliance

  Once you’ve confirmed that the GDPR applies to your organisation’s processing of personal data, you can begin working toward compliance.

  Below, we’ve broken the process into eleven clear steps to help guide you.

  Step 1 : Map your data : Purpose, use and legal basis

  Any organisation operating in the EU, EEA or UK and handling personal data of data subjects in those regions must audit all the personal data it currently holds. 

  Your organisation must identify the legal basis for processing all data subject to the GDPR. If no legal basis can be found or justified, the processing will not be permitted under the GDPR.

  Step 2 : Consider appointing a DPO

  According to the GDPR text, a DPO is mandatory only under certain conditions, mainly due to processing volume and the type of organisation. But there are certain scenarios where it’s required.

  • Public authorities that process personal data as a matter of course, except for courts in their judicial capacity.
  • Organisations whose core activities involve regular and systematic monitoring of data subjects on a large scale.
  • Organisations that process specific “special” data categories (as defined by the GDPR) or data relating to criminal offences as a core activity on a large scale.

  It’s vague, and GDPR doesn’t clearly define “core activity” or “large scale”. If you are unsure whether your organisation falls into these categories, seek legal advice and err on the side of caution. Regardless, even if you are not required to appoint a DPO, it’s a good idea to appoint someone to monitor and oversee GDPR compliance efforts internally.

  Step 3 : Identify supervisory authorities

  This is generally governed by the territories in which an organisation operates. However, GDPR does make provisions for operations that cover multiple countries. In those cases, the GDPR provides a one-stop-shop mechanism to streamline oversight.

  In such cases, a lead supervisory authority (LSA) is designated. Organisations cannot freely choose their lead supervisory authority ; it depends on the location of the main establishment (Art. 56 GDPR).

  Most EEA countries have only one supervisory authority. Germany is the exception. Federal states each have their own DPA, and the Bundesbeauftragte für den Datenschutz und die Informationsfreiheit oversees federal matters. 

  Step 4 : Consider a Data Protection Impact Assessment

  GDPR requires a DPIA when processing is likely to result in a high risk to individuals’ rights and freedoms. Examples include large-scale processing of sensitive data, systematic profiling, public monitoring, or innovative technology use. A DPIA involves describing the processing, assessing necessity, identifying risks, and implementing mitigation measures.

  If the process reveals residual, unmitigated high risks, the DPIA report must be submitted to the nominated supervisory authority for consultation before the processing can proceed. Feedback can be expected within 8 weeks (extendable to 14 weeks), and the recommendations must be implemented. Conducting a DPIA is one way to ensure compliance. It also protects individuals’ rights and avoids fines for non-compliance.

  Step 5 : Establish a data breach process

  Organisations must quickly implement systems to identify and assess breaches for scope and impact. They must act immediately to contain the breach and record all the details and the actions taken.

  

  Data breaches likely to result in a risk to individuals’ rights and freedoms must be reported to the supervisory authority within 72 hours of the organisation becoming aware of the breach. If the breach is likely to result in a high risk to the individuals’ rights and freedoms, the controller has an obligation to inform the affected individuals as well. Data breach processes should also be reviewed regularly and included in staff training. 

  Here’s a simplified version :

  Simplified data breach response checklist
  𝥁	Detect and confirm the breach
  🮱	Contain and mitigate the impact
  🮱	Assess the severity and potential harm
  🮱	Document the breach
  🮱	Report the breach
  🮱	Inform affected individuals
  🮱	Review and improve
  🮱	Train staff in breach response protocols

  Step 6 : Review websites and website form security

  Websites and the forms on them are common gateways for personal data, making them a high-value target for bad actors. Ensuring these entry points are secure is essential to protecting user data and supporting GDPR’s requirements for confidentiality, integrity, and resilience (Article 32).

  Here are some key actions to take : 

  Website and form security best practices
  Use HTTPS with a valid SSL/TLS certificate	Ensure pages that collect/display personal data are served over HTTPS to encrypt data in transit and prevent interception.
  Secure all data collection forms	Validate and sanitize user input to protect against common threats, such as cross-site scripting (XSS), injection attacks, and form spam. Use security headers such as Content Security Policy (CSP) to prevent malicious script execution. Implement CAPTCHAs or other bot detection.
  Restrict access to form submissions	Store submitted data securely and restrict access to authorized personnel. Use strong passwords, enable multi-factor authentication (MFA), and apply role-based access controls (RBAC) where possible.
  Keep your website software up to date	Apply regular security patches to your CMS, plugins, and third-party libraries. Remove unused components and services that may introduce vulnerabilities.
  Monitor and test for vulnerabilities	Perform regular security scans andpenetration tests to identify risks. Monitor error logs and unusual activity, especially around form endpoints.

  Taking these proactive steps to strengthen form security and reduce breach risk will support your organization’s GDPR compliance posture..

  Step 7 : Consider age when required

  Under Article 8 of the GDPR, age verification is only required when :

  • Personal data is being processed on the basis of consent, and
  • The service is offered directly to children (i.e., an information society service provided online)
    

  In these cases, organisations must ensure the child is at least 16 years old, unless a lower age threshold has been set by national law (e.g., 13 in the UK).

