Recherche avancée

Sur d’autres sites (4819)

• 7 Mixpanel alternatives to consider for better web and product analytics

  1er août, par Joe

  Mixpanel is a web and mobile analytics platform that brings together product and marketing data so teams can see the impact of their actions and understand the customer journey. 

  It’s a well-rounded tool with features that help product teams understand how customers navigate their website or app. It’s also straightforward to set up, GDPR compliant, and easy for non-technical folks to use, thanks to an intuitive UI and drag-and-drop reports. 

  However, Mixpanel is just one of many product and web analytics platforms. Some are cheaper, others are more secure, and a few have more advanced or specialist features.

  This article will explore the leading Mixpanel alternatives for product teams and marketers. We’ll cover their key features, what users love about them, and why they may (or may not) be the right pick for you. 

  Mixpanel : an overview

  Let’s start by giving Mixpanel its dues. The platform does a great job of arming product teams with an arsenal of tools to track the impact of their updates, find ways to boost engagement and track which features users love. 

  Marketing teams use the platform to track customers through the sales funnel, attribute marketing campaigns and find ways to optimise spend. 

  There’s plenty to like about Mixpanel, including : 

  • Easy setup and maintenance : Mixpanel’s onboarding flow allows you to build a tracking plan and choose the specific events to measure. When Mixpanel collects data, you’ll see an introductory “starter board.” 
  • Generous free plan : Mixpanel doesn’t limit freemium users like some platforms. Collect data on 20 million monthly events, use pre-built templates and access its Slack community. There are also no limits on collaborators or integrations.
  • Extensive privacy configurations : Mixpanel provides strong consent management configurations. Clients can let their users opt out of tracking, disable geolocation and anonymise their data. It also automatically deletes user data after five years and offers an EU Data Residency Program that can help customers meet GDPR regulations. 
  • Comprehensive features : Mixpanel gives marketers and product teams the tools and features they need to understand the customer, improve the product and increase conversions. 
  • Easy-to-use UI : The platform prioritises self-service data, meaning users don’t need to be technically minded to use Mixpanel. Drag-and-drop dashboards democratise access to data and let anyone on your team find answers to their questions.

  You wouldn’t be reading this page if Mixpanel offered everything, though. No platform is perfect, and there are several reasons people may want to look for a Mixpanel alternative :
  

  • No self-hosted option : You’ll never have complete control over your data with Mixpanel due to the lack of a self-hosted option. Data will always live on Mixpanel’s servers, meaning compliance with data regulations like GDPR isn’t a given.
  • Lack of customisation : Mixpanel doesn’t offer much flexibility when it comes to visualising data. While the platform’s in-built reports are accessible to everyone, you’ll need a developer to build custom reports. 
  • Not open source : Mixpanel’s proprietary software doesn’t provide the transparency, security and community that comes with using open-source software like Matomo. Proprietary software isn’t inherently wrong, but it could mean your analytics solution isn’t future-proof. 
  • Steep learning curve : The learning curve can be steep unless you’re a developer. While setting up the software is straightforward, Mixpanel’s reliance on manual tracking means teams must spend a lot of time creating and structuring events to collect the data they need.

  If any of those struck a chord, see if one of the following seven Mixpanel alternatives might better fulfil your needs. 

  The top 7 Mixpanel alternatives

  Now, let’s look at the alternatives.

  We’ll explain exactly how each platform differs from Mixpanel, its standout features, strengths, common community critiques, and when it may be (or may not be) the right choice. 

  1. Matomo

  Matomo is a privacy-focused, open-source web and mobile analytics platform. As a proponent of an ethical web, Matomo prioritises data ownership and privacy protection. 

  It’s a great Mixpanel alternative for those who care about data privacy. You own 100% of your data and will always comply with data regulations like GDPR when using the platform. 

  

  Main dashboard with visits log, visits over time, visitor map, combined keywords, and traffic sources
  (Image Source)

  Matomo isn’t short on features, either. Product teams and marketers can evaluate the entire user journey, capture detailed visitor profiles, combine web, mobile and app reports, and use custom reporting to generate the specific insides they need.

  Key features :

  • Complete app and web analytics : Matomo tracks performance metrics and KPIs across web, app and mobile. Understand which pages users visit, how long they stay and how they move between devices.
  • Marketing attribution : Built-in marketing attribution capabilities make it easy for marketers to pinpoint their most profitable campaigns and channels. 
  • User behaviour tracking : Generate in-depth user behaviour data thanks to heatmaps, form analytics and session recordings.

  Strengths

  • On-premise and cloud versions : Use Matomo for free on your servers or subscribe to Matomo Cloud for hosting and additional support. Either way, you remain in control of your data.
  • Exceptional customer support : On-premise and Matomo Cloud users get free access to the forum. Cloud customers get dedicated support, which is available at an additional cost for on-premise customers. 
  • Consent-free tracking : Matomo doesn’t ruin the user’s experience with cookie banners. 
  • Open-source software : Matomo’s software is free to use, modify, and distribute. Users get a more secure, reliable and transparent solution thanks to the community of developers and contributors working on the project. Matomo will never become proprietary software, so there’s no risk of vendor lock-in. You will always have access to the source code, raw data and APIs. 

  Common community critiques :

  • On-premise setup : The on-premise version requires some technical knowledge and a server.
  • App tracking features : Some features, like heatmaps, available on web analytics aren’t available in-app analytics. Features may also differ between Android SDK and iOS SDK.

  Price : 

  Matomo has three plans :

  • Free : on-premise analytics is free to use
  • Cloud : Hosted business plans start at €22 per month
  • Enterprise : custom-priced, cloud-hosted enterprise plan tailored to meet a business’s specific requirements.

  There’s a free 21-day trial for Matomo Cloud and a 30-day plugin trial for Matomo On-Premise.

  2. Adobe Analytics

  Adobe Analytics is an enterprise analytics platform part of the Adobe Experience Cloud. This makes it a great Mixpanel alternative for those already using other Adobe products. But, getting the most from the platform is challenging without the rest of the Adobe ecosystem. 

  

  Adobe Analytics Analysis Workspace training tutorial
  (Image Source)

  Adobe Analytics offers many marketing tools, but product teams may find their offer lacking. Small or inexperienced teams may also need help using this feature-heavy platform. 

  Key features :

  • Detailed web and marketing analytics : Adobe lets marketers draw in data from almost any source to get a comprehensive view of the customer journey. 
  • Marketing attribution : There’s a great deal of flexibility when crediting conversions. There are unlimited attribution models, too, including both paid and organic media channels.
  • Live Stream : This feature lets brands access raw data in near real time (with a 30- to 90-second delay) to assess the impact of marketing campaigns as soon as they launch. 

  Strengths :

  • Enterprise focus : Adobe Analytics’s wide range of advanced features makes It attractive to large companies with one or more high-traffic websites or apps. 
  • Integrations : Adobe Analytics integrates neatly with other Adobe products like Campaign and Experience Cloud). Access marketing, analytics and content management tools in one place. 
  • Customisation : The platform makes it easy for users to tailor reports and dashboards to their specific needs.

