Recherche avancée

Sur d’autres sites (3508)

• Different PTS values in ffmpeg and MP4 CTS values obtained using ctts and stss

  25 septembre 2023, par userDtrm

  I have been studying PTS values in .mp4 media files. PTS for video stream can be extracted from ffmpeg CLI using

  


  

    ffmpeg -hide_banner -i  -vf "showinfo" -f null -



  


  For a sample .mp4 I have downloaded from the internet shows the following output.

  


  

    Press [q] to stop, [?] for help
    [Parsed_showinfo_0 @ 0x3741c00] config in time_base : 1/30, frame_rate : 30/1
    [Parsed_showinfo_0 @ 0x3741c00] config out time_base : 0/0, frame_rate : 0/0
    [Parsed_showinfo_0 @ 0x3741c00] n :   0 pts :      0 pts_time:0       pos :    58852 fmt:yuv420p sar:1/1 s:1920x1080 i:P iskey:1 type:I checksum:49058BA3 plane_checksum :[E852D7DE 07E2B7D4 EA12FBD3] mean :[75 123 124] stdev :[52.7 4.8 11.7]
    [Parsed_showinfo_0 @ 0x3741c00]   side data - User Data Unregistered :
    [Parsed_showinfo_0 @ 0x3741c00] UUID=dc45e9bd-e6d9-48b7-962c-d820d923eeef
    [Parsed_showinfo_0 @ 0x3741c00] User Data=78323634202d20636f726520313535207231302062303062636166202d20482e3236342f4d5045472d342041564320636f646563202d20436f70796c65667420323030332d32303137202d20687474703a2f2f7777772e766964656f6c616e2e6f72672f783236342e68746d6c202d206f7074696f6e733a2063616261633d31207265663d34206465626c6f636b3d313a303a3020616e616c7973653d3078333a3078313133206d653d686578207375626d653d38207073793d31207073795f72643d312e30303a302e3030206d697865645f7265663d31206d655f72616e67653d3136206368726f6d615f6d653d31207472656c6c69733d32203878386463743d312063716d3d3020646561647a6f6e653d32312c313120666173745f70736b69703d31206368726f6d615f71705f6f66667365743d2d3220746872656164733d3334206c6f6f6b61686561645f746872656164733d3520736c696365645f746872656164733d30206e723d3020646563696d6174653d3120696e7465726c616365643d3020626c757261795f636f6d7061743d302073746974636861626c653d3120636f6e73747261696e65645f696e7472613d3020626672616d65733d3320625f707972616d69643d3220625f61646170743d3220625f626961733d30206469726563743d3320776569676874623d31206f70656e5f676f703d3020776569676874703d32206b6579696e743d696e66696e697465206b6579696e745f6d696e3d3330207363656e656375743d343020696e7472615f726566726573683d302072635f6c6f6f6b61686561643d35302072633d3270617373206d62747265653d3120626974726174653d353030302072617465746f6c3d312e302071636f6d703d302e36302071706d696e3d352071706d61783d3639207170737465703d342063706c78626c75723d32302e302071626c75723d302e35207662765f6d6178726174653d35353030207662765f62756673697a653d3135303030206e616c5f6872643d6e6f6e652066696c6c65723d302069705f726174696f3d312e34302061713d313a312e303000
    [Parsed_showinfo_0 @ 0x3741c00] 
    [Parsed_showinfo_0 @ 0x3741c00] color_range:tv color_space:bt709 color_primaries:bt709 color_trc:bt709
    Output #0, null, to 'pipe :' :
