Recherche avancée

Sur d’autres sites (7987)

• Marketing Touchpoints : Examples, KPIs, and Best Practices

  11 mars 2024, par Erin

  The customer journey is rarely straightforward. Rather, each stage comprises numerous points of contact with your brand, known as marketing touchpoints. And each touchpoint is equally important to the customer experience. 

  This article will explore marketing touchpoints in detail, including how to analyse them with attribution models and which KPIs to track. It will also share tips on incorporating these touchpoints into your marketing strategy. 

  What are marketing touchpoints ? 

  Marketing touchpoints are the interactions that take place between brands and customers throughout the latter’s journey, either online or in person. 

  

  By understanding how customers interact with your brand before, during and after a purchase, you can identify the channels that contribute to starting, driving and closing buyer journeys. Not only that, but you’ll also learn how to optimise the customer experience. This can also help you : 

  • Promote customer loyalty through increased customer satisfaction
  • Improve your brand reputation and foster a more positive perception of your brand, supported by social proof 
  • Build brand awareness among prospective customers 
  • Reconnect with current customers to drive repeat business

  According to a 2023 survey, social media and video-sharing platforms are the leading digital touchpoints among US consumers.

  

  With the customer journey divided into three stages — awareness, consideration, and decision — we can group these interactions into three touchpoint segments, depending on whether they occur before, during or after a purchase. 

  Touchpoints before a purchase

  Touchpoints before a purchase are those initial interactions between potential customers and brands that occur during the awareness stage — before they’ve made a purchase decision. 

  Here are some key touchpoints at the pre-purchase stage : 

  • Customer reviews, forums, and testimonials 
  • Social media posts
  • Online ads 
  • Company events and product demos
  • Other digital touchpoints, like video content, blog posts, or infographics
  • Peer referral 

  In PwC’s 2024 Global Consumer Insights Pulse Survey, 54% of consumers listed search engines as their primary source of pre-purchase information, followed by Amazon (35%) and retailer websites (33%). 

  Here are the survey’s findings in Western Europe, specifically : 

  

  Social channels are another major pre-purchase touchpoint ; 25% of social media users aged 18 to 44 have made a purchase through a social media app over the past three months. 

  Touchpoints during a purchase

  Touchpoints during a purchase occur when the prospective customer has made their purchase decision. It’s the beginning of a (hopefully) lasting relationship with them. 

  It’s important to involve both marketing and sales teams here — and to keep track of conversion metrics. 

  Here are the main touchpoints at this stage : 

  • Company website pages 
  • Product pages and catalogues 
  • Communication between customers and sales reps 
  • Product packaging and labelling 
  • Point-of-sale (POS) — the final touchpoint the prospective customer will reach before making the final purchasing decision 

  Touchpoints after a purchase

  You can use touchpoints after a purchase to maintain a positive relationship and keep current customers engaged. Examples of touchpoints that contribute to a good post-purchase experience for the customer include the following : 

  • Thank-you emails 
  • Email newsletters 
  • Customer satisfaction surveys 
  • Cross-selling emails 
  • Renewal options 
  • Customer loyalty programs

  Email marketing remains significant across all touchpoint segments, with 44% of CMOs agreeing that it’s essential to their marketing strategy — and it also plays a particularly important role in the post-purchase experience. For 61.1% of marketing teams, email open rates are higher than 20%.

  

  Sixty-nine percent of consumers say they’ve stopped doing business with a brand following a bad experience, so the importance of customer service touchpoints shouldn’t be overlooked. Live chat, chatbots, self-service resources, and customer service teams are integral to the post-purchase experience.

  Attribution models : Assigning value to marketing touchpoints 

  Determining the most effective touchpoints — those that directly contribute to conversions — is a process known as marketing attribution. The goal here is to identify the specific channels and points of contact with prospective customers that result in revenue for the company.

  

  You can use these insights to understand — and maximise — marketing return on investment (ROI). Otherwise, you risk allocating your budget to the wrong channels. 

  It’s possible to group attribution models into two categories — single-touch and multi-touch — depending on whether you assign value to one or more contributing touchpoints.