  Common community critiques :

  • Few product analytics features : While marketers will likely love Adobe, product teams may find it lacking. For example, the heatmap tool isn’t well developed. You’ll need to use Adobe Target to run A/B tests.
  • Complexity : The sheer number of advanced features can make Adobe Analytics a confusing experience for inexperienced or non-technically minded users. While a wealth of support documentation is available, it will take longer to generate value. 
  • Price : Adobe Analytics costs several thousand dollars monthly, making it suitable only for enterprise clients.

  Price : 

  Adobe offers three tiers : Select, Prime and Ultimate. Pricing is only available on request.

  3. Amplitude

  Amplitude is a product analytics and event-tracking platform. It is arguably the most like-for-like platform on this list, and there is a lot of overlap between Amploitduce’s and Mixpanel’s capabilities. 

  

  The Ask Amplitude™ feature helps build and analyse conversion funnel charts.
  (Image Source)

  The platform is an excellent choice for marketers who want to create a unified view of the customer by tracking them across different devices. This is possible with several other analytics platforms on this list (Matomo included), but Mixpanel doesn’t centralise data from web and app users in a signal report. 

  Amplitude also has advanced features Mixpanel doesn’t have, like feature management and AI, as well as better customisation. 

  Key features :

  • Product analytics : Amplitude comes packed with features product teams will use regularly, including customer journey analysis, session replays and heatmaps. 
  • AI : Amplitude AI can clean up data, generate insights and detect anomalies.
  • Feature management : Amplitude provides near-real-time feedback on feature usage and adoption rates so that product teams can analyse the impact of their work. Developers can also use the platform to manage progressive rollouts. 

  Strengths :

  • Self-serve reporting : The platform’s self-serve nature means employees of all levels and abilities can get the insights they need. That includes data teams that want to run detailed and complex analyses. 
  • Integrated web experimentation. Product teams or marketers don’t need a third-party tool to run A/B tests because Amplitude has a comprehensive feature that lets users set up tests, collect data and create reports. 
  • Extensive customer support : Amplitude records webinars, holds out-of-office sessions and runs a Slack community to help customers extract as much value as possible.

  Common community critiques :

  • Off-site tracking : While Amplitude has many features for tracking customer interaction across your product, it lacks ways to track customers once they are off-site. This is not great for marketing attribution, for example, or growing search traffic. 
  • Too complex : The sheer number of things Amplitude tracks can overwhelm inexperienced users who must spend time learning how to use the platform. 
  • Few templates : Few stock templates make getting started with Amplitude even harder. Users have to create reports from scratch rather than customise a stock graph. 

  Price : 

  • Starter : Free to track up to 50,000 users per month. 
  • Plus : $49 per month to track up to 300,000 users.
  • Growth : Custom pricing for no tracking limits
  • Enterprise : Custom pricing for dedicated account managers and predictive analytics
    

  4. Google Analytics

  Google Analytics is the most popular web analytics platform. It’s completely free to use and easy to install. Although there’s no customer support, the thousands of online how-to videos and articles go some way to making up for it. 

  

  GA dashboard showing acquisition, conversion and behaviour data across all channels 
  (Image Source)

  Most people are familiar with Google’s web analytics data, which makes it a great Mixpanel alternative for marketers. However, product teams may struggle to get the qualitative data they need.

  Key features :

  • User and conversion tracking : People don’t just use Google Analytics because it’s free. The platform boasts a competitive user engagement and conversion tracking offering, which lets businesses of any size understand how consumers navigate their sites and make purchases. 
  • Audience segmentation : Segment audiences based on time and event parameters.
  • Google Ads integration : Track users from the moment they interact with one of your ads. 

  Strengths :

  • It’s free : Web and product analytics platforms can cost hundreds of dollars monthly and put a sizable dent in a small business marketing budget. Google provides the basic tools most marketers need for free.
  • Cross-platform tracking : GA4 lets teams track mobile and web analytics in one place, which wasn’t possible in Universal Analytics.
  • A wealth of third-party support : There’s no shortage of Google Analytics tutorials on YouTube to help you set up and use the platform. 

  Common community critiques :

  • Data privacy concerns : There are concerns about Google’s lack of compliance with regulations like GDPR. The workaround is asking people for permission to collect their data, but that requires a consent pop-up that can disrupt the user experience. 
  • No CRO features : Google Analytics lacks the conversion optimisation features of other tools in this list, including Matomo. It can’t record sessions, track user interactions via a heatmap or run A/B tests. 
  • AI data sampling : Google generates insights using AI-powered data sampling rather than analysing your actual data, which may make your data inaccurate. 

  Price : 

  Google Analytics is free to use. Google also offers a premium version, GA 360, which starts at $50,000 per year. 

  5. Heap

  Heap is a digital insights and product analytics platform. It gives product managers and marketers the quantitative and qualitative data they need to improve conversion rates, improve product features, and reduce churn. 

  

  Heap marketing KPI dashboard
  (Image Source)

  The platform offers everything you’d expect from a product analytics perspective, including session replays, heatmaps and user journey analysis. It even has an AI tool that can answer your questions. 

  Key features :

  • Auto-capture : Unlike other analytics tools (Mixpanel and Google Analytics, for instance), you don’t need to manually code events. Heap’s auto-capture feature automatically collects every user interaction, allowing for retroactive analysis. 
  • Segmentation : Create distinct customer cohorts based on behaviour. Integrate other platforms like Marketo to use that information to personalise marketing campaigns. 
  • AI CoPilot : Heap has a generative AI tool, CoPilot, that answers questions like “How many people visited the About page last week ?” It can also handle follow-up questions and suggest what to search next. 

  Strengths :

  • Integrations : Heap’s integrations allow teams to centralise data from dozens of third-party applications. Popular integrations include Shopify and Salesforce. Heap can also connect to your data warehouse. 
  • Near real-time tracking : Heap has a live data feed that lets teams track user behaviour in near real-time (there’s a 15-second delay).
  • Collaboration : Heap facilitates cross-department collaboration via shared spaces and shared reports. You can also share session replays across teams.

  Common community critiques :

  • Struggles at scale : Heap’s auto-capture functionality can be more of a pain than a perk when working at scale. Sites with a million or more weekly visitors may need to limit data capture.
  • Data overload : Heap tracks so much data it can be hard to find the specific events you want to measure.
  • Poor-quality graphics : Heap’s visualisations are basic and may not appeal to non-technically minded users.

  Price : 

  Heap offers four plans with pricing available on request.

  • Free
  • Growth
  • Pro
  • Premier
    

  6. Hotjar

  Hotjar is a product experience insight tool that analyses why users behave as they do. The platform collects behavioural data using heatmaps, surveys and session recordings. 

  It’s a suitable alternative for product teams and marketers who care about collecting qualitative rather than quantitative data. 

  

  New heatmap feature in hotjar
  (Image Source)

  It’s not your typical analytics platform, however. Hotjar doesn’t track site visits or conversions, so teams use it alongside a web analytics platform like Google Analytics or Matomo.

