Recherche avancée

Sur d’autres sites (5825)

• How to Use Analytics & Reports for Marketing, Sales & More

  28 septembre 2023, par Erin — Analytics Tips

  By now, most professionals know they should be using analytics and reports to make better business decisions. Blogs and thought leaders talk about it all the time. But most sources don’t tell you how to use analytics and reports. So marketers, salespeople and others either skim whatever reports they come across or give up on making data-driven decisions entirely. 

  But it doesn’t have to be this way.

  In this article, we’ll cover what analytics and reports are, how they differ and give you examples of each. Then, we’ll explain how clean data comes into play and how marketing, sales, and user experience teams can use reports and analytics to uncover actionable insights.

  What’s the difference between analytics & reports ? 

  Many people speak of reports and analytics as if the terms are interchangeable, but they have two distinct meanings.

  A report is a collection of data presented in one place. By tracking key metrics and providing numbers, reports tell you what is happening in your business. Analytics is the study of data and the process of generating insights from data. Both rely on data and are essential for understanding and improving your business results.

  

  A science experiment is a helpful analogy for how reporting and analytics work together. To conduct an experiment, scientists collect data and results and compile a report of what happened. But the process doesn’t stop there. After generating a data report, scientists analyse the data and try to understand the why behind the results.

  In a business context, you collect and organise data in reports. With analytics, you then use those reports and their data to draw conclusions about what works and what doesn’t.

  Reports examples 

  Reports are a valuable tool for just about any part of your business, from sales to finance to human resources. For example, your finance team might collect data about spending and use it to create a report. It might show how much you spend on employee compensation, real estate, raw materials and shipping.

  On the other hand, your marketing team might benefit from a report on lead sources. This would mean collecting data on where your sales leads come from (social media, email, organic search, etc.). You could collect and present lead source data over time for a more in-depth report. This shows which sources are becoming more effective over time. With advanced tools, you can create detailed, custom reports that include multiple factors, such as time, geographical location and device type.

  

  Analytics examples 

  Because analytics requires looking at and drawing insights from data and reports to collect and present data, analytics often begins by studying reports. 

  In our example of a report on lead sources, an analytics professional might study the report and notice that webinars are an important source of leads. To better understand this, they might look closely at the number of leads acquired compared to how often webinars occur. If they notice that the number of webinar leads has been growing, they might conclude that the business should invest in more webinars to generate more leads. This is just one kind of insight analytics can provide.

  For another example, your human resources team might study a report on employee retention. After analysing the data, they could discover valuable insights, such as which teams have the highest turnover rate. Further analysis might help them uncover why certain teams fail to keep employees and what they can do to solve the problem.

  The importance of clean data 

  Both analytics and reporting rely on data, so it’s essential your data is clean. Clean data means you’ve audited your data, removed inaccuracies and duplicate entries, and corrected mislabelled data or errors. Basically, you want to ensure that each piece of information you’re using for reports and analytics is accurate and organised correctly.

  If your data isn’t clean and accurate, neither will your reports be. And making business decisions based on bad data can come at a considerable cost. Inaccurate data might lead you to invest in a channel that appears more valuable than it actually is. Or it could cause you to overlook opportunities for growth. Moreover, poor data maintenance and the poor insight it provides will lead your team to have less trust in your reports and analytics team.

  The simplest way to maintain clean data is to be meticulous when inputting or transferring data. This can be as simple as ensuring that your sales team fills in every field of an account record. When you need to import or transfer data from other sources, you need to perform quality assurance (QA) checks to make sure data is appropriately labelled and organised. 

  Another way to maintain clean data is by avoiding cookies. Most web visitors reject cookie consent banners. When this happens, analysts and marketers don’t get data on these visitors and only see the percentage of users who accept tracking. This means they decide on a smaller sample size, leading to poor or inaccurate data. These banners also create a poor user experience and annoy web visitors.

  Matomo can be configured to run cookieless — which, in most countries, means you don’t need to have an annoying cookie consent screen on your site. This way, you can get more accurate data and create a better user experience.

  Marketing analytics and reports 

  Analytics and reporting help you measure and improve the effectiveness of your marketing efforts. They help you learn what’s working and what you should invest more time and money into. And bolstering the effectiveness of your marketing will create more opportunities for sales.

