Recherche avancée

Sur d’autres sites (7368)

• 5-Step Conversion Rate Optimisation Checklist

  27 octobre 2023, par Erin

  Did you know the average conversion rate across e-commerce businesses in August 2023 was 2.03% ? In the past year, conversion rates have increased by 0.39%.

  Make no mistake. Just because conversion rates are higher this year doesn’t make it any easier to convert visitors.

  Cracking the secrets to improving conversion rates is crucial to running a successful website or business.

  Your site is the digital headquarters all of your marketing efforts funnel toward. With every visitor comes an opportunity to convert them into a lead (or sale).

  Keep reading if you want to improve your lead generation or convert more visitors into customers. In this article, we’ll break down a simple five-step conversion rate optimisation checklist you need to follow to maximise your conversions.

  What is conversion rate optimisation ?

  Before we dive into the steps you need to follow to optimise your conversions, let’s back up and talk conversion rate optimisation.

  

  Conversion rate optimisation, or CRO for short, is the process of increasing the number of website visitors who take a specific action. 

  In most cases, this means :

  • Turning more visitors into leads by getting them to join an email list
  • Convincing a visitor to fill out a contact form for a consultation
  • Converting a visitor into a paying customer by purchasing a product

  However, conversion rate optimisation can be used for any action you want someone to take on your site. That could be downloading a free guide, clicking on a specific link, commenting on a blog post or sharing your website with a friend.

  Why following a CRO checklist is important

  Conversion rate optimisation is both a valuable practice and an absolute necessity for any business or marketer. While it can be a bit complex, especially when you start diving into A/B testing, there are a variety of advantages :

  Get the most out of your efforts

  When all is said and done, if you can’t convert the traffic already coming to your site, dumping a ton of time and resources into traffic generation (whether paid or organic) won’t solve your problem.

  Instead, you need to look at the root of the problem : your conversion rate.

  By doubling down on conversions and following a conversion rate optimisation checklist, you’ll get the greatest result for the effort you’re already putting into your site.

  Increase audience size

  To increase your audience size, you need to increase your traffic, right ? Not exactly.

  While your audience may be considered people who have seen your content or follow you on social media, a high-value audience is one you can market to directly on an ongoing basis.

  Your website gives you the playground to convert visitors into high-value audience members. This is done by creating conversion-focused email signup forms and optimising your website for sale conversions.

  Generate more sales

  Boosting sales through CRO is the core objective. By optimising product pages, simplifying the checkout process, and employing persuasive strategies, you can systematically increase your sales and maximise the value of your existing traffic.

  Reduce customer acquisition costs (CAC)

  With conversion optimisation, you can convert a higher percentage of your website visitors into paid customers. Even if you don’t spend more on acquiring new customers, you’ll be able to generate more sales overall. 

  The result is that your customer acquisition costs will drop, allowing you to increase your total acquisitions to your customer base.

  Improve profitability

  While reduced customer acquisition costs mean you can pour more money into customer acquisition at a cheaper rate, you could simply maintain your costs while driving sales, resulting in increased profitability.

  If you can spend the same amount on acquisition but bring in 20% more customers (due to using a CRO checklist), your profit margins will automatically increase.

  5-step CRO checklist

  To double down on conversion rate optimisation, you need to follow a checklist to ensure you don’t miss any major optimisation opportunities.

  The checklist below is designed to help you systematically optimise your website, ensuring you make the most of your traffic by continuously refining its performance.

  1. Forms

  Analysing and optimising your website’s forms is crucial for enhancing conversion rates. Understanding how visitors interact with your forms can uncover pain points and help you streamline the conversion process.

  Ever wonder where your visitors drop off on your forms ? It could be due to lengthy, time-consuming fields or overly complex forms, leading to a frustrating user experience and lower conversion rate. Whatever the reason, you need the right tools to uncover the root of the issue.

  By leveraging Form Analytics, you gain powerful insights into user behaviour and can identify areas where people may encounter difficulties.