  Key features :

  • Surveys : Product teams can place surveys on specific pages to capture quantitative and qualitative data. 
  • Heatmaps : Hotjar provides several heatmaps — click, scroll and interaction — that show how users behave when browsing your site. 
  • Session recordings : Support quantitative analytics data with videos of genuine user behaviour. It’s like watching someone browsing your site over their shoulder. 

  Strengths :

  • User-friendly interface : The tool is easy to navigate and accessible to all employees. Anyone can start using it quickly. 
  • Funnel analysis : Use Hotjar’s range of tools to analyse your entire funnel, identifying friction points and opportunities to improve the customer experience. 
  • Cross-platform tracking : Hotjar compares user behaviour across desktop, mobile and app. 

  Common community critiques :

  • Limited web analytics : While Hotjar is great for understanding customer behaviour, it doesn’t collect standard web analytics data. 
  • Data retention : Hotjar only retains data for one month to a year on some plans.
  • Impacts page speed : The tool’s code impacts your site’s performance, leading to slower load times. 

  Price : 

  • Free : Up to five thousand monthly sessions, including screen recordings and heatmaps
  • Growth : $49 per month for 7,000 to 10,000 monthly sessions
  • Pro : Custom pricing for up to 500 million monthly sessions
  • Enterprise : Custom pricing for up to 6 billion monthly sessions. 
    

  7. Kissmetrics

  Kissmetrics is a web and mobile analytics platform that aims to help teams generate more revenue and acquire more users through product-led growth. 

  As such, the platform offers more to marketers than product teams — particularly online store owners and SaaS businesses. 

  

  Kissmetrics funnel report 
  (Image Source)

  Kissmetrics provides a suite of behavioural analytics tools that analyse how customers move through your funnel, where they drop off and why. That’s great for marketers, but product teams will struggle to understand how customers actually use their product once they’ve converted.

  Key features :

  • User journey mapping : Follow individual customer journeys to learn how each customer finds and engages with your brand. 
  • Funnel analysis : Funnel reports help marketers track cart abandonments and other drop-offs along the customer journey. 
  • A/B testing : Kissmetrics’s A/B testing tool measures how customers respond to different page layouts

  Strengths :

  • Detailed revenue metrics : Kissmetrics makes measuring customer lifetime value, churn rate, and other revenue-focused KPIs easy. 
  • Stellar onboarding experience : Kissmetrics gives new users a detailed walkthrough and tutorial, which helps non-technical users get up to speed. 
  • Integrations : Integrate data from dozens of platforms and tools, such as Facebook, Instagram, Shopify, and Woocommerce, so all your data is in one place. 

  Common community critiques :

  • Predominantly web-based : Kissmetrics focuses on web-based traffic over app- or cross-platform tracking. It may be fine for some teams, but product managers or marketers who track users across apps and smartphones may want to look elsewhere. 
  • Slow to load large data sources : The platform can be slow to load, react to, and analyse large volumes of data, which could be an issue for enterprise clients. 
  • Price : Kissmetrics is significantly more expensive than Mixpanel. There is no freemium tier, meaning you’ll need to pay at least $199 monthly. 

  Price : 

  • Silver : $199 per month for up to 2 million monthly events
  • Gold : $499 per month for up to five million monthly events
  • Platinum : Custom pricing

  Switch from Mixpanel to Matomo

  When it comes to extracting deep insights from user data while balancing compliance and privacy protection, Mixpanel delivers mixed results. If you want a more straightforward alternative, more websites chose Matomo over Mixpanel for their analytics because of its :

  • Accurate web analytics collected in an ethical, GDPR-compliant manner
  • Behavioural analytics (like heatmaps and session recordings) to understand how users engage with your site
  • Rolled-up cross-platform reporting for mobile and apps
  • Flexibility and customisation with 250+ settings, plentiful plugins and integrations, APIs, raw data access
  • Open-source code to create plugins to fit your specific business needs
  • 100% data ownership with Matomo On-Premise and Matomo Cloud

  Over one million websites in 190+ countries use Matomo’s powerful web analytics platform. Join them today by starting a free 21-day trial — no credit card required.

• Turn insights into action with the best marketing analytics tools

  20 août, par Joe

  Behind every great marketing team is a marketing analytics platform that collects performance data and identifies ways to improve. 

  But with hundreds of tools to choose from in a market valued at over $5.6 billion, how can you find the best platform that offers cross-channel tracking and advanced analysis while staying on the right side of privacy laws ?

  We’re here to help. 

  In this article, let’s review seven of the top marketing analytics tools, highlighting their standout features, pricing, and common community critiques. You’ll learn why choosing the right tool is crucial and what factors to consider when making a decision. 

  What are marketing analytics tools ?

  Marketing analytics tools capture and analyse data from various marketing channels, such as your website, social media profiles, and paid ad campaigns. 

  Marketers use these platforms to find ways to optimise campaigns and drive more conversions. Marketing attribution tools, for example, measure marketing effectiveness and help marketers understand which channels drive the most conversions. As a result, they can optimise budgets, allocating more money to the most effective channels. 

  

  Multi-Channel conversion attribution in Matomo
  (Image Source)

  Marketers can also reduce friction from the customer journey. Behavioural analytics tools like heatmaps and session recordings help marketing teams understand what’s stopping users from converting and run experiments to increase conversion rates. 

  Marketers can use an all-in-one analytics tool or a platform-specific alternative. Some analytics only track your social media efforts, for example. Others, like Matomo, let you track web visitors, paid ad performance, SEO data and attribute conversions from multiple campaigns. 

  The features and capabilities of marketing analytics tools can also vary by industry. For example, financial marketing analytics platforms will prioritise compliance and data security, while e-commerce teams focus on user behaviour analysis. Advanced tools now leverage machine learning to predict trends and automate insights, making them indispensable for data-driven decision-making.

  7 of the best marketing analytics tools

  With numerous marketing analytics platforms to choose from, it can be challenging to determine the best one for your business. 

  We’ve done the hard work, though. Below you’ll find reviews of seven of the leading tools, why they’re great and what customers say about them.

  1. Matomo

  Matomo Analytics is a leading ethical open-source marketing analytics platform that powers over a million websites in more than 190+ countries.

  

  Main dashboard in Matomo
  (Image Source)

  Why Matomo : Matomo empowers organisations to get the insights they need without compromising user privacy. Businesses can significantly reduce the amount of personal identifiable information they collect and comply with privacy laws like GDPR and CCPA. At the same time, they can use visitor logs to track the entire customer journey, assess the value of marketing channels using multi-touch attribution and analyse visitor behaviour using heatmaps and session recordings.

  Standout features include multi-touch attribution, visitor logs, goal tracking, custom reports, e-commerce tools, form analytics, tag manager, Google Analytics Importer, heatmaps and session recordings. 

  Integrations : Matomo integrates with more than 100 content management systems, e-commerce platforms and frameworks, including WordPress, Cloudflare, Magento, Google Ads, Drupal, WooCommerce and Wix.