  

  One common area where marketing teams use analytics and reports is to understand and improve their keyword rankings and search engine optimization. They use web analytics platforms like Matomo to report on how their website performs for specific keywords. Insights from these reports are then used to inform changes to the website and the development of new content.

  As we mentioned above, marketing teams often use reports on lead sources to understand how their prospects and customers are learning about the brand. They might analyse their lead sources to better understand their audience. 

  For example, if your company finds that you receive a lot of leads from LinkedIn, you might decide to study the content you post there and how it differs from other platforms. You could apply a similar content approach to other channels to see if it increases lead generation. You can then study reporting on how lead source data changes after you change content strategies. This is one example of how analysing a report can lead to marketing experimentation. 

  Email and paid advertising are also marketing channels that can be optimised with reports and analysis. By studying the data around what emails and ads your audience clicks on, you can draw insights into what topics and messaging resonate with your customers.

  

  Marketing teams often use A/B testing to learn about audience preferences. In an A/B test, you can test two landing page versions, such as two different types of call-to-action (CTA) buttons. Matomo will generate a report showing how many people clicked each version. From those results, you may draw an insight into the design your audience prefers.

  Sales analytics and reports 

  Sales analytics and reports are used to help teams close more deals and sell more efficiently. They also help businesses understand their revenue, set goals, and optimise sales processes. And understanding your sales and revenue allows you to plan for the future.

  One of the keys to building a successful sales strategy and team is understanding your sales cycle. That’s why it’s so important for companies to analyse their lead and sales data. For business-to-business (B2B) companies in particular, the sales cycle can be a long process. But you can use reporting and analytics to learn about the stages of the buying cycle, including how long they take and how many leads proceed to the next step.

  Analysing lead and customer data also allows you to gain insights into who your customers are. With detailed account records, you can track where your customers are, what industries they come from, what their role is and how much they spend. While you can use reports to gather customer data, you also have to use analysis and qualitative information in order to build buyer personas. 

  

  Many sales teams use past individual and business performance to understand revenue trends. For instance, you might study historical data reports to learn how seasonality affects your revenue. If you dive deeper, you might find that seasonal trends may depend on the country where your customers live. 

  

  Conversely, it’s also important to analyse what internal variables are affecting revenue. You can use revenue reports to identify your top-performing sales associates. You can then try to expand and replicate that success. While sales is a field often driven by personal relationships and conversations, many types of reports allow you to learn about and improve the process.

  Website and user behaviour analytics and reports 

  More and more, businesses view their websites as an experience and user behaviour as an important part of their business. And just like sales and marketing, reporting and analytics help you better understand and optimise your web experience. 

  Many web and user behaviour metrics, like traffic source, have important implications for marketing. For example, page traffic and user flows can provide valuable insights into what your customers are interested in. This can then drive future content development and marketing campaigns.

  

  You can also learn about how your users navigate and use your website. A robust web analytics tool, like Matomo, can supply user session recordings and visitor tracking. For example, you could study which pages a particular user visits. But Matomo also has a feature called Transitions that provides visual reports showing where a particular page’s traffic comes from and where visitors tend to go afterward. 

  

  As you consider why people might be leaving your website, site performance is another important area for reporting. Most users are accustomed to near-instantaneous web experiences, so it’s worth monitoring your page load time and looking out for backend delays. In today’s world, your website experience is part of what you’re selling to customers. Don’t miss out on opportunities to impress and delight them.

  Dive into your data

  Reporting and analytics can seem like mysterious buzzwords we’re all supposed to understand already. But, like anything else, they require definitions and meaningful examples. When you dig into the topic, though, the applications for reporting and analytics are endless.

  Use these examples to identify how you can use analytics and reports in your role and department to achieve better results, whether that means higher quality leads, bigger deal size or a better user experience.

  To see how Matomo can collect accurate and reliable data and turn it into in-depth analytics and reports, start a free 21-day trial. No credit card required.

• Virginia Consumer Data Protection Act (VCDPA) Guide

  27 septembre 2023, par Erin — Privacy

  Do you run a for-profit organisation in the United States that processes personal and sensitive consumer data ? If so, you may be concerned about the growing number of data privacy laws cropping up from state to state.