  Age verification methods must be proportionate to the level of risk, aligned with the principle of data minimisation, and appropriate for the audience. Common approaches include : 

  • Self-declaration with confirmation prompts
  • Email-based parental consent mechanisms
  • Content gating or notices for services not intended for children

  More intrusive methods, such as biometric estimation, government ID upload, or video verification, should be avoided unless absolutely necessary. When justified, such methods must undergo a Data Protection Impact Assessment (DPIA) and meet the requisite necessity and proportionality standards.

  Step 8 : Implement double-opt-in for all email lists and services

  At present, Germany is the only EU country with a clear legal mandate for double opt-in under its national GDPR implementation and ePrivacy laws. While not explicitly required elsewhere in the EU and EEA, double opt-in is widely recommended as a best practice to ensure explicit consent.

  This process confirms that the user explicitly agrees while reducing opportunities for fraud and improving compliance. It also builds trust, as customers know how you’re handling their data. A clear, up-to-date privacy policy is essential to the process. It must outline how data is used and stored and how an individual’s rights can be exercised.

  For example, obtaining consent in an email marketing campaign may involve the following steps :

  1. The user signs up for a newsletter or service.
  2. They receive a confirmation email/text message with a verification link.
  3. The user clicks the link to confirm consent.

  Step 9 : Restrict international data transfers

  GDPR limits data subjects’ personal data transfer outside the European Economic Area (EEA) unless certain conditions are met.

  Such transfers are not permitted unless one of the following conditions is met :

  1. Appropriate safeguards are in place, such as :
     • Standard contractual clauses (SCCs) approved by the Commission
     • Binding corporate rules (BCRs) for multinational groups
  2. The destination country is one of the following countries that has received an adequacy decision from the European Commission.

  Countries with GDPR adequacy decisions (as of July 2025)
  Andorra	Full adequacy decision
  Argentina	Full adequacy decision
  Canada	Applies only to commercial organisations under PIPEDA
  Faroe Islands	Full adequacy decision
  Guernsey	Full adequacy decision
  Isle of Man	Full adequacy decision
  Israel	Full adequacy decision
  Japan	Adequacy with additional safeguards aligned to EU standards
  Jersey	Full adequacy decision
  New Zealand	Full adequacy decision
  Republic of Korea	Adequacy decision adopted in 2021
  Switzerland	Longstanding adequacy decision (dating back to the 2000s)
  United Kingdom	Adequacy under both GDPR and the Law Enforcement Directive (LED)
  United States	Applies only to commercial organisations certified under the EU-US Data Privacy Framework

  Major fines (like Meta’s €1.2 billion) have already been levied for unlawful data transfers. In addition, third-party service providers and data processors charged with handling EU data must also be GDPR-compliant. 

  If personal data is processed by a third party outside the EEA, organisations must verify that contractual safeguards comply with GDPR Article 28. These processor management safeguards cover :
  

  • Contractual – Defines what the processor is permitted to do with personal data
  • Security – Specifies technical and organisational safeguards to protect data
  • Breach notifications – Requires processors to report breaches in a timely manner
  • Sub-processor oversight – Grants approval rights over any sub-processors
  • End-of-service handling – Ensures return or proper disposal of personal data at contract end
  • Audit rights – Allows controllers to audit processor compliance if needed

  Step 10 : Record of Processing Activities (ROPA)

  GDPR obliges both data controllers and data processors to maintain a Record of Processing Activities (ROPA). This processing register details how and why personal data is processed, and it must include the following : 

  • Name and contact details (and DPO, if applicable)
  • Processing purposes (marketing, HR, customer service, etc.)
  • Data categories (names, emails, financial data, etc.)
  • Data subject categories (customers, employees)
  • Transfers outside the EEA (legal basis, safeguards like SCCs, etc.)
  • Retention periods for each data category
  • Security measures (encryption, access controls, etc.).

  For data controllers, the ROPA must also include the names and details of any people who receive personal data, such as services or processors. The register should also map the flow of data through the organisation (and any third parties), which is needed for audits or analysing a data breach.

  An effective ROPA depends on strong data governance. Clearly-defined processes, ongoing training, and regular reviews are necessary to keep internal policies aligned with how personal data is actually handled in practice.

  Maintaining a ROPA also supports GDPR’s accountability principle : organisations must be able to show compliance, not just claim it. Documented policies, audits, and training records provide the evidence needed to demonstrate this.

  Step 11 : Data subject rights management

  Organisations that collect, store, analyse, or process the personal data of EEA data subjects must regularly advise customers of their rights under GDPR. In particular, they must remind data subjects of their right to submit a Data Subject Access Request (DSAR) and respond promptly to DSARs from individuals requesting access to their personal data.

  Among other things, EEA data subjects may request :

  • Confirmation that their data is being processed
  • A copy of their data
  • Information about how and why their data is being processed
  • The purposes of processing
  • Categories of personal data involved
  • Recipients or categories of recipients who receive the data
  • Data retention periods or criteria used to determine them
  • The data source (if not collected directly from the individual)

  DSARs can be refused if they’re manifestly unfounded or excessive or if providing the data would adversely affect the rights of others. But it’s advisable to use that as a last resort.

  GDPR compliance in practice

  GDPR compliance isn’t automatic — not even with privacy-focused tools like Matomo or reconfigured platforms like Google Analytics 4. 