  Strengths :

  • 100% accurate, unsampled data
  • Privacy-focused marketing analytics
  • Complete data ownership 
  • Open-source software 
  • Self-hosting and cloud-based options
  • A built-in GDPR Manager

  Common community critiques :

  • Non-technical users can experience a learning curve with some of the platform’s more advanced features
  • Premium features are proprietary

  Pricing : Matomo On-Premise is free to use. Matomo Cloud costs $23 per month and comes with a 21-day free trial (no credit card required).

  2. Heap by Contentsquare

  Heap by Contentsquare is a digital insights platform that gives businesses a near-real-time understanding of their users’ digital journeys.

  

  Demo dashboard in Heap
  (Image Source)

  Why Heap : Heap helps businesses paint a complete picture of their customers. It automatically records every user interaction (clicks, page views, form submissions and more) without manual event tagging to give marketers access to every metric and allow for retroactive analysis. 

  Standout features include data science tools that identify customer friction, journey analysis, session replays, heatmaps, pre-built dashboards and customer cohort analysis.

  Strengths :

  • Automatic event tracking eliminates the need for manual tagging, saving time and reducing implementation errors.
  • Setting up Heap is easy with a single code snippet. You don’t need advanced technical skills.
  • Real-time reporting and live data feeds help marketers quickly spot opportunities and issues. 

  Common community critiques :

  • The volume of data capture can create more noise than signal, which clouds analysis
  • Users can find the platform’s interface unintuitive
  • Businesses can accidentally collect personally identifiable information (PII) if they don’t configure the platform correctly

  Pricing : Heap has a limited free plan for up to 10,000 monthly sessions. Pricing for Growth, Pro and Premier plans is available upon request. 

  3. Mixpanel

  Mixpanel is a product and marketing analytics platform that helps SaaS and mobile marketers track user retention and engagement. 

  

  Product metrics dashboard in Mixpanel
  (Image Source)

  Why Mixpanel : Unlike traditional analytics tools that focus on pageviews and sessions, Mixpanel uses event-based analytics to track, analyse, and optimise user actions. It also has AI-powered predictive analytics that help marketers identify trends and proactively address churn. 

  Standout features include predictive analytics, funnel analysis, GA4 migration, A/B testing and real-time reports

  Strengths :

  • Intuitive dashboards and reports make Mixpanel accessible for non-technical users
  • Extensive integrations ensure seamless data flow across your tech stack
  • Advanced cohort analysis and customer segmentation support targeting and personalisation efforts

  Common community critiques :

  • The wide range of features means there’s a steep learning curve for new users
  • Pricing rises quickly for enterprise users
  • Event tracking can be difficult to set up

  Pricing : Mixpanel has a free forever plan with limited features. Premium plans give you one million monthly events free and then charge $.00028 per event after that.

  4. Funnel

  Funnel is a low-code marketing data platform that automates the collection and transformation of marketing data from hundreds of sources. 

  

  Performance marketing dashboard in Funnel
  (Image source)

  Why Funnel : Funnel is the ideal choice for marketers operating across dozens of different channels. It helps you gain a holistic view of marketing performance by pulling in data from over 500 sources, cleansing and visualising it.

  Standout features include a vast number of integration partners, automated data collection and transformation, two-year data storage and custom integrations.

  Strengths :

  • Low-code setup makes Funnel accessible to anyone
  • Highly responsive customer support
  • Custom metrics for personalised reporting

  Common community critiques :

  • The visualisation features are fairly basic. Marketers often need to use other tools like Tableau.
  • The platform has a steep learning curve
  • Delays can occur when processing data from third-party sources

  Pricing : Available upon request

  5. HubSpot

  HubSpot is a comprehensive analytics platform that helps marketers improve every stage of the buyer’s journey. Detailed insights and robust automation capabilities let marketers manage campaigns, track leads and optimise customer experiences. 

  

  Marketing dashboard in HubSpot
  (Image Source)

  Why HubSpot : HubSpot’s all-in-one platform is ideal for marketing and sales teams that want to paint a complete picture of their combined efforts. Analytics features let marketers track visitors and campaign performance, while automation tools nurture prospects and turn visitors into MQLs.

  Standout features include an easy-to-use dashboard, marketing automation, A/B testing and pre-made reports. 

  Strengths :

  • A very intuitive dashboard makes it easy for users of all abilities to navigate
  • Powerful automation features help marketers save time
  • There’s strong customer support and a large community of certified partners

  Common community critiques :

  • Pricing is expensive and increases quickly 
  • Engagement tracking is less granular than dedicated behavioural analytics tools
  • The wide range of features can lead to analysis paralysis

  Pricing : Marketing Hub Professional starts at $800 per month. Marketing Hub Enterprise starts from $3,600 per month.

  6. Whatagraph

  Whatagraph is a marketing analytics and automated reporting platform that helps agencies and in-house teams turn complex, multi-channel marketing data into visually easy-to-understand reports.

  

  Web analytics report in Whatagraph
  (Image Source)

  Why Whatagraph : Whatagraph is a great choice for companies that prioritise data visualisation. It lets users combine data from over 50 sources into customisable dashboards and reports. There are plenty of ready-made templates as well as a drag-and-drop interface in case you want to create your own.

  Standout features include direct integration with 50+ data sources, data blending across different channels, digital ad spend tracking and automated report creation.

  Strengths :

  • A very intuitive and user-friendly interface that lets anyone start building reports immediately
  • Visually appealing reports make it easy to share insights with stakeholders
  • Highly responsive support team

  Common community critiques :

  • No freemium pricing
  • It can take users time to get to grips with Whatagraph’s wide range of features
  • It lacks native integrations for some platforms

  Pricing : Available on request

  7. Google Analytics

  Google Analytics offers two analytics platforms : GA4 and GA360. GA4 is Google’s free analytics solution you’re probably familiar with. GA360 is the premium, enterprise-level version of GA4. It’s built for large organisations with complex analytics needs and high data volumes.

  

  Home page in GA4
  (Image Source)

  Why Google : GA4 is a well-known and widely used analytics platform. It’s free, familiar to most people and has plenty of online resources to help if you get stuck. However, it doesn’t protect user privacy, uses data sampling and lacks advanced features like behavioural analytics. 

  GA360 users can configure the platform to be more privacy-friendly, but there are still better (and cheaper) privacy-friendly alternatives.

  Standout features include event-based tracking, cross-platform tracking, audience segmentation and real-time reporting.

  Strengths :

  • GA4 is free to use
  • There’s no shortage of online guides
  • Cross-platform tracking helps you get a better view of your visitors 

  Common community critiques :

  • Not privacy focused or GDPR-compliant
  • Data sampling muddles insights
  • Both GA4 and GA360 look and are very different from Universal Analytics

  Pricing : GA4 is free to use. GA360 pricing is available on request

  What are the benefits of marketing analytics tools

  Research by Supermetrics reveals that marketing teams are using 230% more data than they did in 2020. 