      Metadata :
        major_brand : mp42
        minor_version : 0
        compatible_brands : mp42mp41isomavc1
        encoder : Lavf59.27.100
      Stream #0:0(und) : Video : wrapped_avframe, yuv420p(tv, bt709, progressive), 1920x1080 [SAR 1:1 DAR 16:9], q=2-31, 200 kb/s, 30 fps, 30 tbn (default)
        Metadata :
          creation_time : 2018-01-23T22:02:00.000000Z
          handler_name : L-SMASH Video Handler
          vendor_id : [0][0][0][0]
          encoder : Lavc59.37.100 wrapped_avframe
      Stream #0:1(und) : Audio : pcm_s16le, 48000 Hz, mono, s16, 768 kb/s (default)
        Metadata :
          creation_time : 2018-01-23T22:02:00.000000Z
          handler_name : L-SMASH Audio Handler
          vendor_id : [0][0][0][0]
          encoder : Lavc59.37.100 pcm_s16le
    [Parsed_showinfo_0 @ 0x3741c00] n :   1 pts :      1 pts_time:0.0333333 pos :   149037 fmt:yuv420p sar:1/1 s:1920x1080 i:P iskey:0 type:B checksum:2005D769 plane_checksum :[92BD4F7B 3501F48D 0CAA9352] mean :[75 124 124] stdev :[52.5 4.7 11.7]
    [Parsed_showinfo_0 @ 0x3741c00] color_range:tv color_space:bt709 color_primaries:bt709 color_trc:bt709
    [Parsed_showinfo_0 @ 0x3741c00] n :   2 pts :      2 pts_time:0.0666667 pos :   139805 fmt:yuv420p sar:1/1 s:1920x1080 i:P iskey:0 type:B checksum:09AFB702 plane_checksum :[3E62184D 9D0A0753 8BF09762] mean :[75 124 124] stdev :[52.4 4.6 11.5]
    [Parsed_showinfo_0 @ 0x3741c00] color_range:tv color_space:bt709 color_primaries:bt709 color_trc:bt709
    [Parsed_showinfo_0 @ 0x3741c00] n :   3 pts :      3 pts_time:0.1     pos :   157017 fmt:yuv420p sar:1/1 s:1920x1080 i:P iskey:0 type:B checksum:99F05FA9 plane_checksum :[FFA84276 7A3D6D59 0290AFCB] mean :[75 124 124] stdev :[52.2 4.5 11.3]
    [Parsed_showinfo_0 @ 0x3741c00] color_range:tv color_space:bt709 color_primaries:bt709 color_trc:bt709
    [Parsed_showinfo_0 @ 0x3741c00] n :   4 pts :      4 pts_time:0.133333 pos :   117259 fmt:yuv420p sar:1/1 s:1920x1080 i:P iskey:0 type:P checksum:00935CD8 plane_checksum :[F81E097E 5F17005D B01452FD] mean :[74 124 124] stdev :[52.2 4.5 11.3]
    [Parsed_showinfo_0 @ 0x3741c00] color_range:tv color_space:bt709 color_primaries:bt709 color_trc:bt709
    [Parsed_showinfo_0 @ 0x3741c00] n :   5 pts :      5 pts_time:0.166667 pos :   197428 fmt:yuv420p sar:1/1 s:1920x1080 i:P iskey:0 type:B checksum:30E77B4C plane_checksum :[393DAA75 DFA88599 E2164B2F] mean :[74 124 125] stdev :[52.3 4.4 11.0]
    [Parsed_showinfo_0 @ 0x3741c00] color_range:tv color_space:bt709 color_primaries:bt709 color_trc:bt709
    [Parsed_showinfo_0 @ 0x3741c00] n :   6 pts :      6 pts_time:0.2     pos :   187073 fmt:yuv420p sar:1/1 s:1920x1080 i:P iskey:0 type:B checksum:BD5C25BC plane_checksum :[CC66DD70 F4ACA5DB 955DA253] mean :[75 124 125] stdev :[52.2 4.4 10.8]