  Regardless of which analytics solution you use, data protection laws like GDPR and the ePrivacy Directive require organisations to : 

  • Track only occurs when lawful, and with valid user consent when required.
  • Configure privacy settings to comply with the GDPR.
  • Only collect data that is proportionate, transparent, and serves a legitimate, disclosed purpose.

  Even the best tools can fail if they aren’t used properly. That’s why governance, intentional setup, and consistent consent management are necessary parts of compliance.

  Matomo offers secure, privacy-focused GDPR analytics. It includes a built-in GDPR Manager and privacy centre to fine-tune your privacy settings.

  To get started with Matomo, you can sign up for a 21-day free trial — no credit card required. 

• Multilingual SEO : A Marketer’s Guide to Measuring and Optimising Multilingual Websites

  26 juin, par Joe

  The web—and search engines in particular—make it easier than ever for businesses of any size to reach an international audience. 

   
  A multilingual website makes sense, especially when the majority of websites are in English. After all, you want to stand out to customers by speaking their local language. But it’s no good having a multilingual site if people can’t find it. 

  That’s where multilingual SEO comes in. 

  In this article, we’ll show you how to build a multilingual website that ranks in Google and other local search engines. You’ll learn why multilingual SEO is about more than translating your content and specific tasks you need to tick off to make your multilingual site as visible as possible. 

  ¡Vamos !

  What is multilingual SEO ? 

  Multilingual SEO is the process of optimising your website to improve search visibility in more than one language. It involves creating high-quality translations (including SEO metadata), targeting language-specific keywords and building links in the target language. 

  

  The goal is to make your site as discoverable and accessible as possible for users searching Google and other search engines in their local language. 

  It’s worth pointing out that multilingual SEO differs slightly from international SEO, even if the terms are used interchangeably. With multilingual SEO, you are optimising for a language (so Spanish targets every Spanish-speaking country, not just Spain). In international SEO, you target specific countries, so you might have a different strategy for targeting Argentinian customers vs. Mexican customers. 

  Why adopt a multilingual SEO strategy ?

  There are two major reasons to adopt a multilingual SEO strategy : to reach more customers and to deliver the best experience possible. 

  

  Reach a wider audience

  Not everyone searches the web in English. Even if non-native speakers eventually resort to English, many will try Googling in their own language first. That means if you target customers in multiple non-English-speaking countries, then creating a multilingual SEO is a must to reach as many of them as possible. 

  A multilingual SEO strategy also boosts your website’s chances of appearing in country-specific search engines like Baidu and Yandex — and in localised versions of Google like Google.fr and Google.de.

  Deliver a better user experience

  Multilingual SEO gives your customers what they want : the ability to search, browse and shop in their native language. This is a big deal, with 89% of consumers saying it’s important to deal with a brand in their own language.

  Improving the user experience also increases the likelihood of non-English-speaking customers converting. As many as 82% of people won’t make a purchase in major consumer categories without local language support. 

  How to prepare for multilingual SEO success

  Before you start creating multilingual SEO content, you need to take care of a couple of things. 

  Identify target markets

  The first step is to identify the languages you want to target. You know your customers better than anyone, so it’s likely you have one or two languages in mind already. 

  But if you don’t, why not analyse your existing website traffic to discover which languages to target first ? The Locations report in Matomo (found in the Visitors section of Matomo’s navigation) shows you which countries your visitors hail from. 

  

  In the example above, targeting German and Indonesian searchers would be a sensible strategy. 

  Target local keywords

  Once you’ve decided on your target markets, it’s time to find localised keywords. Keywords are the backbone of any SEO campaign, so take your time to find ones that are specific to your local markets.

  Yes, that means you shouldn’t just translate your English keywords into French or Spanish ! French or Spanish searchers may use completely different terms to find your products or services. 

  That’s why it’s vital to use a tool like Ahrefs or Semrush to do multilingual keyword research. 

  

  This may be a bit tricky if you aren’t a native speaker of your target language, but you can translate your English keywords using Google Translate to get started. 

  Remember, search volumes won’t be as high as English keywords since fewer people are searching for them. So don’t be scared off by small keyword volumes. Besides, even in the U.S. around 95% of keywords get 10 searches per month or fewer. 

  Choose your URL structure

  The final step in preparing your multilingual SEO strategy is deciding on your URL structure, whether that’s using separate domains, subdomains or subfolders. 

  This is important for SEO as it will avoid duplicate content issues. Using language indicators within these URLs will also help both users and search engines differentiate versions of your site. 

  The first option is to have a separate domain for each target language. 

  • yoursite.com
  • yoursite.fr
  • yoursite.es

  Using subdomains would mean you keep one domain but have completely separate sites :

  • fr.yoursite.com
  • es.yoursite.com
  • de.yoursite.com

  Using subfolders keeps everything clean but can result in long URLs :

  • yoursite.com/en
  • yoursite.com/de
  • yoursite.com/es

  As you can see in the image below, we use subdomains to separate multilingual versions of you site :

  

  While separate domains provide more precise targeting, it’s a lot of work to manage them. So, unless you have a keyword-rich, unbranded domain name that needs translating, we’d recommend using either subdomains or subdirectories. It’s slightly easier to manage subfolders, but subdomains offer users a clearer divide between different versions of your site. 

  If you want to make your site even easier to navigate, then you can incorporate language indicators into your page’s design to make it easy for consumers to switch languages. These are the little dropdown menus you see containing various flags that let users browse in different languages.