  Form Analytics provides the insights to discover :

  • Average time spent on each field : This metric helps you understand where users may be struggling or spending too much time. By optimising these fields, you can streamline the form, reduce user frustration and increase conversions.
  • Identifying drop-off points : Understanding where users drop off provides insights into which form fields may need improvement. Addressing these drop-off points can increase the conversion rate.
  • Unneeded fields with a high blank submission rate : Discovering fields left blank upon submission can highlight areas for simplification. By eliminating unnecessary fields, you can create more concise and user-friendly forms that may entice more visitors to engage with the form.

  

  Hear first-hand how Concrete CMS achieve 3x more leads with insights from Form Analytics. 

  These data-driven insights empower you to optimise your forms, remove guesswork and settle debates about form design. By fine-tuning and streamlining your forms, you can ensure a smoother path to conversion and maximise your success in converting more visitors.

  Try Matomo for Free

  Get the web insights you need, without compromising data accuracy.

  Start for free

  No credit card required

  2. Copywriting

  Another crucial element you need to test is your copywriting. Your copywriting is the foundation of your entire website. It helps communicate to your audience what you have to offer and why they need to take action.

  You need to ensure you have a good offer. This isn’t just the product or service you’re putting out there. It’s the complete package. It includes the product, rewards, a unique guarantee, customer service, packaging and promotions.

  Start testing your copy with your headlines. Look at the headers and test different phrases to convert more potential customers into paying customers.

  Here are a few tips to optimise your copy for more conversions :

  • Ensure copy is relevant to your headline and vice versa.
  • Write short words, short sentences and short paragraphs.
  • Use bullets and subheaders to make the copy easy to skim.
  • Don’t focus too heavily on optimising for search engines (SEO). Instead, write for humans.
  • Focus on writing about benefits, not features.
  • Write about how your offer solves the pain points of your audience.

  You can test your copy in several areas once you’ve begun testing your headers – your subheaders, body copy, signup forms and product pages (if you’re e-commerce).

  3. Media : videos and audio

  Next, testing out different media types is crucial. This means incorporating videos and audio into your content.

  Don’t just take a random guess by throwing stuff against the wall, hoping it sticks. Instead, you should use data to develop impactful content.

  Look at your Media Analytics reports in your website analytics solution and see what media people spend the most time on. See what kind of video or audio content already impacts conversions.

  

  Humans are highly visual. You should craft your content so it’s easy to digest. Instead of covering your website in huge chunks of text, split up your copy with engaging content like videos.

  High-quality videos and audio recordings allow your readers to consume more of your content easily, and help persuade them to take action on your site.

  4. Calls to action (CTA)

  This brings us to our next point : your call to action (CTA).

  Are you trying to convert more prospects into leads ? Want to turn more leads into customers ? Trying to get more email subscribers ? Or do you want to generate more sales every month ?

  You could write the most compelling offer flooded with beautiful images, videos and CRO tactics. But your efforts will go to waste if you don’t include a compelling CTA.

  

  Here are a few tips to optimise your CTAs :

  • Keep them congruent on a single web page (e.g., don’t sell a hat and a sweater on the same page, as it can be confusing).
  • Place at least one CTA above the fold on your web pages.
  • Include benefits in your CTA. Rather than “Buy Now,” try “Buy Now to Get 30% Off.”
  • It’s better to be clear and concise than too fancy and unique.

  Optimising your call to action isn’t just about your copywriting. It’s also about design. Test different fonts, sizes, and visual elements like borders, icons and background colours.

  5. Web design

  Your site design will impact how well your visitors convert. You could have incredible copywriting, but if your site is laid out poorly, it will drive people away.

  You must ensure your copy and visual content fit your website design well.

  The first place you need to start with your site is your homepage design.

  Your site design consists of the theme or template, colour scheme and other visual elements that can be optimised to improve conversions.

  Here are a few tips to keep in mind when optimising your website design :

  • Use a colour scheme that’s pleasant rather than too distracting or extreme.
  • Ensure your design doesn’t remove the text’s clarity but makes it easier to read.
  • When in doubt, start with black text on a white background (the opposite rarely works).
  • Keep plenty of whitespace in between design elements.
  • When in doubt about font size, start by testing a larger size.
  • Design mobile-first rather than desktop-first.