  Single-touch attribution models, where you’re giving credit for the conversion to a single touchpoint, include the following :

  • First-touch attribution : This assigns credit for the conversion to the first interaction a customer had with a brand ; however, it fails to consider lower-funnel touchpoints.
  • Last-click attribution : This focuses only on bottom-of-funnel marketing and credits the last interaction the customer had with a brand before completing a purchase.
  • Last non-direct : Credits the touchpoint immediately preceding a direct touchpoint with all the credit.

  Multi-touch attribution models are more complex and distribute the credit for conversion across multiple relevant touchpoints throughout the customer journey :

  • Linear attribution : The simplest multi-touch attribution model assigns equal values to all contributing touchpoints.
  • Position-based or U-shaped attribution : This assigns the greatest value to the first and last touchpoint — with 40% of the conversion credit each — and then divides the remaining 20% across all the other touchpoints.
  • Time-decay attribution : This model assigns the most credit to the customer’s most recent interactions with a brand, assuming that the touchpoints that occur later in the journey have a bigger impact on the conversion.

  Consider the following when choosing the most appropriate attribution model for your business :

  • The length of your typical sales cycle
  • Your marketing goals : increasing awareness, lead generation, driving revenue, etc.
  • How many stages and touchpoints make up your sales funnel

  Sometimes, it even makes sense to measure marketing performance using more than one attribution model.

  With the sheer volume of data that’s constantly generated across numerous online touchpoints, from your website to social media channels, it’s practically impossible to collect and analyse it manually.

  You’ll need an advanced web analytics platform to identify key touchpoints and assign value to them.

  Matomo’s Marketing Attribution feature can accurately measure the performance of different touchpoints to ensure that you’re allocating resources to the right channels. This is done in a compliant manner, without the need of data sampling or requiring cookie consent screens (excluding in Germany and the UK), ensuring both accuracy and privacy compliance.

  Try Matomo for Free

  Get the web insights you need, without compromising data accuracy.

  Start for free

  No credit card required

  Customer journey KPIs for measuring marketing campaign performance 

  Measuring the impact of different touchpoints on marketing campaign performance can help you understand how customer interactions drive conversions — and how to optimise your future efforts. 

  

  Clearly, this is not a one-time effort. You should continuously reevaluate the crucial touchpoints that drive the most engagement at different stages of the customer journey. 

  Web analytics platforms can provide valuable insights into ever-changing consumer behaviours and trends and help you make informed decisions. 

  At the moment, Google is the most popular solution in the web analytics industry, with a combined market share of more than 70%. 

  However, if privacy, data accuracy, and GDPR compliance are a priority for you, Matomo is an alternative worth considering. 

  Try Matomo for Free

  Get the web insights you need, without compromising data accuracy.

  Start for free

  No credit card required

  KPIs to track before a purchase 

  During the pre-purchase stage, focus on the KPIs that measure the effectiveness of marketing activities across various online touchpoints — landing pages, email campaigns, social channels and ad placement on SERPs, for instance. 

  KPIs to track during the consideration stage include the following : 

  • Cost-per-click (CPC) : The CPC, the total cost of paid online advertising divided by the number of clicks those ads get, indicates whether you’re getting a good ROI. In the UK, the average CPC for search advertising is $1.22. Globally, it averages $0.62.
  • Engagement rate : The engagement rate, which is the total number of interactions divided by the number of followers, is useful for measuring the performance of social media touchpoints. Customer engagement also applies to other channels, like tracking average time on-page, form conversions, bounce rates, and other website interactions. 
  • Click-through rate (CTR) : The CTR — or the number of clicks your ads receive compared to the number of times they’re shown — helps you measure the performance of CTAs, email newsletters and pay-per-click (PPC) advertising.

  KPIs to track during a purchase 

  As a potential customer moves further down the sales funnel and reaches the decision stage, where they’re ready to make the choice to purchase, you should be tracking the following : 

  • Conversion rate : This is the percentage of leads that convert into customers by completing the desired action relative to the total number of website visitors. It shows you whether you’re targeting the right people and providing a frictionless checkout experience.
  • Sales revenue : This refers to the quantity of products sold multiplied by the product’s price. It helps you track the company’s ability to generate profit. 
  • Cost per conversion : This KPI is the total cost of online advertising in relation to the number of conversions. It measures the effectiveness of different marketing channels and the costs of converting prospective customers into buyers. It also forecasts future ad spend.