  Analytics tools are the primary means of generating marketing data, but they have other uses as well. Here are four reasons every department needs a comprehensive analytics platform :

  • Track marketing efforts. Marketing analytics offers a unified view of all your campaigns across channels — from paid ads and social media to email and organic search. By consolidating data from multiple sources, these platforms help marketers monitor campaign performance in real time and prove campaign effectiveness to stakeholders. 
    
  • Improve customer understanding. Analytics platforms that have built-in behavioural tracking capabilities like heatmaps and session recordings help marketers generate qualitative and quantitative data that reveals how users interact with your site, what content resonates and where friction points occur.
    
  • Optimise web and marketing experiences. Marketing is a game of continuous improvement. Analytics platforms help marketing teams attribute conversions to specific campaigns, refine user journeys with A/B testing and improve the overall experience. 
    
  • Drive more conversions. Ultimately, the goal of marketing analytics is to increase conversions, whether that means sales, sign-ups or other events. Performance insights help marketers fine-tune their strategies, target high-value segments, and craft campaigns that move prospects down the funnel more efficiently. In a world where marketing budgets are falling by 15% year-on-year, it’s important to squeeze every drop of ROI from your campaigns. 

  Top features to look for in a marketing analytics tool

  With so many platforms to choose from, picking the right analytics tool can be a challenge. 

  Make it easier for yourself by looking for a tool that offers features to enhance your insights while ensuring your business remains compliant with data privacy regulations. 

  Advanced analytics features

  Don’t settle for a simple web analytics tool or try to juggle different analytics platforms for each channel. Instead, choose a single tool that provides a range of advanced analytics features, including the following :

  • Marketing attribution
  • Cohort analysis
  • Session recordings and heatmaps
  • Ecommerce analytics
  • SEO metrics

  By doing so, you’ll get everything you need from a single platform. This will keep costs down and make managing marketing data much easier.

  Data visualisation

  A great marketing analytics tool will offer customizable dashboards and reports that marketers can use to make sense of complex data. Look for :

  • Drag-and-drop interfaces
  • Pre-built templates
  • Detailed visitor profiles

  Data visualisation not only aids decision-making but also helps communicate results clearly to non-technical team members and executives.

  Near-real-time reporting

  Many platforms will claim to offer real-time reporting. But that’s rarely possible. Instead, choose tools with near-real-time reporting that help marketers measure the impact of campaigns as quickly as possible. 

  Matomo, for example, offers a Visits in Real-time Report that lets you see the flow of visitors on your site and shows how many people visited in the last 30 minutes and 24 hours. 

  

  Visits Overview in Matomo

  The report refreshes every 5 seconds to display new visits and tracks a range of visitor attributes, including country, operating system, referrer, time spent on site and whether they are a new or returning visitor. 

  Data security and privacy

  Data privacy should be a top priority for modern marketers. Employing ethical analytics and data practices will mean you don’t have to annoy users with cookie banners. But it also improves trust and minimises legal risk.

  Choose analytics tools that are transparent about data collection, offer robust privacy controls, and comply with regulations like GDPR and CCPA. Features such as anonymised tracking, customisable consent banners and secure data storage help protect both your business and your customers.

  Matomo has all of these features and more, protecting your visitors’ privacy in a dozen different ways. 

  100% data ownership and no sampling

  A lot of analytics platforms don’t let you own or properly use your data. Data sampling — where tools only analyse a portion of your data — is a particular problem in Google Analytics. It clouds insights, meaning marketers make decisions based on guesses, not facts. 

  Who owns your data matters, too. When you use a platform like Google Analytics, you give permission for Google to use your customers’ data for advertising purposes. 

  Instead of trading your customers’ data for free analytics, use a platform that gives you 100% ownership of your data. Matomo does this in a couple of ways :

  • Matomo On-Premise offers 100% data ownership, as it’s hosted on your own servers. You choose where to store it, and we cannot access it. 
    
  • Matomo Analytics for WordPress provides a self-hosted WordPress-specific option that offers the benefits of On-Premise without the technical setup.
    
  • Matomo Cloud subscriptions are governed by our Terms, which state that you own all rights, titles and interests in your users’ data. In other words, we can’t sell it to third parties or claim ownership. 

  While Matomo products may change, our commitment to privacy never will. You’ll always be able to self-host Matomo for free. 

  	Matomo	Heap	Mixpanel	Funnel	HubSpot	Whatagraph	Google Analytics
  Privacy/GDPR-friendly	✔️
  Open-source	✔️
  Self-hosting option	✔️
  Multi-touch attribution	✔️
  Heatmaps & session recordings	✔️	✔️	⚠️¹
  Goal tracking	✔️	✔️	✔️	✔️
  Custom reports	✔️	✔️	✔️	✔️	✔️	✔️	✔️
  E-commerce tracking	✔️	✔️	✔️	✔️
  Tag manager	✔️		✔️	✔️
  GA importer	✔️
  Real-time reporting	✔️	✔️	✔️	✔️	⚠️²	✔️
  Predictive analytics		✔️
  A/B testing	✔️		✔️
  Marketing automation					✔️
  Visualisation / dashboards	✔️	✔️	✔️	⚠️³	✔️	✔️	✔️
  Automated reporting						✔️
  Free plan available	✔️	✔️	✔️		✔️

  Trust Matomo for comprehensive marketing analytics

  The right analytics platform empowers marketers to track campaigns across channels, gain deep insights into customer behaviour, optimise user experiences and ultimately drive more conversions. 

  If you care about collecting data while respecting your users’ privacy, a tool like Matomo is the way to go. Try Matomo free for 21 days. No credit card required.

• Understanding GDPR compliance : Key principles and requirements

  28 août, par Joe

  Any company with an online presence will likely collect customers’ personal data in the normal course of business. But those with customers residing in the European Economic Area (EEA) — basically, the European Union (EU) plus Iceland, Liechtenstein and Norway — must comply with the General Data Protection Regulation (GDPR). Companies serving UK data subjects post-Brexit must also abide by the UK GDPR, which includes certain regional variations.

  GDPR authorities are only concerned with personal data (not with non-personal or anonymous data), ensuring that it’s collected, used, and stored in a way that respects users’ rights and privacy.

  Failure to comply can present serious business risks, including :

  • Financial penalties (more about that shortly)
  • Compensation claims from data subjects for mishandling their information
  • Reputational damage (if/when a data breach does occur)
  • Disruption to operations
  • Personal accountability of executives (including potential sanctions)

  This article explores the GDPR and personal data protection, the rights it confers on European data subjects, and how those rights are enforced. We’ll wrap up with an 11-step plan for GDPR compliance. 

  Let’s begin.

  The price of non-compliance

  The largest fine so far levied for GDPR non-compliance is €1.2 billion in May 2023. It was imposed by the Irish Data Protection Commission (DPC) on Meta (previously Facebook). And it was because of Meta’s transfers of EU/EEA data subjects’ personal data to the US from 16 July 2020 in breach of GDPR international data transfer rules.