  Finally, it’s critical to ensure your website is easy to navigate. Good design is all about the user experience. Is it easy to find what they’re looking for ? Simplify steps to reduce the need to click, and your conversions will increase.

  Start optimising your website for conversions

  If you’re looking to get the most out of the traffic on your site by converting more visitors into leads or customers, following this 5-step CRO checklist will help you take steps in the right direction.

  Just remember conversion rate optimisation is an ongoing process. It’s not a one-time deal. To succeed, you need to test quickly, analyse the impact and do more of what’s working and less of what’s not.

  To optimise your website for better conversion rates, you need the right tools that provide accurate data and insights to effectively increase conversions. With Matomo, you gain access to web analytics and CRO features like Form Analytics and Media Analytics, designed to enhance your conversion rate optimisation efforts. 

  Try Matomo free for 21 days and take your conversion rate to the next level. No credit card required.

  Try Matomo for Free

  21 day free trial. No credit card required.

  
  

  Your email address
  

  Your website address
  

  Your Analytics subdomain will be .matomo.cloud (change)

  Choose your analytics subdomain
  

  .matomo.cloud

  I accept the terms and conditions and data processing agreement (DPA)

  
  Your information will be used to create an account on our cloud service. For more information please consult our privacy policy.
  
  
  

  Start improving your websites now

  

• What is Behavioural Segmentation and Why is it Important ?

  28 septembre 2023, par Erin — Analytics Tips

  Amidst the dynamic landscape of web analytics, understanding customers has grown increasingly vital for businesses to thrive. While traditional demographic-focused strategies possess merit, they need to uncover the nuanced intricacies of individual online behaviours and preferences. As customer expectations evolve in the digital realm, enterprises must recalibrate their approaches to remain relevant and cultivate enduring digital relationships.

  In this context, the surge of technology and advanced data analysis ushers in a marketing revolution : behavioural segmentation. Businesses can unearth invaluable insights by meticulously scrutinising user actions, preferences and online interactions. These insights lay the foundation for precisely honed, high-performing, personalised campaigns. The era dominated by blanket, catch-all marketing strategies is yielding to an era of surgical precision and tailored engagement. 

  While the insights from user behaviours empower businesses to optimise customer experiences, it’s essential to strike a delicate balance between personalisation and respecting user privacy. Ethical use of behavioural data ensures that the power of segmentation is wielded responsibly and in compliance, safeguarding user trust while enabling businesses to thrive in the digital age.

  What is behavioural segmentation ?

  Behavioural segmentation is a crucial concept in web analytics and marketing. It involves categorising individuals or groups of users based on their online behaviour, actions and interactions with a website. This segmentation method focuses on understanding how users engage with a website, their preferences and their responses to various stimuli. Behavioural segmentation classifies users into distinct segments based on their online activities, such as the pages they visit, the products they view, the actions they take and the time they spend on a site.

  Behavioural segmentation plays a pivotal role in web analytics for several reasons :

  1. Enhanced personalisation :

  Understanding user behaviour enables businesses to personalise online experiences. This aids with delivering tailored content and recommendations to boost conversion, customer loyalty and customer satisfaction.

  2. Improved user experience :

  Behavioural segmentation optimises user interfaces (UI) and navigation by identifying user paths and pain points, enhancing the level of engagement and retention.

  3. Targeted marketing :

  Behavioural segmentation enhances marketing efficiency by tailoring campaigns to user behaviour. This increases the likelihood of interest in specific products or services.

  4. Conversion rate optimisation :

  Analysing behavioural data reveals factors influencing user decisions, enabling website optimisation for a streamlined purchasing process and higher conversion rates.

  5. Data-driven decision-making :

  Behavioural segmentation empowers data-driven decisions. It identifies trends, behavioural patterns and emerging opportunities, facilitating adaptation to changing user preferences and market dynamics.