  KPIs to track after purchase 

  At the post-purchase stage, your priority should be gathering feedback : 

  Customer feedback surveys are great for collecting insights into customers’ post-purchase experience, opinions about your brand, products and services, and needs and expectations. 

  In addition to measuring customer satisfaction, these insights can help you identify points of friction, forecast future growth and revenue and spot customers at risk of churning. 

  Focus on the following customer satisfaction and retention metrics : 

  • Customer Satisfaction Score (CSAT) : This metric, which is gathered through customer satisfaction surveys, helps you gauge satisfaction levels. After all, 77% of consumers consider great customer service an important driver of brand loyalty.
  • Net Promoter Score (NPS) : Based on single-question customer surveys, NPS indicates how likely a customer is to recommend your business.
  • Customer Lifetime Value (CLV) : The CLV is the profit you can expect to generate from one customer throughout their relationship with your company. 
  • Customer Health Score (CHS) : This score can assess how “healthy” the customer’s relationship with your brand is and identify at-risk customers.

  Marketing touchpoints : Tips and best practices 

  Customer experience is more important today than ever. 

  

  Salesforce’s 2022 State of the Connected Consumer report indicated that, for 88% of customers, the experience the brand provides is just as important as the product itself. 

  Here’s how you can build your customer touchpoint strategy and use effective touchpoints to improve customer satisfaction, build a loyal customer base, deliver better digital experiences and drive growth : 

  Understand the customer’s end-to-end experience 

  The typical customer’s journey follows a non-linear path of individual experiences that shape their awareness and brand preference. 

  Seventy-three percent of customers expect brands to understand their needs. So, personalising each interaction and delivering targeted content at different touchpoint segments — supported by customer segmentation and tools like Matomo — should be a priority. 

  Try to put yourself in the prospective customer’s shoes and understand their motivation and needs, focusing on their end-to-end experience rather than individual interactions. 

  Create a customer journey map 

  Once you understand how prospective customers interact with your brand, it becomes easier to map their journey from the pre-purchase stage to the actual purchase and beyond. 

  By creating these visual “roadmaps,” you make sure that you’re delivering the right content on the right channels at the right times and to the right audience — the key to successful marketing.

  Identify best-performing digital touchpoints 

  You can use insights from marketing attribution to pinpoint areas that are performing well. 

  By analysing the data provided by Matomo’s Marketing Attribution feature, you can determine which digital touchpoints are driving the most conversions or engagement, allowing you to focus your resources on optimising these channels for even greater success. 

  This targeted approach helps maximise the effectiveness of your marketing efforts and ensures a higher return on investment.

  Try Matomo for Free

  Get the web insights you need, without compromising data accuracy.

  Start for free

  No credit card required

  Discover key marketing touchpoints with Matomo 

  The customer’s journey rarely follows a direct route. If you hope to reach more customers and improve their experience, you’ll need to identify and manage individual marketing touchpoints every step of the way.

  While this process looks different for every business, it’s important to remember that your customers’ experience begins long before they interact with your brand for the first time — and carries on long after they complete the purchase. 

  In order to find these touchpoints and measure their effectiveness across multiple marketing channels, you’ll have to rely on accurate data — and a powerful web analytics tool like Matomo can provide those valuable marketing insights. 

  Try Matomo free for 21-days. No credit card required.

  Try Matomo for Free

  21 day free trial. No credit card required.

  
  

  Your email address
  

  Your website address
  

  Your Analytics subdomain will be .matomo.cloud (change)

  Choose your analytics subdomain
  

  .matomo.cloud

  I accept the terms and conditions and data processing agreement (DPA)

  
  Your information will be used to create an account on our cloud service. For more information please consult our privacy policy.
  