  Ever since the California Consumer Privacy Act (CCPA) came into effect on January 1, 2020, four other US states — Connecticut, Colorado, Utah and Virginia — have passed their own data privacy laws. Each law uses the CCPA as a foundation but slightly deviates from the formula. This is a problem for US organisations, as they cannot apply the same CCPA compliance framework everywhere else.

  In this article, you’ll learn what makes the Virginia Consumer Data Protection Act (VCDPA) unique and how to ensure compliance.

  What is the VCDPA ?

  Signed by Governor Ralph Northam on 2 March 2021, and brought into effect on 1 January 2023, the VCDPA is a new data privacy law. It gives Virginia residents certain rights regarding how organisations process their personal and sensitive consumer data.

  

  The law contains several provisions, which define :

  • Who must follow the VCDPA
  • Who is exempt from the VCDPA
  • The consumer rights of data subjects
  • Relevant terms, such as “consumers,” “personal data,” “sensitive data” and the “sale of personal data”
  • The rights and responsibilities of data controllers
  • What applicable organisations must do to ensure VCDPA compliance

  These guidelines define the data collection practices that VCDPA-compliant organisations must comply with. The practices are designed to protect the rights of Virginia residents who have their personal or sensitive data collected.

  What are the consumer rights of VCDPA data subjects ?

  There are seven consumer rights that protect residents who fit the definition of “data subjects” under the new Virginia data privacy law. 

  

  A data subject is an “identified or identifiable natural person” who has their information collected. Personally identifiable information includes a person’s name, address, date of birth, religious beliefs, immigration status, status of child protection assessments, ethnic origin and more.

  Below is a detailed breakdown of each VCDPA consumer right :

  1. Right to know, access and confirm personal data : Data subjects have the right to know that their data is being collected, the right to access their data and the right to confirm that the data being collected is accurate and up to date.
  2. Right to delete personal data : Data subjects have the right to request that their collected personal or sensitive consumer data be deleted.
  3. Right to correct inaccurate personal data : Data subjects have the right to request that their collected data be corrected.
  4. Right to data portability : Data subjects have the right to obtain their collected data and, when reasonable and possible, request that their collected data be transferred from one data controller to another.
  5. Right to opt out of data processing activity : Data subjects have the right to opt out of having their personal or sensitive data collected.
  6. Right to opt out of the sale of personal and sensitive consumer data : Data subjects have the right to opt out of having their collected data sold to third parties.

  Right to not be discriminated against for exercising one’s rights : Data subjects have the right to not be discriminated against for exercising their right to not have their personal or sensitive consumer data collected, processed and sold to third parties for targeted advertising or other purposes.

  Who must comply with the VCDPA ?

  The VCDPA applies to for-profit organisations. Specifically, those that operate and offer products or services in the state of Virginia.

  

  Additionally, for-profit organisations that fit under either of these two categories must comply with the VCDPA :

  • Collect and process the personal data of at least 100,000 Virginia residents within a financial year or
  • Collect and process the personal data of at least 25,000 Virginia residents and receive at least 50% of gross revenue by selling personal or sensitive data.

  If a for-profit organisation resides out of the state of Virginia and falls into one of the categories above, they must comply with the VCDPA. Eligibility requirements also apply, regardless of the revenue threshold of the organisation in question. Large organisations can avoid VCDPA compliance if they don’t meet either of the above two eligibility requirements.

  What types of consumer data does the VCDPA protect ?

  The two main types of data that apply to the VCDPA are personal and sensitive data. 

  

  Personal data is either identified or personally identifiable information, such as home address, date of birth or phone number. Information that is publicly available or has been de-identified (dissociated with a natural person or entity) is not considered personal data.

  Sensitive data is a category of personal data. It’s data that’s either the collected data of a known child or data that can be used to form an opinion about a natural person or individual. Examples of sensitive data include information about a person’s ethnicity, religion, political beliefs and sexual orientation. 

  It’s important that VCDPA-compliant organisations understand the difference between the two data types, as failure to do so could result in penalties of up to $7,500 per violation. For instance, if an organisation wants to collect sensitive data (and they have a valid reason to do so), they must first ask for consent from consumers. If the organisation in question fails to do so, then they’ll be in violation of the VCDPA, and may be subject to multiple penalties — equal to however many violations they incur.