  


  As seen above, the output shows a starting PTS of 0 for 1st frame. However, I was looking at ctts, and stss entries in the MP4 headers with the help of ParseTimingInfoInMp4.py. This shows a different PTS (e.g., 0.0667s) for the 1st frame as seen below.

  


  

    ftyp    size              32
    mvhd    size             108
    iods    size              42
    tkhd    size              92
    edts    size              36
    mdhd    size              32
    Trak type :  b'vide'
    Video Trak Number 0 found
    video track timescale is 30
    mdhd    size              32
    hdlr    size              54
    vmhd    size              20
    dinf    size              36
    stsd    size             195
    stts size  2944  ctts size  2944
    0    dts = 0.0000 s,    pts = 0.0667 s,    diff in ms    66.67
    1    dts = 0.0333 s,    pts = 0.2000 s,    diff in ms    166.67
    2    dts = 0.0667 s,    pts = 0.1333 s,    diff in ms    66.67
    3    dts = 0.1000 s,    pts = 0.1000 s,    diff in ms    0.00
    4    dts = 0.1333 s,    pts = 0.1667 s,    diff in ms    33.33
    5    dts = 0.1667 s,    pts = 0.3333 s,    diff in ms    166.67
    6    dts = 0.2000 s,    pts = 0.2667 s,    diff in ms    66.67
    7    dts = 0.2333 s,    pts = 0.2333 s,    diff in ms    0.00
    8    dts = 0.2667 s,    pts = 0.3000 s,    diff in ms    33.33
    9    dts = 0.3000 s,    pts = 0.4333 s,    diff in ms    133.33
    10    dts = 0.3333 s,    pts = 0.3667 s,    diff in ms    33.33



  


  MP4Analyser shows the following entries for stss, ctts, and edts-> for video track.




  


  The sample file I have been using can be found in Sample mp4.

  


  Can someone please help me to understand

  


  

  1. why the PTS values shown in ffmpeg are different from PTS derived from stss and ctts ?

  


  2. What is the correct process in deriving PTS from stss, ctts and edts entries in MP4 header ?

  


  


• GDPR Compliance and Personal Data : The Ultimate Guide

  22 septembre 2023, par Erin — GDPR

  According to the International Data Corporation (IDC), the world generated 109 zettabytes of data in 2022 alone, and that number is on track to nearly triple to 291 zettabytes in 2027. For scale, that’s one trillion gigs or one followed by 21 zeros in bytes.

  A major portion of that data is generated online, and the conditions for securing that digital data can have major real-world consequences. For example, online identifiers that fall into the wrong hands can be used nefariously for cybercrime, identity theft or unwanted targeting. Users also want control over how their actions are tracked online and transparency into how their information is used.

  Therefore, regional and international regulations are necessary to set the terms for respecting users’ privacy and control over personal information. Perhaps the most widely known of these laws is the European Union’s General Data Protection Regulation (GDPR).

  What is personal data under GDPR ?

  Under the General Data Protection Regulation (GDPR), “personal data” refers to information linked to an identifiable natural person. An “identifiable natural person” is someone directly or indirectly recognisable via individually specific descriptors such as physical, genetic, economic, cultural, employment and social details.

  It’s important to note that under GDPR, the definition of personal data is very broad, and it encompasses both information that is commonly considered personal (e.g., names and addresses) and more technical or specialised data (e.g., IP addresses or device IDs) that can be used to identify individuals indirectly.

  Organisations that handle personal data must adhere to strict rules and principles regarding the processing and protection of this data to ensure individuals’ privacy rights are respected and upheld.

  Personal data can include, but is not limited to, the following :

  1. Basic Identity Information : This includes a person’s name, government-issued ID number, social address, phone number, email address or other similar identifiers.
  2. Biographical Information : Details such as date of birth, place of birth, nationality and gender.
  3. Contact Information : Information that allows communication with the individual, such as phone numbers, email addresses or mailing addresses.
  4. Financial Information : Data related to a person’s finances, including credit card numbers, bank account numbers, income records or financial transactions.
  5. Health and Medical Information : Information about a person’s health, medical history or healthcare treatments.
  6. Location Data : Data that can pinpoint a person’s geographical location, such as GPS coordinates or information derived from mobile devices.
  7. Online Identifiers : Information like IP addresses, cookies or other online tracking mechanisms that can be used to identify or track individuals online.
  8. Biometric Data : Unique physical or behavioural characteristics used for identification, such as fingerprints, facial recognition data or voiceprints.

  Sensitive Data

  Sensitive data is a special category of personal data prohibited from processing unless specific conditions are met, including users giving explicit consent. The data must also be necessary to fulfil one or more of a limited set of allowed purposes, such as reasons related to employment, social protections or legal claims.

  Sensitive information includes details about a person’s racial or ethnic origin, sexual orientation, political opinions, religion, trade union membership, biometric data or genetic data.

  What are the 7 main principles of GDPR ?

  The 7 principles of GDPR guide companies in how to properly handle personal data gathered from their users.