  
  

  Start improving your websites now

  

• Understanding GDPR compliance : Key principles and requirements

  28 août, par Joe

  Any company with an online presence will likely collect customers’ personal data in the normal course of business. But those with customers residing in the European Economic Area (EEA) — basically, the European Union (EU) plus Iceland, Liechtenstein and Norway — must comply with the General Data Protection Regulation (GDPR). Companies serving UK data subjects post-Brexit must also abide by the UK GDPR, which includes certain regional variations.

  GDPR authorities are only concerned with personal data (not with non-personal or anonymous data), ensuring that it’s collected, used, and stored in a way that respects users’ rights and privacy.

  Failure to comply can present serious business risks, including :

  • Financial penalties (more about that shortly)
  • Compensation claims from data subjects for mishandling their information
  • Reputational damage (if/when a data breach does occur)
  • Disruption to operations
  • Personal accountability of executives (including potential sanctions)

  This article explores the GDPR and personal data protection, the rights it confers on European data subjects, and how those rights are enforced. We’ll wrap up with an 11-step plan for GDPR compliance. 

  Let’s begin.

  The price of non-compliance

  The largest fine so far levied for GDPR non-compliance is €1.2 billion in May 2023. It was imposed by the Irish Data Protection Commission (DPC) on Meta (previously Facebook). And it was because of Meta’s transfers of EU/EEA data subjects’ personal data to the US from 16 July 2020 in breach of GDPR international data transfer rules.

  Many other fines have been levied for GDPR non-compliance, and there’ll probably be a lot more in the future :

  Penalty	Company	Supervisory Authority	Date
  €746 million	Amazon	Luxembourg National Commission for Data Protection (CNDP)	16 July 2021
  €405 million	Meta	Ireland’s Data Protection Commission (DPC)	5 September 2022
  €390 million	Meta	Ireland’s Data Protection Commission (DPC)	6 January 2023
  €345 million	TikTok	Ireland’s Data Protection Commission (DPC)	1 September 2023
  €310 million	LinkedIn	Ireland’s Data Protection Commission (DPC)	30 October 2024
  €290 million	Uber	Dutch Data Protection Authority (DPA)	26 August 2024

  Those are big numbers. European supervisory authorities take enforcement seriously

  So, what is personal data anyway ?

  GDPR defines personal data as any information about a data subject (an identified or identifiable individual). This covers both direct (name, address, ID numbers, etc.) and indirect identifiers (IP addresses, location data, etc.). It categorises personal data into two types : general and special category.

  General data includes identifiers like names, contact details, and financial information. 

  Special category data, such as racial or ethnic origin, health data, biometric information, and sexual orientation, needs more protection. 

  The processing of special category data is only allowed under certain conditions, for example, if consent was given explicitly or if vital interests (e.g., a threat to life), legal obligations, or public interest are involved. GDPR emphasises safeguarding sensitive data due to its potential impact on individuals’ privacy and rights.

  Important GDPR terminology

  Apart from the data subject, personal data, and special category data mentioned above, GDPR introduces other legal terms and concepts organisations must understand. A data controller decides what personal data to collect and how to use it. A data processor processes the data on behalf of the data controller.

  A Data Protection Officer (DPO) oversees GDPR compliance. Processing is any operation performed on data, such as collecting, analysing or storing it. That processing must also have a lawful basis, such as consent, contract, or legitimate interests. And consent must be freely given, specific, and easily withdrawable. 

  A data breach involves unauthorised access to or loss of personal data. A Data Protection Impact Assessment (DPIA) identifies risks to individuals’ rights. Data minimisation requires organisations to minimise what data they collect. Countries in the EU/EEA have appointed a supervisory authority to enforce GDPR in their territory.

  Rights of EU/EEA data subjects under GDPR 

  GDPR grants specific rights to individuals (data subjects) who are physically present in the EU/EEA when their personal data is processed, regardless of nationality or residence status. The business’s physical or legal presence is irrelevant, as the determining factor is the data subject’s location at the time of processing.

  Non-compliance can lead to significant penalties and even criminal charges in jurisdictions where such penalties are enforced under national law. 

  To support responsible data practices, the GDPR defines key foundational rights.