  A 5-step VCDPA compliance framework

  Getting up to speed with the terms of the VCDPA can be challenging, especially if this is your first time encountering such a law. That said, even organisations that have experience with data privacy laws should still take the time to understand the VCDPA.

  

  Here’s a simple 5-step VCDPA compliance framework to follow.

  1. Assess data

  First off, take the time to become familiar with the Virginia Consumer Data Protection Act (VCDPA). Then, read the content from the ‘Who does the VCDPA apply to’ section of this article, and use this information to determine if the law applies to your organisation.

  How do you know if you reach the data subject threshold ? Easy. Use a web analytics platform like Matomo to see where your web visitors are, how many of them (from that specific region) are visiting your website and how many of them you’re collecting personal or sensitive data from.

  To do this in Matomo, simply open the dashboard, look at the “Locations” section and use the information on display to see how many Virginia residents are visiting your website.

  

  Using the dashboard will help you determine if the VCDPA applies to your company.

  2. Evaluate your privacy practices

  Review your existing privacy policies and practices and update them to comply with the VCDPA. Ensure your data collection practices protect the confidentiality, integrity and accessibility of your visitors.

  One way to do this is to automatically anonymise visitor IPs, which you can do in Matomo — in fact, the feature is automatically set to default. 

  

  Another great thing about IP anonymisation is that after a visitor leaves your website, any evidence of them ever visiting is gone, and such information cannot be tracked by anyone else. 

  3. Inform data subjects of their rights

  To ensure VCDPA compliance in your organisation, you must inform your data subjects of their rights, including their right to access their data, their right to transfer their data to another controller and their right to opt out of your data collection efforts.

  That last point is one of the most important, and to ensure that you’re ready to respond to consumer rights requests, you should prepare an opt-out form in advance. If a visitor wants to opt out from tracking, they’ll be able to do so quickly and easily. Not only will this help you be VCDPA compliant, but your visitors will also appreciate the fact that you take their privacy seriously.

  

  To create an opt-out form in Matomo, visit the privacy settings section (click on the cog icon in the top menu) and click on the “Users opt-out” menu item under the Privacy section. After creating the form, you can then customise and publish the form as a snippet of HTML code that you can place on the pages of your website.

  4. Review vendor contracts

  Depending on the nature of your organisation, you may have vendor contracts with a third-party business associate. These are individuals or organisations, separate from your own, that contribute to the successful delivery of your products and services.

  You may also engage with third parties that process the data you collect, as is the case for many website owners that use Google Analytics (to which there are many alternatives) to convert visitor data into insights. 

  Financial institutions, such as stock exchange companies, also rely on third-party data for trading. If this is the case for you, then you likely have a Data Processing Agreement (DPA) in place — a legally binding document between you (the data controller, who dictates how and why the collected data is used) and the data processor (who processes the data you provide to them).

  To ensure that your DPA is VCDPA compliant, make sure it contains the following items :

  • Definition of terms
  • Instructions for processing data
  • Limits of use (explain what all parties can and cannot do with the collected data)
  • Physical data security practices (e.g., potential risks, risk of harm and control measures)
  • Data subject rights
  • Consumer request policies (i.e., must respond within 45 days of receipt)
  • Privacy notices and policies

  5. Seek expert legal advice

  To ensure your organisation is fully VCDPA compliant, consider speaking to a data and privacy lawyer. They can help you better understand the specifics of the law, advise you on where you fall short of compliance and what you must do to become VCDPA compliant.

  Data privacy lawyers can also help you draft a meaningful privacy notice, which may be useful in modifying your existing DPAs or creating new ones. If needed, they can also advise you on areas of compliance with other state-specific data protection acts, such as the CCPA and newly released laws in Colorado, Connecticut and Utah.

  How does the VCDPA differ from the CCPA ?

  Although the VCDPA has many similarities to the CCPA, the two laws still have their own approach to applying the law. 

  Here’s a quick breakdown of the main differences that set these laws apart.

  Definition of a consumer

  Under the VCDPA, a consumer is a “natural person who is a Virginia resident acting in an individual or household context.” Meanwhile, under the CCPA, a consumer is a “natural person who is a California resident acting in an individual or household context.” However, the VCDPA omits people in employment contexts, while the CCPA doesn’t. Hence, organisations don’t need to consider employee data.