  

  The seven principles of GDPR are :

  1. Lawfulness, fairness and transparency

  Lawfulness means having legal grounds for data processing, such as consent, legitimate interests, contract and legal obligation. If you can achieve your objective without processing personal data, the basis is no longer lawful.

  Fairness means you’re processing data reasonably and in line with users’ best interests, and they wouldn’t be shocked if they find out what you’re using it for.

  Transparency means being open regarding when you’re processing user data, what you’re using it for and who you’re collecting it from.

  To get started with this, use our guide on creating a GDPR-compliant privacy policy.

  2. Purpose limitation

  You should only process user data for the original purposes you communicated to users when requesting their explicit consent. If you aim to undertake a new purpose, it must be compatible with the original stated purpose. Otherwise, you’ll need to ask for consent again.

  3. Data minimisation

  You should only collect as much data as you need to accomplish compliant objectives and nothing more, especially not other personally identifiable information (PII).

  Matomo provides several features for extensive data minimisation, including the ability to anonymize IP addresses.

  Data minimisation is well-liked by users. Around 70% of people have taken active steps towards protecting their identity online, so they’ll likely appreciate any principles that help them in this effort.

  

  4. Accuracy

  The user data you process should be accurate and up-to-date where necessary. You should have reasonable systems to catch inaccurate data and correct or delete it. If there are mistakes that you need to store, then you need to label them clearly as mistakes to keep them from being processed as accurate.

  5. Storage limitation

  This principle requires you to eliminate data you’re no longer using for the original purposes. You must implement time limits, after which you’ll delete or anonymize any user data on record. Matomo allows you to configure your system such that logs are automatically deleted after some time.

  6. Integrity and confidentiality

  This requires that data processors have security measures in place to protect data from threats such as hackers, loss and damage. As an open-source web analytics solution, Matomo enables you to verify its security first-hand.

  7. Accountability

  Accountability means you’re responsible for what you do with the data you collect. It’s your duty to maintain compliance and document everything for audits. Matomo tracks a lot of the data you’d need for this, including activity, task and application logs.

  Who does GDPR apply to ?

  The GDPR applies to any company that processes the personal data of EU citizens and residents (regardless of the location of the company). 

  If this is the first time you’ve heard about this, don’t worry ! Matomo provides tools that allow you to determine exactly what kinds of data you’re collecting and how they must be handled for full compliance. 

  Best practices for processing personal data under GDPR

  Companies subject to the GDPR need to be aware of several key principles and best practices to ensure they process personal data in a lawful and responsible manner.

  Here are some essential practices to implement :

  1. Lawful basis for processing : Organisations must have a lawful basis for processing personal data. Common lawful bases include the necessity of processing for compliance with a legal obligation, the performance of a contract, the protection of vital interests and tasks carried out in the public interest. Your organisation’s legitimate interests for processing must not override the individual’s legal rights. 
  2. Data minimisation : Collect and process only the personal data that is necessary for the specific purpose for which it was collected. Matomo’s anonymisation capabilities help you avoid collecting excessive or irrelevant data.
  3. Transparency : Provide clear and concise information to individuals about how their data will be processed. Privacy statements should be clear and accessible to users to allow them to easily understand how their data is used.
  4. Consent : If you are relying on consent as a lawful basis, make sure you design your privacy statements and consent forms to be usable. This lets you ensure that consent is freely given, specific, informed and unambiguous. Also, individuals must be able to withdraw their consent at any time.
  5. Data subject rights : You must have mechanisms in place to uphold the data subject’s individual rights, such as the rights to access, erase, rectify errors and restrict processing. Establish internal processes for handling such requests.
  6. Data protection impact assessments (DPIAs) : Conduct DPIAs for high-risk processing activities, especially when introducing new technologies or processing sensitive data.
  7. Security measures : You must implement appropriate technical security measures to maintain the safety of personal data. This can include ‌security tools such as encryption, firewalls and limited access controls, as well as organisational practices like regular security assessments. 
  8. Data breach response : Develop and maintain a data breach response plan. Notify relevant authorities and affected individuals of data breaches within the required timeframe.
  9. International data transfers : If transferring personal data outside the EU, ensure that appropriate safeguards are in place and consider GDPR provisions. These provisions allow data transfers from the EU to non-EU countries in three main ways :
     1. When the destination country has been deemed by the European Commission to have adequate data protection, making it similar to transferring data within the EU.
     2. Through the use of safeguards like binding corporate rules, approved contractual clauses or adherence to codes of conduct.
     3. In specific situations when none of the above apply, such as when an individual explicitly consents to the transfer after being informed of the associated risks.
  10. Data protection officers (DPOs) : Appoint a data protection officer if required by GDPR. DPOs are responsible for overseeing data protection compliance within the organisation.
  11. Privacy by design and default : Integrate data protection into the design of systems and processes. Default settings should prioritise user privacy, as is the case with something like Matomo’s first-party cookies.
  12. Documentation : Maintain records of data processing activities, including data protection policies, procedures and agreements. Matomo logs and backs up web server access, activity and more, providing a solid audit trail.
  13. Employee training : Employees who handle personal data must be properly trained to uphold data protection principles and GDPR compliance best practices. 
  14. Third-party contracts : If sharing data with third parties, have data processing agreements in place that outline the responsibilities and obligations of each party regarding data protection.
  15. Regular audits and assessments : Conduct periodic audits and assessments of data processing activities to ensure ongoing compliance. As mentioned previously, Matomo tracks and saves several key statistics and metrics that you’d need for a successful audit.
  16. Accountability : Demonstrate accountability by documenting and regularly reviewing compliance efforts. Be prepared to provide evidence of compliance to data protection authorities.
  17. Data protection impact on data analytics and marketing : Understand how GDPR impacts data analytics and marketing activities, including obtaining valid consent for marketing communications.