  6. Ethical considerations :

  Behavioural segmentation provides valuable insights but raises ethical concerns. User data collection and use must prioritise transparency, privacy and responsible handling to protect individuals’ rights.

  The significance of ethical behavioural segmentation will be explored more deeply in a later section, where we will delve into the ethical considerations and best practices for collecting, storing and utilising behavioural data in web analytics. It’s essential to strike a balance between harnessing the power of behavioural segmentation for business benefits and safeguarding user privacy and data rights in the digital age.

  

  Different types of behavioural segments with examples

  1. Visit-based segments : These segments hinge on users’ visit patterns. Analyse visit patterns, compare first-time visitors to returning ones, or compare users landing on specific pages to those landing on others.
     • Example : The real estate website Zillow can analyse how first-time visitors and returning users behave differently. By understanding these patterns, Zillow can customise its website for each group. For example, they can highlight featured listings and provide navigation tips for first-time visitors while offering personalised recommendations and saved search options for returning users. This could enhance user satisfaction and boost the chances of conversion.
  2. Interaction-based segments : Segments can be created based on user interactions like special events or goals completed on the site.
     • Example : Airbnb might use this to understand if users who successfully book accommodations exhibit different behaviours than those who don’t. This insight could guide refinements in the booking process for improved conversion rates.
  3. Campaign-based segments : Beyond tracking visit numbers, delve into usage differences of visitors from specific sources or ad campaigns for deeper insights.
     • Example : Nike might analyse user purchase behaviour from various traffic sources (referral websites, organic, direct, social media and ads). This informs marketing segmentation adjustments, focusing on high-performance channels. It also customises the website experience for different traffic sources, optimising content, promotions and navigation. This data-driven approach could boost user experiences and maximise marketing impact for improved brand engagement and sales conversions.
  4. Ecommerce segments : Separate users based on purchases, even examining the frequency of visits linked to specific products. Segment heavy users versus light users. This helps uncover diverse customer types and browsing behaviours.
     • Example : Amazon could create segments to differentiate between visitors who made purchases and those who didn’t. This segmentation could reveal distinct usage patterns and preferences, aiding Amazon in tailoring its recommendations and product offerings.
  5. Demographic segments : Build segments based on browser language or geographic location, for instance, to comprehend how user attributes influence site interactions.
     • Example : Netflix can create user segments based on demographic factors like geographic location to gain insight into how a visitor’s location can influence content preferences and viewing behaviour. This approach could allow for a more personalised experience.
  6. Technographic segments : Segment users by devices or browsers, revealing variations in site experience and potential platform-specific issues or user attitudes.
     • Example : Google could create segments based on users’ devices (e.g., mobile, desktop) to identify potential issues in rendering its search results. This information could be used to guide Google in providing consistent experiences regardless of device.

  

  The importance of ethical behavioural segmentation

  Respecting user privacy and data protection is crucial. Matomo offers features that align with ethical segmentation practices. These include :

  • Anonymization : Matomo allows for data anonymization, safeguarding individual identities while providing valuable insights.
  • GDPR compliance : Matomo is GDPR compliant, ensuring that user data is handled following European data protection regulations.
  • Data retention and deletion : Matomo enables businesses to set data retention policies and delete user data when it’s no longer needed, reducing the risk of data misuse.
  • Secured data handling : Matomo employs robust security measures to protect user data, reducing the risk of data breaches.

  Real-world examples of ethical behavioural segmentation :

  1. Content publishing : A leading news website could utilise data anonymization tools to ethically monitor user engagement. This approach allows them to optimise content delivery based on reader preferences while ensuring the anonymity and privacy of their target audience.
  2. Non-profit organisations : A charity organisation could embrace granular user control features. This could be used to empower its donors to manage their data preferences, building trust and loyalty among supporters by giving them control over their personal information.

  

  Examples of effective behavioural segmentation

  Companies are constantly using behavioural insights to engage their audiences effectively. In this section, we’ll delve into real-world examples showcasing how top companies use behavioural segmentation to enhance their marketing efforts.