  5 multilingual SEO strategies to use in 2024

  Now you’ve got the basics in order, use the following SEO strategies to improve your multilingual rankings. 

  Use hreflang tags

  There’s another way that Google and other search engines use to determine the language and region your website is targeting : hreflang..

  Hreflang is an HTML attribute that Google and other search engines use to ensure they serve users the right version of the page.

  You can insert it into the header section of the page like this example for a German subdomain :

  <link rel=”alternate” href=”https://yourwebsite.com/de” hreflang=”de” />

  Or you can add the relevant markup to your website’s sitemap. Here’s what the same German markup would look like :

  <xhtml:link rel=”alternate” hreflang=”de” href=”https://yourwebsite.com/de/” /> 

  Whichever method you include one language code in ISO 639-1 format. You can also include a region code in ISO 3166-1 Alpha 2 format. Note that you can include multiple region codes. A web page in German, for example, could target German and Austrian consumers. 

  Hreflang tags also avoid duplicate content issues. 

  With a multilingual site, you could have a dozen different versions of the same page, showing the same content but in a different language. Without an hreflang tag specifying that these are different versions of the same page, Google may penalise your site.

  Invest in high-quality translations

  Google rewards good content. And, while you’d hope Google Translate would be good enough, it usually isn’t.

  Instead, make sure you are using professional linguists to translate your content. They won’t only be able to produce accurate and contextually relevant translations — the kind that Google may reward with higher rankings — but they’ll also be able to account for cultural differences between languages. 

  Imagine you are translating a web page from U.S. English into Italian, for example. You’ve not only got to translate the words themselves but also the measurements (from inches to cm), dates (from mm/dd/yy to dd/mm/yy), currencies, idioms and more. 

  Translate your metadata, too

  You need to translate more than just the content of your website. You should translate its metadata — the descriptive information search engines use to understand your page — to help you rank better in Google and localised search engines. 

  As you can see in the image below, we’ve translated the French version of our homepage’s title and meta description :

  

  Page titles and meta descriptions aren’t the only pieces of metadata you need to pay attention to. Make sure you translate the following :

  • URLs
  • Image alt tags
  • Canonical tags
  • Structured data markup

  While you’re at it, make sure you have translated all of your website’s content, too. It’s easy to miss error messages, contact forms and checkout pages that would otherwise ruin the user experience. 

  Build multilingual backlinks

  Building backlinks is an important step in any SEO strategy. But it’s doubly important in multilingual SEO, where your links in your target language also help Google to understand that you have a translated website. 

  While you want to prioritise links from websites in your target language, make sure that websites are relevant to your niche. It’s no good having a link from a Spanish recipe blog if you have a marketing SaaS tool. 

  A great place to start is by mining the links of competitors in your target market. Your competitors have already done the hard work acquiring these links, and there’s every chance these websites will link to your translated content, too.

  

  Don’t forget about internal linking pages in the same language, either. This will obviously help users stay in the same language while navigating your site, but it will also show Google the depth of your multilingual content.

  Monitor the SEO health of your multilingual site

  The technical performance of your multilingual pages has a significant impact on your ability to rank and convert. 

  We know for a fact that Google uses page performance metrics in the form of Core Web Vitals as a search ranking factor. What’s more, research by WP Rocker finds that a side loading in one second has a three times better conversion rate than a site loading in five seconds. 

  With that in mind, make sure your site is performing at optimal levels using Matomo’s SEO Web Vitals report. Our SEO Web Vitals feature tracks all of Google’s Core Web Vitals, including :

  • Page Speed Score
  • First Contentful Paint (FCP)
  • Final Input Delay (FID)
  • Last Contentful Paint (LCP)
  • Cumulative Layout Shift (CLS)

  The report displays each metric in a different colour depending on your site’s performance, with green meaning good, orange meaning average, and red meaning poor.

  

  Check in on these metrics regularly or set up custom alerts to automatically notify you when a specific metric drops below or exceeds a certain threshold — like if your Page Speed score falls below 50, for example. 

  How to track your multilingual SEO efforts with Matomo

  Matomo isn’t just a great tool to track your site’s SEO health ; you can also use our privacy-focused analytics platform to track your multilingual SEO success.

  For example, you could use the report to focus your multilingual SEO efforts on a single language if searches are starting to rival English. Or you decide to translate your most trafficked English keywords into your target languages, regardless if a tool like Ahrefs or Semrush tells you whether these keywords get searches or not.

  If you want to analyse the performance of your new language, for example, you can segment traffic by URL. In our case, we use the segment “Page URL contains fr.matomo.org” to measure the impact of our French website. 

  We can also track the performance of every language except French by using the segment “Page URL does not contain fr.matomo.org”.

  You can use Matomo to track your Keyword performance, too. Unlike search engine-owned platforms like Google Analytics and Google Search Console that no longer share keyword data, Matomo lets users see exactly which keywords users search to find your site in the Combined keywords report :

  

  This is valuable information you can use to identify new keyword opportunities and improve your multilingual content strategy. 

  For example, you could use the report to focus your multilingual SEO efforts on a single language if searches are starting to rival English. Or you decide to translate your most trafficked English keywords into your target languages, regardless if a tool like Ahrefs or Semrush tells you whether these keywords get searches or not.