  Transparency

  Two rights granted to data subjects in the EU/EEA under GDPR relate to transparency :

  1. The right to be informed (proactive, applies at data collection)
  2. The right of access (reactive, applies when the data subject makes a request)

  They provide transparency by mandating that data subjects be provided specific details about that process, including :

  • Company or organisation processing the data (with contact details)
  • Reasons for using the data
  • Categories of personal data involved
  • Legal basis for processing the data
  • How long data will be stored
  • Other companies, organisations, or third parties with access to the data
  • Whether data will be transferred outside the EU/EEA

  Privacy notices should meet the standards in GDPR Articles 12–14, covering what data is collected, for what purpose, and how users can exercise their rights. 

  For a deeper dive, check out : How to write a GDPR-compliant privacy notice.

  Objections and restricted processing

  Under GDPR, individuals in the EU/EEA have the right to object to the processing of personal data in two key respects :

  1. They can object to direct marketing, after which organisations must stop processing their data immediately, with no justification required.
  2. If data is being processed on the basis of the organisation’s legitimate interests or for tasks carried out in the public interest, data subjects can object if they believe their own rights and freedoms outweigh those interests. Again, processing must stop unless the organisation proves compelling legitimate grounds outweighing the individual’s rights.

  Individuals can also request temporary restrictions on data processing when : 

  • Their data isn’t accurate (until verified).
  • Processing is unlawful, but they prefer restriction over deletion.
  • Their data is no longer being used, but must be retained for legal purposes.
  • After they object to processing while verification of legitimate grounds is pending.

  During restriction, the organisation can continue storing the data, but may not process it without explicit consent or when certain exceptions apply.

  Rectification and erasure

  Individuals have the right to rectify errors in their data and to erasure (deleting data). First, they can request corrections to inaccurate or incomplete personal data. GDPR requires organisations to act without undue delay to ensure that stored data remains accurate and up to date.

  The right to erasure (aka the right to be forgotten) enables individuals to request deletion of their personal data when :

  • It’s no longer needed for its original purpose
  • They withdraw consent, and no other legal basis exists
  • Processing is unlawful
  • They object to processing, and no overriding legitimate grounds exist
  • The data must be deleted to comply with a legal obligation

  Organisations must delete data unless exemptions (e.g., legal compliance, public interest, or legal claims) apply.

  Data portability

  GDPR provides the right to data portability. People can request their personal data in a structured, common, and machine-readable format so it’s easier to review or transfer to another service provider. This applies when data is :

  • Provided by the individual, either directly (e.g., name, email) or indirectly through use of a service (e.g., purchase history)
  • Processed based on consent or a contract
  • Handled using automated means

  Portability does not apply to personal data processed on the basis of legal obligations or legitimate interests. ItT only applies when processing is based on consent or a contract, and carried out by automated means.

  Where technically feasible, GDPR also requires organisations to facilitate direct transfers of personal data to another controller at the subject’s request.

  

  Automated decision-making and profiling

  GDPR grants EU/EEA data subjects the right not to be subject exclusively to automated decision-making, with legal or similarly significant effects, without human involvement. This applies to issues affecting them, such as job screening, loan approvals, or insurance pricing. They can :

  • Request human intervention : A real person must review the decision.
  • Express their viewpoint : Provide additional information or dispute the outcome.
  • Challenge the decision : Demand justification and correction if unfair.

  For example, imagine someone applying for a loan online, and the algorithm rejects the application based on credit history. They can request a human review to ensure fairness and consider special circumstances, such as recent debt clearance.

  However, GDPR also provides for some exceptions. Automated decisions are allowed if one of the following statements is true :

  • It’s obtained with explicit consent.
  • It’s necessary for a contract.
  • It’s permitted by law, with safeguards.

  How is GDPR enforced ?

  GDPR enforcement is carried out primarily by national supervisory authorities in each EU/EEA country. These authorities investigate complaints, conduct audits, and impose penalties for non-compliance within their jurisdictions. In cross-border cases, they collaborate through the one-stop-shop mechanism, which designates a lead authority to coordinate enforcement.