  Sale of personal data

  The VCDPA defines the “sale of personal data” as an exchange “for monetary consideration” by the data controller to a data processor or third party. This means that, under the VCDPA, an act is only considered a “sale of personal data” if there is monetary value attached to the transaction.

  This contrasts with the CCPA, where that law also counts “other valuable considerations” as a factor when determining if the sale of personal data has occurred.

  Right to opt out

  Just like the CCPA, the VCDPA clearly outlines that organisations must respond to a user request to opt out of tracking. However, unlike the CCPA, the VCDPA does not give organisations any exceptions to such a right. This means that, even if the organisation believes that the request is impractical or hard to pull off, it must comply with the request under any circumstances, even in instances of hardship.

  Ensure VCDPA compliance with Matomo

  The VCDPA, like many other data privacy laws in the US, is designed to enhance the rights of Virginia consumers who have their personal or sensitive data collected and processed. Fortunately, this is where platforms like Matomo can help.

  Matomo is a powerful web analytics platform that has built-in features to help you comply with the VCDPA. These include options like :

  • Cookie-less tracking
  • Creating consumer consent and opt-out forms
  • Giving consumers access to their personal data

  Try out the free 21-day Matomo trial today. No credit card required.

• GDPR Compliance and Personal Data : The Ultimate Guide

  22 septembre 2023, par Erin — GDPR

  According to the International Data Corporation (IDC), the world generated 109 zettabytes of data in 2022 alone, and that number is on track to nearly triple to 291 zettabytes in 2027. For scale, that’s one trillion gigs or one followed by 21 zeros in bytes.

  A major portion of that data is generated online, and the conditions for securing that digital data can have major real-world consequences. For example, online identifiers that fall into the wrong hands can be used nefariously for cybercrime, identity theft or unwanted targeting. Users also want control over how their actions are tracked online and transparency into how their information is used.

  Therefore, regional and international regulations are necessary to set the terms for respecting users’ privacy and control over personal information. Perhaps the most widely known of these laws is the European Union’s General Data Protection Regulation (GDPR).

  What is personal data under GDPR ?

  Under the General Data Protection Regulation (GDPR), “personal data” refers to information linked to an identifiable natural person. An “identifiable natural person” is someone directly or indirectly recognisable via individually specific descriptors such as physical, genetic, economic, cultural, employment and social details.

  It’s important to note that under GDPR, the definition of personal data is very broad, and it encompasses both information that is commonly considered personal (e.g., names and addresses) and more technical or specialised data (e.g., IP addresses or device IDs) that can be used to identify individuals indirectly.

  Organisations that handle personal data must adhere to strict rules and principles regarding the processing and protection of this data to ensure individuals’ privacy rights are respected and upheld.

  Personal data can include, but is not limited to, the following :

  1. Basic Identity Information : This includes a person’s name, government-issued ID number, social address, phone number, email address or other similar identifiers.
  2. Biographical Information : Details such as date of birth, place of birth, nationality and gender.
  3. Contact Information : Information that allows communication with the individual, such as phone numbers, email addresses or mailing addresses.
  4. Financial Information : Data related to a person’s finances, including credit card numbers, bank account numbers, income records or financial transactions.
  5. Health and Medical Information : Information about a person’s health, medical history or healthcare treatments.
  6. Location Data : Data that can pinpoint a person’s geographical location, such as GPS coordinates or information derived from mobile devices.
  7. Online Identifiers : Information like IP addresses, cookies or other online tracking mechanisms that can be used to identify or track individuals online.
  8. Biometric Data : Unique physical or behavioural characteristics used for identification, such as fingerprints, facial recognition data or voiceprints.

  Sensitive Data

  Sensitive data is a special category of personal data prohibited from processing unless specific conditions are met, including users giving explicit consent. The data must also be necessary to fulfil one or more of a limited set of allowed purposes, such as reasons related to employment, social protections or legal claims.

  Sensitive information includes details about a person’s racial or ethnic origin, sexual orientation, political opinions, religion, trade union membership, biometric data or genetic data.

  What are the 7 main principles of GDPR ?