  Organisations should be on the lookout for GDPR updates, as the regulations may evolve over time. When in doubt, consult legal and privacy professionals to ensure compliance, as non-compliance could potentially result in significant fines, damage to reputation and legal consequences.

  What constitutes a GDPR breach ?

  Security incidents that compromise the confidentiality, integrity and/or availability of personal data are considered a breach under GDPR. This means a breach is not limited to leaks ; if you accidentally lose or delete personal data, its availability is compromised, which is technically considered a breach.

  What are the penalty fines for GDPR non-compliance ?

  The penalty fines for GDPR non-compliance are up to €20 million or up to 4% of the company’s revenue from the previous fiscal year, whichever is higher. This makes it so that small companies can also get fined, no matter how low-profile the breach is.

  In 2022, for instance, a company found to have mishandled user data was fined €2,000, and the webmaster responsible was personally fined €150.

  Is Matomo GDPR compliant ?

  Matomo is fully GDPR compliant and can ensure you achieve compliance, too. Here’s how :

  • Data anonymization and IP anonymization
  • GDPR Manager that helps you identify gaps in your compliance and address them effectively
  • Users can opt-out of all tracking
  • First-party cookies by default
  • Users can view the data collected
  • Capabilities to delete visitor data when requested
  • You own your data and it is not used for any other purposes (like advertising)
  • Visitor logs and profiles can be disabled
  • Data is stored in the EU (Matomo Cloud) or in any country of your choice (Matomo On-Premise)

  Is there a GDPR in the US ?

  There is no GDPR-equivalent law that covers the US as a whole. That said, US-based companies processing data from persons in the EU still need to adhere to GDPR principles.

  While there isn’t a federal data protection law, several states have enacted their own. One notable example is the California Consumer Privacy Act (CCPA), which Matomo is fully compliant with.

  Ready for GDPR-compliant analytics ?

  The GDPR lays out a set of regulations and penalties that govern the collection and processing of personal data from EU citizens and residents. A breach under GDPR attracts a fine of either up to €20 million or 4% of the company’s revenue, and the penalty applies to companies of all sizes.

  Matomo is fully GDPR compliant and provides several features and advanced privacy settings to ensure you ‌are as well, without sacrificing the resources you need for effective analytics. If you’re ready to get started, sign up for a 21-day free trial of Matomo — no credit card required.

  Disclaimer
  We are not lawyers and don’t claim to be. The information provided here is to help give an introduction to GDPR. We encourage every business and website to take data privacy seriously and discuss these issues with your lawyer if you have any concerns.

• GDPR Compliance Checklist : A Detailed Walkthrough

  14 septembre 2023, par Erin — GDPR

  As digital transformation drives global economies, data has become a valuable currency to businesses of all shapes and sizes. As a result, the complex issue of data privacy is often in the spotlight.