  For international brands that have separate websites and apps for each target language or region, Matomo’s Roll-Up Reporting lets you keep track of aggregate data in one place. 

  

  Roll-Up Reporting lets you view data from multiple websites and apps as if they were a single site. This lets you quickly answer questions like :

  • How many visits happened across all of my multilingual websites ?
  • Which languages contributed the most conversions ?
  • How does the performance of my Spanish app compare to my Spanish website ?

  Is it any wonder, then, that Matomo is used by over one million sites in 190 countries to track their web and SEO performance in a privacy-friendly way ?

  Join them today by trying Matomo free for 21 days, no credit card required. Alternatively, request a demo to see how Matomo can help you track your multilingual SEO efforts. 

• How to Check Website Traffic : A Complete Guide

  26 février, par Daniel Crough — Analytics Tips, Marketing

  If you want to learn about the health of your website and the success of your digital marketing initiatives, there are few better ways than checking your website traffic.

  Checking website traffic is a great way to get a dopamine hit when things are up. And it’s a great way to troubleshoot problems when things go down. It’s also a critical data source for marketing and web teams. But to get the most out of it, you need reliable data sources, the ability to track them over time and a way to monitor the competition.

  This article explains how to check website traffic (for your site and your competitors), explores nine tools that can help and discusses why some methods are better than others.

  Why check website traffic ?

  Dopamine hits aside, monitoring website traffic is crucial to a business — even for a primarily brick-and-mortar operation. In this internet age, customers and prospects are far more likely to research a company online before buying anything.

  SOCi’s 2024 Consumer Behavior Index found that 8 in 10 US consumers use the internet to search for local businesses at least once a week. And Statista found that 55% of UK shoppers always do some online research before making a major purchase.

  And trend lines suggest these numbers are likely to continue climbing. Businesses need to know what’s happening on their sites, and that’s difficult to achieve without traffic data.

  Indeed, website data allows companies to better understand their target audiences, measure the effectiveness of marketing efforts and channels, and identify areas of the website that need work.

  Let’s dig into those ideas in a little more detail.

  

  Benchmark site performance

  Keeping regular tabs on traffic levels is a great way to track a website’s performance over time. It can help with planning for the future and identifying current problems.

  For instance, rising traffic levels may mean expanding the business’s offering or investing in more inventory. On the flip side, decreasing traffic levels may suggest it’s time to revamp marketing strategies or look into issues impacting SEO.

  Analyse user behaviour

  Checking website traffic, user behaviour, and other metrics shows marketing managers how users interact with the website. These traffic stats can help answer questions like :

  • Which pages are users visiting ?
  • Which CTAs are they clicking on ?
  • Which page elements encourage users to take the desired actions ?

  It can also identify issues contributing to high bounce rates or declines in search rankings.

  The better user behaviour is understood, the easier it is to give visitors what they want. For example, the data could reveal that users spend more time on landing pages than blogs. These valuable insights can be used to optimise blog content and improve performance.

  Improve the user experience

  Once user behaviour is well understood, it’s easier to make adjustments, update content and improve the overall user experience. This also allows companies to create more personalised customer experiences, which can lead to growth. Research shows companies that get personalisation right generate 40% more revenue from those activities than average players.

  That could take the form of sweeping changes like rearranging a website’s navigation bar based on user behaviour. It could also be personalisation that uses analytics to transform sections or entire pages based on individual user behaviour.

  Optimise digital marketing strategies

  Knowing current traffic levels and how they trend over time helps teams set benchmarks and prioritise marketing efforts.

  Monthly traffic reports can inform SEO efforts and benefit marketing attribution. For example, they could indicate when the time is right to double down on organic traffic or when the better strategy would be to invest more in PPC advertising.

  Increasing organic traffic levels from other countries can help businesses identify new marketing opportunities. If traffic levels from a neighbouring country or a growing market increase significantly, it could be time for a cross-border campaign.

  Filter unwanted traffic

  A significant chunk of every website’s traffic comes from bots and other unwanted sources. This can compromise the quality of website data and make it harder to draw useful insights. While it’s nearly impossible to get rid of this traffic completely, many analytics tools have features to filter it out of the stats.

  Why check competitors’ website traffic

  Websites are windows into businesses and their strategies. That’s why monitoring traffic and other metrics drawn from competitors is essential.

  There’s a lot to learn from the competition, both good and bad. What competitors do well can be replicated, and learning from the elements they get wrong can help you avoid making the same mistakes.

  • Strategic planning : Looking at traffic on specific pages can offer insight into potential marketing campaigns and highlight gaps in the market that may be worth attacking. Looking at their organic, paid, social and referral traffic levels can highlight opportunities for growth or pinpoint the reasons for success in a particular area.
  • Benchmarking : Looking at website traffic in isolation can lack context. Monitoring other sites’ engagement metrics, like bounce rate and average session duration, can give you an inside look at the competition, which can help you set realistic performance goals and benchmarks.
  • Product Development : Significant traffic volume on certain pages can indicate shifts in demand and market trends, which may inform the development of new products or services. For example, if a competitive dog food supplier ranks well for the term “organic dog food”, that might be something to consider when formulating new products.
  • Audience demographics : Comparing audience demographics between competitors can highlight opportunities and help a business narrow down its target audience. This guides messaging and campaign strategies to capture specific audience segments.
  • Keyword opportunities : Examining the keywords driving the most traffic to a competitor’s website can help you uncover untapped SEO potential for your website. Analysing top-performing content on competing sites can help identify content improvement strategies to pull traffic away from competitors.
  • Partnerships : Referrals are an often overlooked traffic metric. High volumes of such traffic indicate successful partnerships between competitors and third parties, which is a model worth emulating.