  

  1. Coca-Cola’s behavioural insights for marketing strategy : Coca-Cola employs behavioural segmentation to evaluate its advertising campaigns. Through analysing user engagement across TV commercials, social media promotions and influencer partnerships, Coca-Cola’s marketing team can discover that video ads shared by influencers generate the highest ROI and web traffic.

     This insight guides the reallocation of resources, leading to increased sales and a more effective advertising strategy.

  2. eBay’s custom conversion approach : eBay excels in conversion optimisation through behavioural segmentation. When users abandon carts, eBay’s dynamic system sends personalised email reminders featuring abandoned items and related recommendations tailored to user interests and past purchase decisions.

     This strategy revives sales, elevates conversion rates and sparks engagement. eBay’s adeptness in leveraging behavioural insights transforms user experience, steering a customer journey toward conversion.

  3. Sephora’s data-driven conversion enhancement : Data analysts can use Sephora’s behavioural segmentation strategy to fuel revenue growth through meticulous data analysis. By identifying a dedicated subset of loyal customers who exhibit a consistent preference for premium skincare products, data analysts enable Sephora to customise loyalty programs.

     These personalised rewards programs provide exclusive discounts and early access to luxury skincare releases, resulting in heightened customer engagement and loyalty. The data-driven precision of this approach directly contributes to amplified revenue from this specific customer segment.

  Examples of the do’s and don’ts of behavioural segmentation 

  

  Behavioural segmentation is a powerful marketing and data analysis tool, but its success hinges on ethical and responsible practices. In this section, we will explore real-world examples of the do’s and don’ts of behavioural segmentation, highlighting companies that have excelled in their approach and those that have faced challenges due to lapses in ethical considerations.

  Do’s of behavioural segmentation :

  • Personalised messaging :
    • Example : Spotify
      • Spotify’s success lies in its ability to use behavioural data to curate personalised playlists and user recommendations, enhancing its music streaming experience.
  • Transparency :
    • Example : Basecamp
      • Basecamp’s transparency in sharing how user data is used fosters trust. They openly communicate data practices, ensuring users are informed and comfortable.
  • Anonymization
    • Example : Matomo’s anonymization features
      • Matomo employs anonymization features to protect user identities while providing valuable insights, setting a standard for responsible data handling.
  • Purpose limitation :
    • Example : Proton Mail
      • Proton Mail strictly limits the use of user data to email-related purposes, showcasing the importance of purpose-driven data practices.
  • Dynamic content delivery : 
    • Example : LinkedIn
      • LinkedIn uses behavioural segmentation to dynamically deliver job recommendations, showcasing the potential for relevant content delivery.
  • Data security :
    • Example : Apple
      • Apple’s stringent data security measures protect user information, setting a high bar for safeguarding sensitive data.
  • Adherence to regulatory compliance : 
    • Example : Matomo’s regulatory compliance features
      • Matomo’s regulatory compliance features ensure that businesses using the platform adhere to data protection regulations, further promoting responsible data usage.

  Don’ts of behavioural segmentation :

  • Ignoring changing regulations
    • Example : Equifax
      • Equifax faced major repercussions for neglecting evolving regulations, resulting in a data breach that exposed the sensitive information of millions.
  • Sensitive attributes
    • Example : Twitter
      • Twitter faced criticism for allowing advertisers to target users based on sensitive attributes, sparking concerns about user privacy and data ethics.
  • Data sharing without consent
    • Example : Meta & Cambridge Analytica
      • The Cambridge Analytica scandal involving Meta (formerly Facebook) revealed the consequences of sharing user data without clear consent, leading to a breach of trust.
  • Lack of control
    • Example : Uber
      • Uber faced backlash for its poor data security practices and a lack of control over user data, resulting in a data breach and compromised user information.
  • Don’t be creepy with invasive personalisation
    • Example : Offer Moment
      • Offer Moment’s overly invasive personalisation tactics crossed ethical boundaries, unsettling users and eroding trust.

  These examples are valuable lessons, emphasising the importance of ethical and responsible behavioural segmentation practices to maintain user trust and regulatory compliance in an increasingly data-driven world.