  The General Data Protection Regulation (GDPR) is the key legal framework in the European Union to protect individual privacy and regulate business data handling. 

  Compliance with the GDPR is not just a legal mandate, it’s also good business. An 86% majority of users want more control over their data and 47% of users have switched providers over data privacy concerns.

  To help guide your business decisions around user privacy, this article will cover the key principles of GDPR, including a comprehensive GDPR compliance checklist.

  The key principles and requirements of GDPR

  Before we can translate GDPR’s objectives into practical steps, let’s begin with the defining features and key principles.

  GDPR : An overview

  The GDPR bolsters and unifies data protection standards for everyone within the EU. Enacted in 2018, it represented a seismic shift for companies and public authorities alike in protecting personal information. Its primary objective is to offer greater control to individuals over their data and to hold organisations accountable for its protection.

  GDPR establishes a legal framework that mandates corporate compliance with key principles to ensure user data security, transparency and choice. It sets the terms for your organisation’s privacy practices and the landscape of legal obligations you must navigate in data handling. 

  Key principles of GDPR

  There are seven core principles pivotal to GDPR compliance, which provide a roadmap for ethical and legal data practices.

  

  • Lawfulness, fairness and transparency : This principle demands lawful and fair processing of personal data. Companies should be transparent about their data processing activities, providing clear information in an accessible form.
  • Purpose limitation : Personal data should be collected for explicit, legitimate purposes and not further processed in a way incompatible with those purposes. This demands careful planning of data processing activities.
  • Data minimisation : Companies should only collect personal data that are necessary for their specified purposes, as anything more than this is illegal. This principle emphasises the importance of limiting scope, rather than performing blanket data collection.
  • Accuracy : This principle calls for maintaining data that is accurate, up-to-date and not misleading. Regular internal audits and updates are crucial to following this principle.
  • Storage limitation : Personal data should only be kept for as long as necessary for the purposes for which it was collected. This underscores the need for a detailed retention policy in your GDPR compliance efforts.
  • Integrity and confidentiality : Companies should protect personal data from unauthorised or unlawful processing and accidental loss or damage. Your organisation’s technical security measures play a vital role in this.
  • Accountability : Organisations should be able to demonstrate their compliance with GDPR principles. This underscores the importance of records of processing activities and regular audits as part of your compliance checklist.

  The importance of GDPR compliance for businesses

  Embracing GDPR compliance isn’t merely a matter of avoiding penalties — it’s a commitment to principles that reflect integrity, transparency and respect for personal data. At Matomo, we champion these principles, empowering companies with powerful and compliant web analytics. We make the compliance journey accessible and straightforward, making sure website analytics aligns with legal obligations and ethical practices.

  The implications of non-compliance

  It’s easy to highlight the dramatic fines imposed on tech giants such as Google and Meta. However, it’s essential to recognise that GDPR compliance extends to all companies, including small businesses — for whom even smaller fines can have a significant impact.

  The implications of non-compliance aren’t limited to financial penalties alone, either. Failing to meet obligations can tarnish reputations, erode trust and hinder business activities. Non-compliance could lead to a breach of privacy policy, causing a ripple effect that may be challenging to overcome.

  The potential benefits of being GDPR compliant

  Adhering to GDPR regulations is more than a checkbox on a form — it’s a comprehensive approach to handling personal data responsibly. It fosters trust, opens doors to European customers and builds enduring relationships with individuals whose rights are protected. In fulfilling these obligations and practices, businesses not only meet legal requirements but also foster a culture of ethical conduct and business success.

  Comprehensive GDPR compliance checklist

  Ensuring GDPR compliance may seem like a complex task, but this detailed checklist will simplify your journey. From consent management to data security, we’ve got you covered.

  

  Establish personal data collection and consent management

  When it comes to GDPR compliance, not all consent is created equal. Two distinct forms exist : explicit consent and implied consent. But what exactly sets them apart, and why does it matter to your organisational measures ?

  Explicit consent from users means that the individual has unequivocally agreed to the processing of personal data. It’s an unambiguous agreement, often obtained through a deliberate action like ticking a box. Details are paramount, as the person giving consent must be fully informed about the processing activities.