  7 key website traffic metrics to track

  Traffic metrics are not a case of one-size-fits-all. Those that are important today may not be tomorrow. It all depends on the priorities and goals at any one moment. That said, there are a few traffic metrics that always matter to some degree.

  • New visitors : These are users who have never visited the website before. They are a great sign that marketing efforts are working and the website is reaching more people. But it’s also important to track how they behave on the website to ensure the site caters effectively to the needs of new visitors.
  • Returning visitors : Returning visitors are coming back to the website for a reason : either they like the content they find or want to buy something. Either way, it’s excellent news. The more returning visitors, the better.
  • Bounce rate : This measures how many users leave the website without taking action. Different analytics tools measure this metric differently.
  • Session duration : This is the time users spend on the website, which can reveal whether they find the site engaging. And when considered alongside the next metric, it can be especially insightful.
  • Pages per session : This measures the average number of pages users visit on a website. The more pages they visit and the longer users spend on the website, the more engaging it is.
  • Traffic source : Traffic can come from various sources (organic, direct, social media, referral, etc.). Knowing the highest sources of referral traffic can help analyse and prioritise marketing efforts.
  • User demographics : This shows who visits a website, what device they use, what country they come from, etc. While most website traffic will come from the countries targeted by marketing, an influx of new users from other countries can open the door to new opportunities.

  9 tools to check website traffic

  There are thousands of different web analytics tools that can provide decent website traffic analysis and functionality checks. They all use a similar combination of sophisticated algorithms, data collection techniques, statistical analysis and machine learning to deliver insights into visitor behaviour and site performance.

  Most web analytics tools work by embedding bits of JavaScript or other tracking codes into a website. When users land on a website, it gathers data such as page views, session duration, and specific interactions. Many also use cookies to identify returning visitors, which lets them monitor user behaviour over time.

  Many tools offer advanced event-tracking functionality. This captures specific actions, like clicks or form submissions, and provides a more granular view of engagement. The data is then statistically analysed to spot trends and calculate key metrics like bounce rates and conversion rates.

  Some web analytics tools use machine learning to predict future user behaviour based on historical patterns. Others aggregate data to provide insights via charts comparing website performance with selected competitors’ websites.

  This section explores nine popular tools for checking website traffic and highlights their unique features and benefits.

  1. Checking website traffic with Google Analytics

  Google Analytics is usually the first place to start for anyone looking to check their website traffic. It’s free to use, incredibly popular and offers a wide range of traffic reports.

  It breaks down historical traffic data in many different ways. It can split traffic by acquisition channel (organic, social media, direct, etc.), by country, device or demographic. It also provides real-time traffic reports that offer a snapshot of users on the site right now and over the last 30 minutes.

  

  Google Analytics may be one of the most popular ways to check website traffic, but it could be better. Google Analytics 4 (GA4) is difficult to use compared to its predecessor, and it also imposes data tracking limits in accordance with privacy laws. If users refuse cookie consent, Google Analytics won’t record those visits. In other words, using Google Analytics alone doesn’t provide a complete view of the traffic.

  

  Also, GA4 relies on sampling when processing large datasets or complex queries. When the volume of data exceeds certain thresholds, it only considers a subset of the data to generate reports instead of processing every single data point.

  There are pros and cons to this approach. While it speeds up analysis and reduces the load on the system, it can also lead to inaccuracies in insights delivered. When analysing traffic patterns over a busy period, GA4 may only use a portion of the data to calculate and then extrapolate metrics.

  As a result, trends or anomalies might be overlooked or misconstrued, which could mean missed opportunities or poor decisions. That’s why it’s important to use Google Analytics alongside other web analytics tools (like Matomo) that don’t suffer from the same privacy issues. That way, it’s possible to track every single user who visits the website.

  2. Checking website traffic with Google Search Console

  Google Search Console is a free tool that analyses a website’s Google search traffic. The top-line report shows how many times the website has appeared in Google Search, how many clicks it has received, the average clickthrough rate and its average position in the search results.

  

  It’s a great way to understand what the website ranks for and how much traffic organic rankings generate. It will also show which pages are indexed in Google and whether there are any crawling errors.

  Unfortunately, Google Search Console is limited if a complete view of traffic is needed. While the search traffic can be analysed in great detail, it will not report how users who access the website behave on it.

  3. Checking website traffic with Similarweb

  Similarweb is a website analysis tool that estimates the total traffic of any site on the internet. It is one of the best traffic checker tools for estimating how much web traffic competitors receive.

  What’s great about Similarweb is that it estimates total traffic, not just traffic from search engines like many SEO tools. It even breaks down traffic by different channels for easy comparison.

  

  Similarweb provides an estimate of total visits, bounce rate, the average number of pages users view per visit and the average duration on the site. The company also has a free browser extension that continues checking website traffic estimates while the user is browsing the web.