  Many other fines have been levied for GDPR non-compliance, and there’ll probably be a lot more in the future :

  Penalty	Company	Supervisory Authority	Date
  €746 million	Amazon	Luxembourg National Commission for Data Protection (CNDP)	16 July 2021
  €405 million	Meta	Ireland’s Data Protection Commission (DPC)	5 September 2022
  €390 million	Meta	Ireland’s Data Protection Commission (DPC)	6 January 2023
  €345 million	TikTok	Ireland’s Data Protection Commission (DPC)	1 September 2023
  €310 million	LinkedIn	Ireland’s Data Protection Commission (DPC)	30 October 2024
  €290 million	Uber	Dutch Data Protection Authority (DPA)	26 August 2024

  Those are big numbers. European supervisory authorities take enforcement seriously

  So, what is personal data anyway ?

  GDPR defines personal data as any information about a data subject (an identified or identifiable individual). This covers both direct (name, address, ID numbers, etc.) and indirect identifiers (IP addresses, location data, etc.). It categorises personal data into two types : general and special category.

  General data includes identifiers like names, contact details, and financial information. 

  Special category data, such as racial or ethnic origin, health data, biometric information, and sexual orientation, needs more protection. 

  The processing of special category data is only allowed under certain conditions, for example, if consent was given explicitly or if vital interests (e.g., a threat to life), legal obligations, or public interest are involved. GDPR emphasises safeguarding sensitive data due to its potential impact on individuals’ privacy and rights.

  Important GDPR terminology

  Apart from the data subject, personal data, and special category data mentioned above, GDPR introduces other legal terms and concepts organisations must understand. A data controller decides what personal data to collect and how to use it. A data processor processes the data on behalf of the data controller.

  A Data Protection Officer (DPO) oversees GDPR compliance. Processing is any operation performed on data, such as collecting, analysing or storing it. That processing must also have a lawful basis, such as consent, contract, or legitimate interests. And consent must be freely given, specific, and easily withdrawable. 

  A data breach involves unauthorised access to or loss of personal data. A Data Protection Impact Assessment (DPIA) identifies risks to individuals’ rights. Data minimisation requires organisations to minimise what data they collect. Countries in the EU/EEA have appointed a supervisory authority to enforce GDPR in their territory.

  Rights of EU/EEA data subjects under GDPR 

  GDPR grants specific rights to individuals (data subjects) who are physically present in the EU/EEA when their personal data is processed, regardless of nationality or residence status. The business’s physical or legal presence is irrelevant, as the determining factor is the data subject’s location at the time of processing.

  Non-compliance can lead to significant penalties and even criminal charges in jurisdictions where such penalties are enforced under national law. 

  To support responsible data practices, the GDPR defines key foundational rights.

  Transparency

  Two rights granted to data subjects in the EU/EEA under GDPR relate to transparency :

  1. The right to be informed (proactive, applies at data collection)
  2. The right of access (reactive, applies when the data subject makes a request)

  They provide transparency by mandating that data subjects be provided specific details about that process, including :

  • Company or organisation processing the data (with contact details)
  • Reasons for using the data
  • Categories of personal data involved
  • Legal basis for processing the data
  • How long data will be stored
  • Other companies, organisations, or third parties with access to the data
  • Whether data will be transferred outside the EU/EEA

  Privacy notices should meet the standards in GDPR Articles 12–14, covering what data is collected, for what purpose, and how users can exercise their rights. 

  For a deeper dive, check out : How to write a GDPR-compliant privacy notice.

  Objections and restricted processing

  Under GDPR, individuals in the EU/EEA have the right to object to the processing of personal data in two key respects :

  1. They can object to direct marketing, after which organisations must stop processing their data immediately, with no justification required.
  2. If data is being processed on the basis of the organisation’s legitimate interests or for tasks carried out in the public interest, data subjects can object if they believe their own rights and freedoms outweigh those interests. Again, processing must stop unless the organisation proves compelling legitimate grounds outweighing the individual’s rights.

  Individuals can also request temporary restrictions on data processing when : 

  • Their data isn’t accurate (until verified).
  • Processing is unlawful, but they prefer restriction over deletion.
  • Their data is no longer being used, but must be retained for legal purposes.
  • After they object to processing while verification of legitimate grounds is pending.

  During restriction, the organisation can continue storing the data, but may not process it without explicit consent or when certain exceptions apply.

  Rectification and erasure

  Individuals have the right to rectify errors in their data and to erasure (deleting data). First, they can request corrections to inaccurate or incomplete personal data. GDPR requires organisations to act without undue delay to ensure that stored data remains accurate and up to date.

  The right to erasure (aka the right to be forgotten) enables individuals to request deletion of their personal data when :

  • It’s no longer needed for its original purpose
  • They withdraw consent, and no other legal basis exists
  • Processing is unlawful
  • They object to processing, and no overriding legitimate grounds exist
  • The data must be deleted to comply with a legal obligation

  Organisations must delete data unless exemptions (e.g., legal compliance, public interest, or legal claims) apply.

  Data portability

  GDPR provides the right to data portability. People can request their personal data in a structured, common, and machine-readable format so it’s easier to review or transfer to another service provider. This applies when data is :

  • Provided by the individual, either directly (e.g., name, email) or indirectly through use of a service (e.g., purchase history)
  • Processed based on consent or a contract
  • Handled using automated means

  Portability does not apply to personal data processed on the basis of legal obligations or legitimate interests. ItT only applies when processing is based on consent or a contract, and carried out by automated means.

  Where technically feasible, GDPR also requires organisations to facilitate direct transfers of personal data to another controller at the subject’s request.

  

  Automated decision-making and profiling

  GDPR grants EU/EEA data subjects the right not to be subject exclusively to automated decision-making, with legal or similarly significant effects, without human involvement. This applies to issues affecting them, such as job screening, loan approvals, or insurance pricing. They can :

  • Request human intervention : A real person must review the decision.
  • Express their viewpoint : Provide additional information or dispute the outcome.
  • Challenge the decision : Demand justification and correction if unfair.

  For example, imagine someone applying for a loan online, and the algorithm rejects the application based on credit history. They can request a human review to ensure fairness and consider special circumstances, such as recent debt clearance.

  However, GDPR also provides for some exceptions. Automated decisions are allowed if one of the following statements is true :

  • It’s obtained with explicit consent.
  • It’s necessary for a contract.
  • It’s permitted by law, with safeguards.

  How is GDPR enforced ?

  GDPR enforcement is carried out primarily by national supervisory authorities in each EU/EEA country. These authorities investigate complaints, conduct audits, and impose penalties for non-compliance within their jurisdictions. In cross-border cases, they collaborate through the one-stop-shop mechanism, which designates a lead authority to coordinate enforcement.

  The European Data Protection Supervisor (EDPS) is the independent data protection authority for EU institutions and agencies. It does not supervise private-sector or national public-sector organisations and is not a general enforcer of the GDPR.

  The European Data Protection Board (EDPB) is the body responsible for ensuring consistent application of the GDPR across the EU/EEA. Made up of representatives from national supervisory authorities and the EDPS, the EDPB issues guidelines, resolves disputes between authorities, and adopts binding decisions in cross-border matters.