  The European Data Protection Supervisor (EDPS) is the independent data protection authority for EU institutions and agencies. It does not supervise private-sector or national public-sector organisations and is not a general enforcer of the GDPR.

  The European Data Protection Board (EDPB) is the body responsible for ensuring consistent application of the GDPR across the EU/EEA. Made up of representatives from national supervisory authorities and the EDPS, the EDPB issues guidelines, resolves disputes between authorities, and adopts binding decisions in cross-border matters.

  The origins of GDPR

  The EU’s regulation was adopted in 2016 to replace the 1995 Data Protection Directive (DPD), which predated the digital age. As technology use increased, vast amounts of personal data were collected, analysed, and stored, often without people’s knowledge, threatening their privacy and security.

  The main motivation behind GDPR was to unify the application of data protection rules across the EU/EEA through a directly applicable regulation, rather than a directive that required separate implementation by each member state. The aim was to eliminate fragmentation, ensure consistent enforcement, and strengthen individuals’ rights.

  Enter GDPR. It was agreed upon after years of negotiations between the 27 EU member states, the European Parliament, and the European Commission. It was formally adopted in 2016 and became fully enforceable on May 25, 2018. But there’s a difference. DPD was a directive that had to be implemented separately by member states. From that date, GDPR has been applied uniformly across the EU/EEA.

  The EEA adopted the GDPR on 6 July 2018 and went into force on 20 July 2018. It’s since become a global template, influencing data protection and privacy laws in countries like Brazil (LGPD), India, and Japan. The UK retained GDPR after Brexit, adapting it into the UK GDPR, which closely mirrors the EU version but allows for future divergence.

  Who does it apply to ?

  GDPR protects the personal data of individuals who reside in the EU/EEA. It applies to any organisation processing that data, no matter where it’s located in the world. This remains true even if the data is transferred outside the EU/EEA for storage and/or processing.

  Organisations are having difficulty with this regulation, as evidenced by the fines that have been meted out. Whether the penalties are paid, reduced through negotiation or still owed, their existence is a lingering uncertainty for the companies involved.

  Who must comply

  GDPR applies if you :

  • Have an office or another form of establishment in the EU/EEA, or
    
  • Offer goods/services to data subjects located in the EU/EEA (even if free) or
    
  • Monitor EU/EEA data subjects’’ behaviour (e.g., via cookies or analytics)
    

  What does GDPR require ?

  GDPR requires organisations to respect a clear set of data protection principles : lawfulness, fairness and transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality, and accountability. It also obliges them to ensure that they always have a valid legal basis (consent, contract, legal obligation, legitimate interests, etc.) to process the personal data.

  Data should also not be stored longer than necessary to fulfil the specific purpose for which it was collected. Appropriate organisational measures must be taken to ensure the security and integrity of the personal data and protect it from breaches, loss, or unauthorised access. Should a reportable data breach occur, it must be reported to the relevant supervisory authority within 72 hours. Affected individuals must be informed if the breach is likely to result in a high risk to their rights.

  Organisations must also demonstrate accountability by keeping detailed records of processing activities and conducting DPIAs for high-risk processing. If their core activities involve large-scale processing of special categories of data or regular and systematic monitoring of individuals, they must appoint a DPO. 

  Finally, organisations must implement adequate safeguards when transferring data outside the EU/EEA through the GDPR Chapter V mechanism, such as adequacy decisions, Standard Contractual Clauses, Binding Corporate Rules, etc.

  By adhering to these requirements, organisations ensure compliance with GDPR and protect the data privacy and rights of EU/EEA data subjects.

  11 steps to compliance

  Once you’ve confirmed that the GDPR applies to your organisation’s processing of personal data, you can begin working toward compliance.

  Below, we’ve broken the process into eleven clear steps to help guide you.

  Step 1 : Map your data : Purpose, use and legal basis

  Any organisation operating in the EU, EEA or UK and handling personal data of data subjects in those regions must audit all the personal data it currently holds. 

  Your organisation must identify the legal basis for processing all data subject to the GDPR. If no legal basis can be found or justified, the processing will not be permitted under the GDPR.