  Continue the conversation

  Diving into customer behaviours, preferences and interactions empowers businesses to forge meaningful connections with their target audience through targeted marketing segmentation strategies. This approach drives growth and fosters exceptional customer experiences, as evident from the various common examples spanning diverse industries.

  In the realm of ethical behavioural segmentation and regulatory compliance, Matomo is a trusted partner. Committed to safeguarding user privacy and data integrity, our advanced web analytics solution empowers your business to harness the power of behavioral segmentation, all while upholding the highest standards of compliance with stringent privacy regulations.

  To gain deeper insight into your visitors and execute impactful marketing campaigns, explore how Matomo can elevate your efforts. Try Matomo free for 21-days, no credit card required. 

• GDPR Compliance and Personal Data : The Ultimate Guide

  22 septembre 2023, par Erin — GDPR

  According to the International Data Corporation (IDC), the world generated 109 zettabytes of data in 2022 alone, and that number is on track to nearly triple to 291 zettabytes in 2027. For scale, that’s one trillion gigs or one followed by 21 zeros in bytes.

  A major portion of that data is generated online, and the conditions for securing that digital data can have major real-world consequences. For example, online identifiers that fall into the wrong hands can be used nefariously for cybercrime, identity theft or unwanted targeting. Users also want control over how their actions are tracked online and transparency into how their information is used.

  Therefore, regional and international regulations are necessary to set the terms for respecting users’ privacy and control over personal information. Perhaps the most widely known of these laws is the European Union’s General Data Protection Regulation (GDPR).

  What is personal data under GDPR ?

  Under the General Data Protection Regulation (GDPR), “personal data” refers to information linked to an identifiable natural person. An “identifiable natural person” is someone directly or indirectly recognisable via individually specific descriptors such as physical, genetic, economic, cultural, employment and social details.

  It’s important to note that under GDPR, the definition of personal data is very broad, and it encompasses both information that is commonly considered personal (e.g., names and addresses) and more technical or specialised data (e.g., IP addresses or device IDs) that can be used to identify individuals indirectly.

  Organisations that handle personal data must adhere to strict rules and principles regarding the processing and protection of this data to ensure individuals’ privacy rights are respected and upheld.

  Personal data can include, but is not limited to, the following :

  1. Basic Identity Information : This includes a person’s name, government-issued ID number, social address, phone number, email address or other similar identifiers.
  2. Biographical Information : Details such as date of birth, place of birth, nationality and gender.
  3. Contact Information : Information that allows communication with the individual, such as phone numbers, email addresses or mailing addresses.
  4. Financial Information : Data related to a person’s finances, including credit card numbers, bank account numbers, income records or financial transactions.
  5. Health and Medical Information : Information about a person’s health, medical history or healthcare treatments.
  6. Location Data : Data that can pinpoint a person’s geographical location, such as GPS coordinates or information derived from mobile devices.
  7. Online Identifiers : Information like IP addresses, cookies or other online tracking mechanisms that can be used to identify or track individuals online.
  8. Biometric Data : Unique physical or behavioural characteristics used for identification, such as fingerprints, facial recognition data or voiceprints.

  Sensitive Data

  Sensitive data is a special category of personal data prohibited from processing unless specific conditions are met, including users giving explicit consent. The data must also be necessary to fulfil one or more of a limited set of allowed purposes, such as reasons related to employment, social protections or legal claims.

  Sensitive information includes details about a person’s racial or ethnic origin, sexual orientation, political opinions, religion, trade union membership, biometric data or genetic data.

  What are the 7 main principles of GDPR ?

  The 7 principles of GDPR guide companies in how to properly handle personal data gathered from their users.

  

  The seven principles of GDPR are :

  1. Lawfulness, fairness and transparency

  Lawfulness means having legal grounds for data processing, such as consent, legitimate interests, contract and legal obligation. If you can achieve your objective without processing personal data, the basis is no longer lawful.

  Fairness means you’re processing data reasonably and in line with users’ best interests, and they wouldn’t be shocked if they find out what you’re using it for.