  • Inform clearly : Use plain language to explain how data will be used and be transparent about processing practices.
  • Obtain active agreement : Use forms or checkboxes (not pre-ticked boxes) to ensure active participation and that you are obtaining explicit user consent.
  • Document it : Keep records of consent, including when and how it was obtained, as a crucial part of your compliance efforts.
  • Facilitate withdrawal : Use consent mechanisms that allow for easy withdrawal of consent for users who decide to opt out.
  • Manage consent forms : Tools like Matomo’s Consent Management Platform can provide accessible forms that not only enhance transparency but also empower individuals, allowing them to feel in control of their details and rights.

  Facilitate data subject rights and access requests

  GDPR emphasises individual rights by empowering users with control over their personal data processing. Here’s a succinct breakdown :

  • Know the rights of individuals : GDPR outlines individual rights such as data access, error rectification, erasure and data portability, allowing individuals to guide how their details are used, processed or shared.
  • Simplify complying with access requests : Companies must respond to access requests efficiently, usually within one month, without undue delay, reflecting organisational measures of respect.
  • Employ ethical and compliant digital analytics : As a leader in ethical web analytics, Matomo subtly aids in compliance efforts, protecting privacy without compromising functionality.

  These practices align with a modern understanding of privacy, emphasising more than legal obligations. By employing Matomo, companies simplify the processing of access requests, which fosters transparency and user control over personal data.

  Implement clear data privacy practices

  Data privacy and consent mechanisms are key tools for compliance. Crafting a comprehensive privacy policy helps protect individuals’ rights and provides integrity in personal data processing. Designing sites and applications with data protection in mind ensures your compliance from the ground-up.

  • Create an easy to understand privacy policy : Create a clear, GDPR-compliant privacy policy that details processing activities, storage limitations and organisational measures, all in plain language. 

  By implementing these steps, companies not only adhere to their legal obligations but also foster an inclusive community that values privacy and ethics. Whether you’re an IT professional or marketer, Matomo’s platform can guide you through the maze of GDPR complexities, inspiring positive change towards responsible data handling.

  Implement data storage limitations and robust security

  Data storage and security are foundational elements of compliance efforts. Companies must foster a proactive approach to preventing data breaches by understanding potential cyberthreats and enforcing appropriate security controls across applications and infrastructures.

  

  • Implement storage limitations : Define limitations on time and scope to avert undue retention and protect personal details.
  • Embrace technical security : Utilise secure processes like encryption, access controls, firewalls and so on, bolstering protection by design.
  • Establish a comprehensive security policy : Align security practices with privacy laws and regulations, including GDPR.
  • React swiftly to personal data breaches : A security breach requires an immediate response, without undue delay, to honour legal obligations and maintain customer trust. Develop a plan for notifying supervisory authorities and affected individuals promptly in the event of a personal data breach.

  Security measures for personal data are about more than just fulfilling legal obligations — they’re about building a safe and ethical digital ecosystem that instils confidence in customers.

  Keep cross-border data transfers in mind

  Cross-border data transfers present a unique challenge, with increased complexity due to varying data privacy laws across regions. You must understand the respective regulations of participating countries and align your compliance practices appropriately to respect all that are relevant to your organisation. 

  For example, data privacy laws in the US are generally more lax than the GDPR so US companies taking on EU customers must hold themselves to a higher standard, with stricter controls placed on their data processing practices.

  • Evaluate third-party services : For companies utilising global networks of third-party services, be sure to select providers that maintain ongoing knowledge and vigilance towards privacy law compliance. Platforms like Matomo that innately prioritise transparency and privacy, have implemented robust security measures, and document transfers diligently are worth considering. 

  Conduct internal audits and compliance checks

  Compliance is not a “one and done” setup, but an ongoing journey requiring regular internal audits. Systems settings can drift over time, and datasets can become increasingly complex as companies scale. Human error happens, too. Audits identify gaps in your compliance efforts to guide actionable improvements. 