  Similarweb is free to use, up to a point. However, to get the most out of this tool, you must upgrade to the premium plan, which starts at $125 per user per month.

  The price isn’t Similarweb’s only downside. Ultimately, it provides reasonably accurate estimates but is no match for a comprehensive traffic analytics tool.

  4. Checking website traffic with Semrush

  Semrush is a collection of marketing solutions for online businesses. Its Traffic Analytics tool checks the website traffic of up to 100 sites and compares that data side-by-side. For each site, it reveals the top pages, the regions from which most of the traffic comes, and the locations from which the most referrals come.

  Semrush also gathers insights into competitors’ audiences and their activity, especially activity that overlaps between the sites being checked. It extracts and analyses comprehensive data on organic and paid search, social media, and backlinks.

  

  However, there are notable downsides. Semrush can be pricey, with plans starting at about $119.95 per month or $1,199.40 annually. This cost may be prohibitive for smaller businesses or freelancers. Still, a free version offers most of the functionality but with a limited number of daily reports.

  5. Checking website traffic with Ahrefs

  Ahrefs‘s biggest strength is its organic traffic estimation capabilities. It estimates monthly visits from Google worldwide, Google keywords in the top 100 that a website ranks for, and traffic value via equivalence to PPC.

  

  Ahrefs bases its estimates on ranking data from a database of 12 billion keywords, which is why it is so powerful. It generates a detailed report that includes organic traffic estimates, backlink data, and top-performing keywords.

  However, the numbers produced by Ahrefs are estimates based on the available data and won’t always be 100% accurate. This is particularly true for smaller or newer websites that lack the data volumes needed for accuracy.

  It’s a great SEO marketing tool that’s free to use within certain limits, but there is some value in registering for a paid plan. There are several options, beginning with the $129 per month Lite plan and extending to the Enterprise Plan for $1,499 monthly.

  6. Checking website traffic with Serpstat

  Serpstat is an SEO solution that grew from a simple keyword research tool. It offers more comprehensive features to help businesses understand their website’s performance. It helps improve a site’s visibility through tools for rank tracking, keyword research, traffic checking, backlink analysis, and site auditing.

  

  It provides metrics like estimated monthly visits, traffic sources (organic, paid, and referral), and insights into top-performing pages. Serpstat also offers competitor analysis features that help to identify market trends and refine growth strategies. However, like Ahrefs, the numbers provided are estimates, which are only as good as the depth of data from which they are derived.

  The free version is fine for basic analysis, but signing up for one of the paid plans is advisable for commercial use. Pricing ranges from $59 per month to a monthly fee of $479 for the Agency plan. There is an option to pay annually at a discount.

  7. Checking website traffic with SEO PowerSuite

  SEO PowerSuite also goes some distance beyond just website traffic checking. As the name implies, it’s a suite of tools to improve website rankings.

  

  There are four tools in the suite :

  • Rank Tracker enables tracking a website’s search engine rankings across multiple keywords and search engines.
  • WebSite Auditor offers SEO analysis of website pages and recommends actions to boost performance.
  • SEO SpyGlass analyses a website’s backlink profile to highlight link-building possibilities that’d help improve performance.
  • LinkAssistant helps identify websites suitable for link-building and recommends viable outreach opportunities.

  SEO PowerSuite has a free plan and two premium plans with varying functionality. The monthly cost could be as much as $139.67, depending on the features needed. Annual pricing options are also available.

  8. Checking website traffic with Ubersuggest

  Ubersuggest is also an SEO-focused tool. It offers website traffic analysis, keyword rankings, backlink profiles, and competitor insights. These are packaged in reports that provide an overview of website traffic, including monthly organic traffic totals and the number of organic keywords the site ranks for. Ubersuggest also offers content suggestions.

  

  Like other tools in this category, Ubersuggest doesn’t collect comprehensive data, so its numbers are estimates. This means the accuracy can vary. However, it remains a solid choice for providing great insights and enhancing a website’s online presence.

  Like many tools in this category, there is a free version to give potential customers a taste, which is restricted by volume more than features. The paid plans range from around $29 per month for one website on the individual plan to about $99 per month for 8-15 websites on the Enterprise plan. Discounted annual pricing is also an option.

  9. Checking website traffic with MonsterInsights

  MonsterInsights is a tool worth considering for websites built on WordPress because it’s not a website checking tool in the usual sense. It’s a WordPress plugin that simplifies the task by integrating Google Analytics directly into a website.

  MonsterInsights then uses the raw data provided by GA4 to extract actionable insights based on audience preferences and activity. This makes it easier to focus on the relevant metrics for different types of websites. For example, the metrics used to measure a blog site would not be the same as those for an ecommerce site.

  But there are some downsides, too. While the basic version is free, it has limited features, and the most potent functionality requires a premium subscription. Those start at $249 per year for a single site, or the Pro plan at $499 for up to five sites. Agencies looking to work with up to 25 sites are in for $999.

  

  There’s another option

  Although many of these tools have free versions, those tend to be heavily restricted, and premium plans can be expensive. A website has to generate serious revenue to deliver a decent return on investment (ROI) to justify the costs.

  As more countries adopt GDPR-like privacy regulations, brands must ensure they’re using compliant, privacy-centric analytics tools.