  Transparency means being open regarding when you’re processing user data, what you’re using it for and who you’re collecting it from.

  To get started with this, use our guide on creating a GDPR-compliant privacy policy.

  2. Purpose limitation

  You should only process user data for the original purposes you communicated to users when requesting their explicit consent. If you aim to undertake a new purpose, it must be compatible with the original stated purpose. Otherwise, you’ll need to ask for consent again.

  3. Data minimisation

  You should only collect as much data as you need to accomplish compliant objectives and nothing more, especially not other personally identifiable information (PII).

  Matomo provides several features for extensive data minimisation, including the ability to anonymize IP addresses.

  Data minimisation is well-liked by users. Around 70% of people have taken active steps towards protecting their identity online, so they’ll likely appreciate any principles that help them in this effort.

  

  4. Accuracy

  The user data you process should be accurate and up-to-date where necessary. You should have reasonable systems to catch inaccurate data and correct or delete it. If there are mistakes that you need to store, then you need to label them clearly as mistakes to keep them from being processed as accurate.

  5. Storage limitation

  This principle requires you to eliminate data you’re no longer using for the original purposes. You must implement time limits, after which you’ll delete or anonymize any user data on record. Matomo allows you to configure your system such that logs are automatically deleted after some time.

  6. Integrity and confidentiality

  This requires that data processors have security measures in place to protect data from threats such as hackers, loss and damage. As an open-source web analytics solution, Matomo enables you to verify its security first-hand.

  7. Accountability

  Accountability means you’re responsible for what you do with the data you collect. It’s your duty to maintain compliance and document everything for audits. Matomo tracks a lot of the data you’d need for this, including activity, task and application logs.

  Who does GDPR apply to ?

  The GDPR applies to any company that processes the personal data of EU citizens and residents (regardless of the location of the company). 

  If this is the first time you’ve heard about this, don’t worry ! Matomo provides tools that allow you to determine exactly what kinds of data you’re collecting and how they must be handled for full compliance. 

  Best practices for processing personal data under GDPR

  Companies subject to the GDPR need to be aware of several key principles and best practices to ensure they process personal data in a lawful and responsible manner.

  Here are some essential practices to implement :

  1. Lawful basis for processing : Organisations must have a lawful basis for processing personal data. Common lawful bases include the necessity of processing for compliance with a legal obligation, the performance of a contract, the protection of vital interests and tasks carried out in the public interest. Your organisation’s legitimate interests for processing must not override the individual’s legal rights. 
  2. Data minimisation : Collect and process only the personal data that is necessary for the specific purpose for which it was collected. Matomo’s anonymisation capabilities help you avoid collecting excessive or irrelevant data.
  3. Transparency : Provide clear and concise information to individuals about how their data will be processed. Privacy statements should be clear and accessible to users to allow them to easily understand how their data is used.
  4. Consent : If you are relying on consent as a lawful basis, make sure you design your privacy statements and consent forms to be usable. This lets you ensure that consent is freely given, specific, informed and unambiguous. Also, individuals must be able to withdraw their consent at any time.
  5. Data subject rights : You must have mechanisms in place to uphold the data subject’s individual rights, such as the rights to access, erase, rectify errors and restrict processing. Establish internal processes for handling such requests.
  6. Data protection impact assessments (DPIAs) : Conduct DPIAs for high-risk processing activities, especially when introducing new technologies or processing sensitive data.
  7. Security measures : You must implement appropriate technical security measures to maintain the safety of personal data. This can include ‌security tools such as encryption, firewalls and limited access controls, as well as organisational practices like regular security assessments. 
  8. Data breach response : Develop and maintain a data breach response plan. Notify relevant authorities and affected individuals of data breaches within the required timeframe.
  9. International data transfers : If transferring personal data outside the EU, ensure that appropriate safeguards are in place and consider GDPR provisions. These provisions allow data transfers from the EU to non-EU countries in three main ways :
     1. When the destination country has been deemed by the European Commission to have adequate data protection, making it similar to transferring data within the EU.
     2. Through the use of safeguards like binding corporate rules, approved contractual clauses or adherence to codes of conduct.
     3. In specific situations when none of the above apply, such as when an individual explicitly consents to the transfer after being informed of the associated risks.
  10. Data protection officers (DPOs) : Appoint a data protection officer if required by GDPR. DPOs are responsible for overseeing data protection compliance within the organisation.
  11. Privacy by design and default : Integrate data protection into the design of systems and processes. Default settings should prioritise user privacy, as is the case with something like Matomo’s first-party cookies.
  12. Documentation : Maintain records of data processing activities, including data protection policies, procedures and agreements. Matomo logs and backs up web server access, activity and more, providing a solid audit trail.
  13. Employee training : Employees who handle personal data must be properly trained to uphold data protection principles and GDPR compliance best practices. 
  14. Third-party contracts : If sharing data with third parties, have data processing agreements in place that outline the responsibilities and obligations of each party regarding data protection.
  15. Regular audits and assessments : Conduct periodic audits and assessments of data processing activities to ensure ongoing compliance. As mentioned previously, Matomo tracks and saves several key statistics and metrics that you’d need for a successful audit.
  16. Accountability : Demonstrate accountability by documenting and regularly reviewing compliance efforts. Be prepared to provide evidence of compliance to data protection authorities.
  17. Data protection impact on data analytics and marketing : Understand how GDPR impacts data analytics and marketing activities, including obtaining valid consent for marketing communications.