  Step 2 : Consider appointing a DPO

  According to the GDPR text, a DPO is mandatory only under certain conditions, mainly due to processing volume and the type of organisation. But there are certain scenarios where it’s required.

  • Public authorities that process personal data as a matter of course, except for courts in their judicial capacity.
  • Organisations whose core activities involve regular and systematic monitoring of data subjects on a large scale.
  • Organisations that process specific “special” data categories (as defined by the GDPR) or data relating to criminal offences as a core activity on a large scale.

  It’s vague, and GDPR doesn’t clearly define “core activity” or “large scale”. If you are unsure whether your organisation falls into these categories, seek legal advice and err on the side of caution. Regardless, even if you are not required to appoint a DPO, it’s a good idea to appoint someone to monitor and oversee GDPR compliance efforts internally.

  Step 3 : Identify supervisory authorities

  This is generally governed by the territories in which an organisation operates. However, GDPR does make provisions for operations that cover multiple countries. In those cases, the GDPR provides a one-stop-shop mechanism to streamline oversight.

  In such cases, a lead supervisory authority (LSA) is designated. Organisations cannot freely choose their lead supervisory authority ; it depends on the location of the main establishment (Art. 56 GDPR).

  Most EEA countries have only one supervisory authority. Germany is the exception. Federal states each have their own DPA, and the Bundesbeauftragte für den Datenschutz und die Informationsfreiheit oversees federal matters. 

  Step 4 : Consider a Data Protection Impact Assessment

  GDPR requires a DPIA when processing is likely to result in a high risk to individuals’ rights and freedoms. Examples include large-scale processing of sensitive data, systematic profiling, public monitoring, or innovative technology use. A DPIA involves describing the processing, assessing necessity, identifying risks, and implementing mitigation measures.

  If the process reveals residual, unmitigated high risks, the DPIA report must be submitted to the nominated supervisory authority for consultation before the processing can proceed. Feedback can be expected within 8 weeks (extendable to 14 weeks), and the recommendations must be implemented. Conducting a DPIA is one way to ensure compliance. It also protects individuals’ rights and avoids fines for non-compliance.

  Step 5 : Establish a data breach process

  Organisations must quickly implement systems to identify and assess breaches for scope and impact. They must act immediately to contain the breach and record all the details and the actions taken.

  

  Data breaches likely to result in a risk to individuals’ rights and freedoms must be reported to the supervisory authority within 72 hours of the organisation becoming aware of the breach. If the breach is likely to result in a high risk to the individuals’ rights and freedoms, the controller has an obligation to inform the affected individuals as well. Data breach processes should also be reviewed regularly and included in staff training. 

  Here’s a simplified version :

  Simplified data breach response checklist
  𝥁	Detect and confirm the breach
  🮱	Contain and mitigate the impact
  🮱	Assess the severity and potential harm
  🮱	Document the breach
  🮱	Report the breach
  🮱	Inform affected individuals
  🮱	Review and improve
  🮱	Train staff in breach response protocols

  Step 6 : Review websites and website form security

  Websites and the forms on them are common gateways for personal data, making them a high-value target for bad actors. Ensuring these entry points are secure is essential to protecting user data and supporting GDPR’s requirements for confidentiality, integrity, and resilience (Article 32).

  Here are some key actions to take : 

  Website and form security best practices
  Use HTTPS with a valid SSL/TLS certificate	Ensure pages that collect/display personal data are served over HTTPS to encrypt data in transit and prevent interception.
  Secure all data collection forms	Validate and sanitize user input to protect against common threats, such as cross-site scripting (XSS), injection attacks, and form spam. Use security headers such as Content Security Policy (CSP) to prevent malicious script execution. Implement CAPTCHAs or other bot detection.
  Restrict access to form submissions	Store submitted data securely and restrict access to authorized personnel. Use strong passwords, enable multi-factor authentication (MFA), and apply role-based access controls (RBAC) where possible.
  Keep your website software up to date	Apply regular security patches to your CMS, plugins, and third-party libraries. Remove unused components and services that may introduce vulnerabilities.
  Monitor and test for vulnerabilities	Perform regular security scans andpenetration tests to identify risks. Monitor error logs and unusual activity, especially around form endpoints.