  The origins of GDPR

  The EU’s regulation was adopted in 2016 to replace the 1995 Data Protection Directive (DPD), which predated the digital age. As technology use increased, vast amounts of personal data were collected, analysed, and stored, often without people’s knowledge, threatening their privacy and security.

  The main motivation behind GDPR was to unify the application of data protection rules across the EU/EEA through a directly applicable regulation, rather than a directive that required separate implementation by each member state. The aim was to eliminate fragmentation, ensure consistent enforcement, and strengthen individuals’ rights.

  Enter GDPR. It was agreed upon after years of negotiations between the 27 EU member states, the European Parliament, and the European Commission. It was formally adopted in 2016 and became fully enforceable on May 25, 2018. But there’s a difference. DPD was a directive that had to be implemented separately by member states. From that date, GDPR has been applied uniformly across the EU/EEA.

  The EEA adopted the GDPR on 6 July 2018 and went into force on 20 July 2018. It’s since become a global template, influencing data protection and privacy laws in countries like Brazil (LGPD), India, and Japan. The UK retained GDPR after Brexit, adapting it into the UK GDPR, which closely mirrors the EU version but allows for future divergence.

  Who does it apply to ?

  GDPR protects the personal data of individuals who reside in the EU/EEA. It applies to any organisation processing that data, no matter where it’s located in the world. This remains true even if the data is transferred outside the EU/EEA for storage and/or processing.

  Organisations are having difficulty with this regulation, as evidenced by the fines that have been meted out. Whether the penalties are paid, reduced through negotiation or still owed, their existence is a lingering uncertainty for the companies involved.

  Who must comply

  GDPR applies if you :

  • Have an office or another form of establishment in the EU/EEA, or
    
  • Offer goods/services to data subjects located in the EU/EEA (even if free) or
    
  • Monitor EU/EEA data subjects’’ behaviour (e.g., via cookies or analytics)
    

  What does GDPR require ?

  GDPR requires organisations to respect a clear set of data protection principles : lawfulness, fairness and transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality, and accountability. It also obliges them to ensure that they always have a valid legal basis (consent, contract, legal obligation, legitimate interests, etc.) to process the personal data.

  Data should also not be stored longer than necessary to fulfil the specific purpose for which it was collected. Appropriate organisational measures must be taken to ensure the security and integrity of the personal data and protect it from breaches, loss, or unauthorised access. Should a reportable data breach occur, it must be reported to the relevant supervisory authority within 72 hours. Affected individuals must be informed if the breach is likely to result in a high risk to their rights.

  Organisations must also demonstrate accountability by keeping detailed records of processing activities and conducting DPIAs for high-risk processing. If their core activities involve large-scale processing of special categories of data or regular and systematic monitoring of individuals, they must appoint a DPO. 

  Finally, organisations must implement adequate safeguards when transferring data outside the EU/EEA through the GDPR Chapter V mechanism, such as adequacy decisions, Standard Contractual Clauses, Binding Corporate Rules, etc.

  By adhering to these requirements, organisations ensure compliance with GDPR and protect the data privacy and rights of EU/EEA data subjects.

  11 steps to compliance

  Once you’ve confirmed that the GDPR applies to your organisation’s processing of personal data, you can begin working toward compliance.

  Below, we’ve broken the process into eleven clear steps to help guide you.

  Step 1 : Map your data : Purpose, use and legal basis

  Any organisation operating in the EU, EEA or UK and handling personal data of data subjects in those regions must audit all the personal data it currently holds. 

  Your organisation must identify the legal basis for processing all data subject to the GDPR. If no legal basis can be found or justified, the processing will not be permitted under the GDPR.

  Step 2 : Consider appointing a DPO

  According to the GDPR text, a DPO is mandatory only under certain conditions, mainly due to processing volume and the type of organisation. But there are certain scenarios where it’s required.

  • Public authorities that process personal data as a matter of course, except for courts in their judicial capacity.
  • Organisations whose core activities involve regular and systematic monitoring of data subjects on a large scale.
  • Organisations that process specific “special” data categories (as defined by the GDPR) or data relating to criminal offences as a core activity on a large scale.

  It’s vague, and GDPR doesn’t clearly define “core activity” or “large scale”. If you are unsure whether your organisation falls into these categories, seek legal advice and err on the side of caution. Regardless, even if you are not required to appoint a DPO, it’s a good idea to appoint someone to monitor and oversee GDPR compliance efforts internally.

  Step 3 : Identify supervisory authorities

  This is generally governed by the territories in which an organisation operates. However, GDPR does make provisions for operations that cover multiple countries. In those cases, the GDPR provides a one-stop-shop mechanism to streamline oversight.

  In such cases, a lead supervisory authority (LSA) is designated. Organisations cannot freely choose their lead supervisory authority ; it depends on the location of the main establishment (Art. 56 GDPR).

  Most EEA countries have only one supervisory authority. Germany is the exception. Federal states each have their own DPA, and the Bundesbeauftragte für den Datenschutz und die Informationsfreiheit oversees federal matters. 

  Step 4 : Consider a Data Protection Impact Assessment

  GDPR requires a DPIA when processing is likely to result in a high risk to individuals’ rights and freedoms. Examples include large-scale processing of sensitive data, systematic profiling, public monitoring, or innovative technology use. A DPIA involves describing the processing, assessing necessity, identifying risks, and implementing mitigation measures.

  If the process reveals residual, unmitigated high risks, the DPIA report must be submitted to the nominated supervisory authority for consultation before the processing can proceed. Feedback can be expected within 8 weeks (extendable to 14 weeks), and the recommendations must be implemented. Conducting a DPIA is one way to ensure compliance. It also protects individuals’ rights and avoids fines for non-compliance.

  Step 5 : Establish a data breach process

  Organisations must quickly implement systems to identify and assess breaches for scope and impact. They must act immediately to contain the breach and record all the details and the actions taken.

  

  Data breaches likely to result in a risk to individuals’ rights and freedoms must be reported to the supervisory authority within 72 hours of the organisation becoming aware of the breach. If the breach is likely to result in a high risk to the individuals’ rights and freedoms, the controller has an obligation to inform the affected individuals as well. Data breach processes should also be reviewed regularly and included in staff training. 

  Here’s a simplified version :

  Simplified data breach response checklist
  𝥁	Detect and confirm the breach
  🮱	Contain and mitigate the impact
  🮱	Assess the severity and potential harm
  🮱	Document the breach
  🮱	Report the breach
  🮱	Inform affected individuals
  🮱	Review and improve
  🮱	Train staff in breach response protocols

  Step 6 : Review websites and website form security

  Websites and the forms on them are common gateways for personal data, making them a high-value target for bad actors. Ensuring these entry points are secure is essential to protecting user data and supporting GDPR’s requirements for confidentiality, integrity, and resilience (Article 32).