  Organisations should be on the lookout for GDPR updates, as the regulations may evolve over time. When in doubt, consult legal and privacy professionals to ensure compliance, as non-compliance could potentially result in significant fines, damage to reputation and legal consequences.

  What constitutes a GDPR breach ?

  Security incidents that compromise the confidentiality, integrity and/or availability of personal data are considered a breach under GDPR. This means a breach is not limited to leaks ; if you accidentally lose or delete personal data, its availability is compromised, which is technically considered a breach.

  What are the penalty fines for GDPR non-compliance ?

  The penalty fines for GDPR non-compliance are up to €20 million or up to 4% of the company’s revenue from the previous fiscal year, whichever is higher. This makes it so that small companies can also get fined, no matter how low-profile the breach is.

  In 2022, for instance, a company found to have mishandled user data was fined €2,000, and the webmaster responsible was personally fined €150.

  Is Matomo GDPR compliant ?

  Matomo is fully GDPR compliant and can ensure you achieve compliance, too. Here’s how :

  • Data anonymization and IP anonymization
  • GDPR Manager that helps you identify gaps in your compliance and address them effectively
  • Users can opt-out of all tracking
  • First-party cookies by default
  • Users can view the data collected
  • Capabilities to delete visitor data when requested
  • You own your data and it is not used for any other purposes (like advertising)
  • Visitor logs and profiles can be disabled
  • Data is stored in the EU (Matomo Cloud) or in any country of your choice (Matomo On-Premise)

  Is there a GDPR in the US ?

  There is no GDPR-equivalent law that covers the US as a whole. That said, US-based companies processing data from persons in the EU still need to adhere to GDPR principles.

  While there isn’t a federal data protection law, several states have enacted their own. One notable example is the California Consumer Privacy Act (CCPA), which Matomo is fully compliant with.

  Ready for GDPR-compliant analytics ?

  The GDPR lays out a set of regulations and penalties that govern the collection and processing of personal data from EU citizens and residents. A breach under GDPR attracts a fine of either up to €20 million or 4% of the company’s revenue, and the penalty applies to companies of all sizes.

  Matomo is fully GDPR compliant and provides several features and advanced privacy settings to ensure you ‌are as well, without sacrificing the resources you need for effective analytics. If you’re ready to get started, sign up for a 21-day free trial of Matomo — no credit card required.

  Disclaimer
  We are not lawyers and don’t claim to be. The information provided here is to help give an introduction to GDPR. We encourage every business and website to take data privacy seriously and discuss these issues with your lawyer if you have any concerns.