  The 7 principles of GDPR guide companies in how to properly handle personal data gathered from their users.

  

  The seven principles of GDPR are :

  1. Lawfulness, fairness and transparency

  Lawfulness means having legal grounds for data processing, such as consent, legitimate interests, contract and legal obligation. If you can achieve your objective without processing personal data, the basis is no longer lawful.

  Fairness means you’re processing data reasonably and in line with users’ best interests, and they wouldn’t be shocked if they find out what you’re using it for.

  Transparency means being open regarding when you’re processing user data, what you’re using it for and who you’re collecting it from.

  To get started with this, use our guide on creating a GDPR-compliant privacy policy.

  2. Purpose limitation

  You should only process user data for the original purposes you communicated to users when requesting their explicit consent. If you aim to undertake a new purpose, it must be compatible with the original stated purpose. Otherwise, you’ll need to ask for consent again.

  3. Data minimisation

  You should only collect as much data as you need to accomplish compliant objectives and nothing more, especially not other personally identifiable information (PII).

  Matomo provides several features for extensive data minimisation, including the ability to anonymize IP addresses.

  Data minimisation is well-liked by users. Around 70% of people have taken active steps towards protecting their identity online, so they’ll likely appreciate any principles that help them in this effort.

  

  4. Accuracy

  The user data you process should be accurate and up-to-date where necessary. You should have reasonable systems to catch inaccurate data and correct or delete it. If there are mistakes that you need to store, then you need to label them clearly as mistakes to keep them from being processed as accurate.

  5. Storage limitation

  This principle requires you to eliminate data you’re no longer using for the original purposes. You must implement time limits, after which you’ll delete or anonymize any user data on record. Matomo allows you to configure your system such that logs are automatically deleted after some time.

  6. Integrity and confidentiality

  This requires that data processors have security measures in place to protect data from threats such as hackers, loss and damage. As an open-source web analytics solution, Matomo enables you to verify its security first-hand.

  7. Accountability

  Accountability means you’re responsible for what you do with the data you collect. It’s your duty to maintain compliance and document everything for audits. Matomo tracks a lot of the data you’d need for this, including activity, task and application logs.

  Who does GDPR apply to ?

  The GDPR applies to any company that processes the personal data of EU citizens and residents (regardless of the location of the company). 

  If this is the first time you’ve heard about this, don’t worry ! Matomo provides tools that allow you to determine exactly what kinds of data you’re collecting and how they must be handled for full compliance. 

  Best practices for processing personal data under GDPR

  Companies subject to the GDPR need to be aware of several key principles and best practices to ensure they process personal data in a lawful and responsible manner.

  Here are some essential practices to implement :