  Here are some key actions to take : 

  Website and form security best practices
  Use HTTPS with a valid SSL/TLS certificate	Ensure pages that collect/display personal data are served over HTTPS to encrypt data in transit and prevent interception.
  Secure all data collection forms	Validate and sanitize user input to protect against common threats, such as cross-site scripting (XSS), injection attacks, and form spam. Use security headers such as Content Security Policy (CSP) to prevent malicious script execution. Implement CAPTCHAs or other bot detection.
  Restrict access to form submissions	Store submitted data securely and restrict access to authorized personnel. Use strong passwords, enable multi-factor authentication (MFA), and apply role-based access controls (RBAC) where possible.
  Keep your website software up to date	Apply regular security patches to your CMS, plugins, and third-party libraries. Remove unused components and services that may introduce vulnerabilities.
  Monitor and test for vulnerabilities	Perform regular security scans andpenetration tests to identify risks. Monitor error logs and unusual activity, especially around form endpoints.

  Taking these proactive steps to strengthen form security and reduce breach risk will support your organization’s GDPR compliance posture..

  Step 7 : Consider age when required

  Under Article 8 of the GDPR, age verification is only required when :

  • Personal data is being processed on the basis of consent, and
  • The service is offered directly to children (i.e., an information society service provided online)
    

  In these cases, organisations must ensure the child is at least 16 years old, unless a lower age threshold has been set by national law (e.g., 13 in the UK).

  Age verification methods must be proportionate to the level of risk, aligned with the principle of data minimisation, and appropriate for the audience. Common approaches include : 

  • Self-declaration with confirmation prompts
  • Email-based parental consent mechanisms
  • Content gating or notices for services not intended for children

  More intrusive methods, such as biometric estimation, government ID upload, or video verification, should be avoided unless absolutely necessary. When justified, such methods must undergo a Data Protection Impact Assessment (DPIA) and meet the requisite necessity and proportionality standards.

  Step 8 : Implement double-opt-in for all email lists and services

  At present, Germany is the only EU country with a clear legal mandate for double opt-in under its national GDPR implementation and ePrivacy laws. While not explicitly required elsewhere in the EU and EEA, double opt-in is widely recommended as a best practice to ensure explicit consent.

  This process confirms that the user explicitly agrees while reducing opportunities for fraud and improving compliance. It also builds trust, as customers know how you’re handling their data. A clear, up-to-date privacy policy is essential to the process. It must outline how data is used and stored and how an individual’s rights can be exercised.

  For example, obtaining consent in an email marketing campaign may involve the following steps :

  1. The user signs up for a newsletter or service.
  2. They receive a confirmation email/text message with a verification link.
  3. The user clicks the link to confirm consent.

  Step 9 : Restrict international data transfers

  GDPR limits data subjects’ personal data transfer outside the European Economic Area (EEA) unless certain conditions are met.

  Such transfers are not permitted unless one of the following conditions is met :

  1. Appropriate safeguards are in place, such as :
     • Standard contractual clauses (SCCs) approved by the Commission
     • Binding corporate rules (BCRs) for multinational groups
  2. The destination country is one of the following countries that has received an adequacy decision from the European Commission.

  Countries with GDPR adequacy decisions (as of July 2025)
  Andorra	Full adequacy decision
  Argentina	Full adequacy decision
  Canada	Applies only to commercial organisations under PIPEDA
  Faroe Islands	Full adequacy decision
  Guernsey	Full adequacy decision
  Isle of Man	Full adequacy decision
  Israel	Full adequacy decision
  Japan	Adequacy with additional safeguards aligned to EU standards
  Jersey	Full adequacy decision
  New Zealand	Full adequacy decision
  Republic of Korea	Adequacy decision adopted in 2021
  Switzerland	Longstanding adequacy decision (dating back to the 2000s)
  United Kingdom	Adequacy under both GDPR and the Law Enforcement Directive (LED)
  United States	Applies only to commercial organisations certified under the EU-US Data Privacy Framework

  Major fines (like Meta’s €1.2 billion) have already been levied for unlawful data transfers. In addition, third-party service providers and data processors charged with handling EU data must also be GDPR-compliant. 

  If personal data is processed by a third party outside the EEA, organisations must verify that contractual safeguards comply with GDPR Article 28. These processor management safeguards cover :
  

  • Contractual – Defines what the processor is permitted to do with personal data
  • Security – Specifies technical and organisational safeguards to protect data
  • Breach notifications – Requires processors to report breaches in a timely manner
  • Sub-processor oversight – Grants approval rights over any sub-processors
  • End-of-service handling – Ensures return or proper disposal of personal data at contract end
  • Audit rights – Allows controllers to audit processor compliance if needed

  Step 10 : Record of Processing Activities (ROPA)

  GDPR obliges both data controllers and data processors to maintain a Record of Processing Activities (ROPA). This processing register details how and why personal data is processed, and it must include the following : 

  • Name and contact details (and DPO, if applicable)
  • Processing purposes (marketing, HR, customer service, etc.)
  • Data categories (names, emails, financial data, etc.)
  • Data subject categories (customers, employees)
  • Transfers outside the EEA (legal basis, safeguards like SCCs, etc.)
  • Retention periods for each data category
  • Security measures (encryption, access controls, etc.).

  For data controllers, the ROPA must also include the names and details of any people who receive personal data, such as services or processors. The register should also map the flow of data through the organisation (and any third parties), which is needed for audits or analysing a data breach.

  An effective ROPA depends on strong data governance. Clearly-defined processes, ongoing training, and regular reviews are necessary to keep internal policies aligned with how personal data is actually handled in practice.

  Maintaining a ROPA also supports GDPR’s accountability principle : organisations must be able to show compliance, not just claim it. Documented policies, audits, and training records provide the evidence needed to demonstrate this.

  Step 11 : Data subject rights management

  Organisations that collect, store, analyse, or process the personal data of EEA data subjects must regularly advise customers of their rights under GDPR. In particular, they must remind data subjects of their right to submit a Data Subject Access Request (DSAR) and respond promptly to DSARs from individuals requesting access to their personal data.

  Among other things, EEA data subjects may request :

  • Confirmation that their data is being processed
  • A copy of their data
  • Information about how and why their data is being processed
  • The purposes of processing
  • Categories of personal data involved
  • Recipients or categories of recipients who receive the data
  • Data retention periods or criteria used to determine them
  • The data source (if not collected directly from the individual)

  DSARs can be refused if they’re manifestly unfounded or excessive or if providing the data would adversely affect the rights of others. But it’s advisable to use that as a last resort.

  GDPR compliance in practice

  GDPR compliance isn’t automatic — not even with privacy-focused tools like Matomo or reconfigured platforms like Google Analytics 4. 

  Regardless of which analytics solution you use, data protection laws like GDPR and the ePrivacy Directive require organisations to : 

  • Track only occurs when lawful, and with valid user consent when required.
  • Configure privacy settings to comply with the GDPR.
  • Only collect data that is proportionate, transparent, and serves a legitimate, disclosed purpose.

  Even the best tools can fail if they aren’t used properly. That’s why governance, intentional setup, and consistent consent management are necessary parts of compliance.

  Matomo offers secure, privacy-focused GDPR analytics. It includes a built-in GDPR Manager and privacy centre to fine-tune your privacy settings.

  To get started with Matomo, you can sign up for a 21-day free trial — no credit card required.