  Matomo Analytics is one such tool. It’s an ethical, open-source solution that helps you collect accurate data about your website’s traffic and make more informed decisions. This enhances the customer experience and ensures GDPR compliance and user privacy.

  It’s completely free to install as an on-premise solution. Alternatively, there’s the subscription-based Matomo Cloud version.

  How to check website traffic on Matomo

  Apart from a better ROI picture, Matomo offers a more reliable assessment of your website’s traffic than Google Analytics 4. It also provides multiple ways to check organic search traffic :

  • Visits log report
  • Real-time visitor map
  • Visits in real-time report

  Let’s look at all of them one by one.

  The visits log report is a unique rundown of your site’s visitors. It offers a much more granular view than other traffic checker tools, which only show the total number of visitors for a given period.

  

  You can access the visits log report by clicking on the reporting menu and then clicking Visitor and Visits Log. From there, you’ll be able to scroll through every user session and see the following information :

  • The location of the user
  • The total number of actions they took
  • The length of time on site
  • How they arrived at your site
  • The device they used to access your site

  It may be overwhelming if your site receives thousands of visitors at a time. But it’s a great way to understand users at an individual level and appreciate the lifetime activity of specific users.

  The Real-time visitor map shows site visitors’ location for a given timeframe. If you have an international website, it’s a fantastic way to see exactly where your traffic comes from.

  

  You can access the Real-time Visitor Map by clicking Visitor in the main navigation menu and then Real-time Map. The map itself is colour-coded. Larger orange bubbles represent recent visits, and smaller dark orange and grey bubbles represent older visits. The map will refresh every five seconds, and new users appear with a flashing effect.

  If you run TV or radio adverts, Matomo’s Real-time Map provides an immediate read on the effectiveness of your campaign. If your map lights up in the minutes following your ad, you know it’s been effective. It can also help you identify the source of bot attacks, too.

  Finally, the Visits in Real-time report provides a snapshot of who is browsing your website. You can access this report under Visitors > Real-time and add it to your custom dashboards as a widget.

  Open the report, and you’ll see the real-time flow of your site’s users and counters for visits and pageviews over the last 30 minutes and 24 hours. The report refreshes every five seconds with new users added to the top of the report with a fade-in effect.

  

  The report provides a snapshot of each visitor, including :

  • Whether they are new or returning
  • Their country
  • Their browser
  • Their operating system
  • The number of actions they took
  • The time they spent on the site
  • The channel they came in from
  • Whether the visitor converted a goal

  Why do my traffic reports differ ?

  If you use more than one of the methods above to check your website traffic, you’ll quickly realise that every traffic report differs. In some cases, the reasons are obvious. Any tool that estimates your traffic without adding code to your website is just that : an estimate. Tools like many of those mentioned here will never offer the accuracy of analytics platforms like Matomo and Google Analytics.

  But what about the differences between these analytics platforms themselves ? While each platform records user behaviour differently, significant differences in website traffic reports between analytics platforms are usually due to how each platform handles user privacy.

  A platform like Google Analytics requires users to accept a cookie consent banner to track them. If they accept, great. Google collects all of the data that any other analytics platform does. It may even collect more. However, if users reject cookie consent banners, Google Analytics can’t track them. They simply won’t show up in your traffic reports.

  That doesn’t happen with all analytics platforms, however. A privacy-focused alternative like Matomo doesn’t require cookie consent banners (apart from in the United Kingdom and Germany). Therefore, it can continue to track visitors even after they have rejected a cookie consent screen from Google Analytics. This means virtually all website traffic will be tracked regardless of whether users accept a cookie consent banner. And it’s why traffic reports in Matomo are often much higher than in Google Analytics.

  

  Around half (47.32%) of adults in the European Union refuse to allow personal data tracking for advertising purposes, and 95% of people will reject additional cookies when it is easy to do so. So relying on cookies limits your results — and causes you to miss out on valuable user data.

  If you’re serious about using web analytics to improve your website and optimise your marketing campaigns, then it is essential to use another analytics platform alongside Google Analytics.

  What to do if website traffic levels drop

  Experiencing a drop in website traffic can be frustrating, but it happens to everyone at some point. Here’s how to address it :

  • Analyse traffic sources : Use analytics tools to pinpoint where the decline is coming from—organic search, referrals, or social media.
  • Check for technical issues : Look for broken links or slow loading times, which can deter visitors. Tools like Google Search Console can help identify errors.
  • Review recent changes : Consider any recent updates to the website. If something coincided with the drop, it might be worth reverting.
  • Evaluate content quality : Ensure the content is engaging and relevant. Update or improve underperforming posts.
  • Reassess the marketing strategy : The only constant in marketing is change. It’s wise to periodically revisit the balance between paid ads, social media and other vectors to evaluate their effectiveness and adjust the approach.

  It’s perfectly normal for website traffic volumes to fluctuate. Expect it and work with the available tools. Persistence will likely see the traffic volumes rebound.

  Get more accurate traffic reports with Matomo

  There are several methods to check website traffic. Some can provide estimates on your competitors’ traffic levels. Others, like Google Analytics, are free. But data doesn’t lie. Only privacy-focused analytics solutions like Matomo can provide accurate reports that account for every visitor.

  Join over one million organisations using Matomo to check their website traffic accurately and ethically.

  Try Matomo for Free

  Start your 21-day free trial — no credit card required.