  1. Lawful basis for processing : Organisations must have a lawful basis for processing personal data. Common lawful bases include the necessity of processing for compliance with a legal obligation, the performance of a contract, the protection of vital interests and tasks carried out in the public interest. Your organisation’s legitimate interests for processing must not override the individual’s legal rights. 
  2. Data minimisation : Collect and process only the personal data that is necessary for the specific purpose for which it was collected. Matomo’s anonymisation capabilities help you avoid collecting excessive or irrelevant data.
  3. Transparency : Provide clear and concise information to individuals about how their data will be processed. Privacy statements should be clear and accessible to users to allow them to easily understand how their data is used.
  4. Consent : If you are relying on consent as a lawful basis, make sure you design your privacy statements and consent forms to be usable. This lets you ensure that consent is freely given, specific, informed and unambiguous. Also, individuals must be able to withdraw their consent at any time.
  5. Data subject rights : You must have mechanisms in place to uphold the data subject’s individual rights, such as the rights to access, erase, rectify errors and restrict processing. Establish internal processes for handling such requests.
  6. Data protection impact assessments (DPIAs) : Conduct DPIAs for high-risk processing activities, especially when introducing new technologies or processing sensitive data.
  7. Security measures : You must implement appropriate technical security measures to maintain the safety of personal data. This can include ‌security tools such as encryption, firewalls and limited access controls, as well as organisational practices like regular security assessments. 
  8. Data breach response : Develop and maintain a data breach response plan. Notify relevant authorities and affected individuals of data breaches within the required timeframe.
  9. International data transfers : If transferring personal data outside the EU, ensure that appropriate safeguards are in place and consider GDPR provisions. These provisions allow data transfers from the EU to non-EU countries in three main ways :
     1. When the destination country has been deemed by the European Commission to have adequate data protection, making it similar to transferring data within the EU.
     2. Through the use of safeguards like binding corporate rules, approved contractual clauses or adherence to codes of conduct.
     3. In specific situations when none of the above apply, such as when an individual explicitly consents to the transfer after being informed of the associated risks.
  10. Data protection officers (DPOs) : Appoint a data protection officer if required by GDPR. DPOs are responsible for overseeing data protection compliance within the organisation.
  11. Privacy by design and default : Integrate data protection into the design of systems and processes. Default settings should prioritise user privacy, as is the case with something like Matomo’s first-party cookies.
  12. Documentation : Maintain records of data processing activities, including data protection policies, procedures and agreements. Matomo logs and backs up web server access, activity and more, providing a solid audit trail.
  13. Employee training : Employees who handle personal data must be properly trained to uphold data protection principles and GDPR compliance best practices. 
  14. Third-party contracts : If sharing data with third parties, have data processing agreements in place that outline the responsibilities and obligations of each party regarding data protection.
  15. Regular audits and assessments : Conduct periodic audits and assessments of data processing activities to ensure ongoing compliance. As mentioned previously, Matomo tracks and saves several key statistics and metrics that you’d need for a successful audit.
  16. Accountability : Demonstrate accountability by documenting and regularly reviewing compliance efforts. Be prepared to provide evidence of compliance to data protection authorities.
  17. Data protection impact on data analytics and marketing : Understand how GDPR impacts data analytics and marketing activities, including obtaining valid consent for marketing communications.

  Organisations should be on the lookout for GDPR updates, as the regulations may evolve over time. When in doubt, consult legal and privacy professionals to ensure compliance, as non-compliance could potentially result in significant fines, damage to reputation and legal consequences.

  What constitutes a GDPR breach ?

  Security incidents that compromise the confidentiality, integrity and/or availability of personal data are considered a breach under GDPR. This means a breach is not limited to leaks ; if you accidentally lose or delete personal data, its availability is compromised, which is technically considered a breach.

  What are the penalty fines for GDPR non-compliance ?

  The penalty fines for GDPR non-compliance are up to €20 million or up to 4% of the company’s revenue from the previous fiscal year, whichever is higher. This makes it so that small companies can also get fined, no matter how low-profile the breach is.

  In 2022, for instance, a company found to have mishandled user data was fined €2,000, and the webmaster responsible was personally fined €150.

  Is Matomo GDPR compliant ?

  Matomo is fully GDPR compliant and can ensure you achieve compliance, too. Here’s how :

  • Data anonymization and IP anonymization
  • GDPR Manager that helps you identify gaps in your compliance and address them effectively
  • Users can opt-out of all tracking
  • First-party cookies by default
  • Users can view the data collected
  • Capabilities to delete visitor data when requested
  • You own your data and it is not used for any other purposes (like advertising)
  • Visitor logs and profiles can be disabled
  • Data is stored in the EU (Matomo Cloud) or in any country of your choice (Matomo On-Premise)

  Is there a GDPR in the US ?

  There is no GDPR-equivalent law that covers the US as a whole. That said, US-based companies processing data from persons in the EU still need to adhere to GDPR principles.

  While there isn’t a federal data protection law, several states have enacted their own. One notable example is the California Consumer Privacy Act (CCPA), which Matomo is fully compliant with.

  Ready for GDPR-compliant analytics ?

  The GDPR lays out a set of regulations and penalties that govern the collection and processing of personal data from EU citizens and residents. A breach under GDPR attracts a fine of either up to €20 million or 4% of the company’s revenue, and the penalty applies to companies of all sizes.

  Matomo is fully GDPR compliant and provides several features and advanced privacy settings to ensure you ‌are as well, without sacrificing the resources you need for effective analytics. If you’re ready to get started, sign up for a 21-day free trial of Matomo — no credit card required.

  Disclaimer
  We are not lawyers and don’t claim to be. The information provided here is to help give an introduction to GDPR. We encourage every business and website to take data privacy seriously and discuss these issues with your lawyer if you have any concerns.