  • Conduct regular audits : Stay proactive with internal audits and systematic monitoring, adapting policies to align with privacy laws. Clarity in privacy notices and cookie banners fosters confidence, while regular assessments ensure alignment with GDPR requirements.
  • Ensure transparency : Platforms like Matomo simplify audits, offering valuable insights and support for ethical web analytics and transparency. The right platform can increase visibility and make generating your reports easier. Integrating these processes guarantees GDPR-aligned measures while emphasising data ownership and customer-centric values.
  • Educate and train staff : Engage in ongoing staff education and training on GDPR compliance, privacy policies, and their related responsibilities.

  

  Case study : GDPR compliance in action

  Achieving compliance with the General Data Protection Regulation (GDPR) stands as a paramount concern for businesses worldwide. Both small and large companies have embarked on this journey, implementing measures and revising privacy policies to conform to these regulations.

  Typeform

  Based in Ireland, Typeform, a company dealing with online forms, took GDPR compliance very seriously. Here’s how they achieved it :

  1. Conducting a data protection impact assessment (DPIA) : This vital step helped them assess personal data breach risks and enabled systematic monitoring of potential challenges.
  2. Implementing technical and organisational measures : Security measures such as encryption, access control and drafting a security policy reinforced their personal data processing mechanisms.
  3. Revamping privacy policy : They transformed their privacy policy with accessible, plain language, making it clear and user-friendly.
  4. Appointing a data protection officer (DPO) : This aligned with their core activities and strengthened their compliance efforts.

  The benefits for Typeform were profound :

  • Enhanced customer trust and confidence
  • Reduced risk of fines and penalties
  • Bolstered data security and privacy
  • Improved brand reputation, positioning them favourably among European customers

  Ensuring GDPR Compliance with Matomo Analytics

  Matomo is more than just an analytics platform ; it is a trusted guide in the realm of data privacy. Our mission is to empower users with full data ownership, fostering an inclusive digital community built on trust and transparency. Our suite of features has been meticulously designed to align with GDPR regulations, ensuring that businesses can navigate the complexities of compliance with ease and confidence.

  1. Data Anonymisation

  Matomo’s focus on ethical digital analytics means the platform allows for the anonymisation of user data, ensuring that individual identities remain protected.

  2. Robust GDPR Management

  Beyond just a GDPR Manager, Matomo provides an encompassing framework to streamline compliance activities. From managing user consent to meticulous record-keeping of processing activities, Matomo ensures you are always a step ahead.

  3. User Empowerment with Opt-Out Capabilities

  Matomo respects user choices. The platform offers users an easy way to opt-out of all tracking, giving them control over their data.

  4. First-party Cookies as the Standard

  By using first-party cookies by default, Matomo ensures data remains with the website owner, minimising potential breaches or misuse.

  5. Transparent Data Collection Practices

  Users have the right to know their data. With Matomo, they can view the exact data being collected, reinforcing a transparent relationship between businesses and their users.

  6. Visitor Data Management

  Upon request, Matomo offers capabilities to delete visitor data, aligning with the GDPR’s right to be forgotten.

  7. Data Ownership and Privacy Assurance

  Unlike other web analytics platforms, with Matomo, you retain full ownership of your data and can rest assured that it is not being used for other purposes such as advertising.

  8. IP Anonymisation

  Protecting user location details, Matomo anonymises IP addresses, adding an additional layer of privacy.

  9. Customisable Data Visualisation

  Recognising that not all data is essential, Matomo allows the disabling of visitor logs and profiles, giving businesses the flexibility to decide what data they track.

  By taking a holistic approach to GDPR compliance, Matomo streamlines the processes for you and ensures you follow the legal and ethical best practices.

  

  Start your GDPR compliance journey today

  The global focus on data privacy requires using a GDPR compliance checklist. With 137 countries implementing data protection laws (UN), companies must align with international standards. Compliance, after all, goes beyond avoiding breaches— it’s about upholding privacy and building trust.

  As your trusted guide, Matomo invites you on this GDPR journey. With us, you’ll uphold privacy obligations and manage your processing activities effectively. Compliance isn’t a one-time task but a continuous journey to enhance practices and align with individual rights. Start this vital journey with Matomo today. Try it free for 21-days. No credit card required.

  Disclaimer

  We are not lawyers and don’t claim to be. The information provided here is to help give an introduction to GDPR. We encourage every business and website to take data privacy seriously and discuss these issues with your lawyer if you have any concerns.