  Taking these proactive steps to strengthen form security and reduce breach risk will support your organization’s GDPR compliance posture..

  Step 7 : Consider age when required

  Under Article 8 of the GDPR, age verification is only required when :

  • Personal data is being processed on the basis of consent, and
  • The service is offered directly to children (i.e., an information society service provided online)
    

  In these cases, organisations must ensure the child is at least 16 years old, unless a lower age threshold has been set by national law (e.g., 13 in the UK).

  Age verification methods must be proportionate to the level of risk, aligned with the principle of data minimisation, and appropriate for the audience. Common approaches include : 

  • Self-declaration with confirmation prompts
  • Email-based parental consent mechanisms
  • Content gating or notices for services not intended for children

  More intrusive methods, such as biometric estimation, government ID upload, or video verification, should be avoided unless absolutely necessary. When justified, such methods must undergo a Data Protection Impact Assessment (DPIA) and meet the requisite necessity and proportionality standards.

  Step 8 : Implement double-opt-in for all email lists and services

  At present, Germany is the only EU country with a clear legal mandate for double opt-in under its national GDPR implementation and ePrivacy laws. While not explicitly required elsewhere in the EU and EEA, double opt-in is widely recommended as a best practice to ensure explicit consent.

  This process confirms that the user explicitly agrees while reducing opportunities for fraud and improving compliance. It also builds trust, as customers know how you’re handling their data. A clear, up-to-date privacy policy is essential to the process. It must outline how data is used and stored and how an individual’s rights can be exercised.

  For example, obtaining consent in an email marketing campaign may involve the following steps :

  1. The user signs up for a newsletter or service.
  2. They receive a confirmation email/text message with a verification link.
  3. The user clicks the link to confirm consent.

  Step 9 : Restrict international data transfers

  GDPR limits data subjects’ personal data transfer outside the European Economic Area (EEA) unless certain conditions are met.

  Such transfers are not permitted unless one of the following conditions is met :

  1. Appropriate safeguards are in place, such as :
     • Standard contractual clauses (SCCs) approved by the Commission
     • Binding corporate rules (BCRs) for multinational groups
  2. The destination country is one of the following countries that has received an adequacy decision from the European Commission.

  Countries with GDPR adequacy decisions (as of July 2025)
  Andorra	Full adequacy decision
  Argentina	Full adequacy decision
  Canada	Applies only to commercial organisations under PIPEDA
  Faroe Islands	Full adequacy decision
  Guernsey	Full adequacy decision
  Isle of Man	Full adequacy decision
  Israel	Full adequacy decision
  Japan	Adequacy with additional safeguards aligned to EU standards
  Jersey	Full adequacy decision
  New Zealand	Full adequacy decision
  Republic of Korea	Adequacy decision adopted in 2021
  Switzerland	Longstanding adequacy decision (dating back to the 2000s)
  United Kingdom	Adequacy under both GDPR and the Law Enforcement Directive (LED)
  United States	Applies only to commercial organisations certified under the EU-US Data Privacy Framework

  Major fines (like Meta’s €1.2 billion) have already been levied for unlawful data transfers. In addition, third-party service providers and data processors charged with handling EU data must also be GDPR-compliant. 

  If personal data is processed by a third party outside the EEA, organisations must verify that contractual safeguards comply with GDPR Article 28. These processor management safeguards cover :
  

  • Contractual – Defines what the processor is permitted to do with personal data
  • Security – Specifies technical and organisational safeguards to protect data
  • Breach notifications – Requires processors to report breaches in a timely manner
  • Sub-processor oversight – Grants approval rights over any sub-processors
  • End-of-service handling – Ensures return or proper disposal of personal data at contract end
  • Audit rights – Allows controllers to audit processor compliance if needed

  Step 10 : Record of Processing Activities (ROPA)

  GDPR obliges both data controllers and data processors to maintain a Record of Processing Activities (ROPA). This processing register details how and why personal data is processed, and it must include the following : 

  • Name and contact details (and DPO, if applicable)
  • Processing purposes (marketing, HR, customer service, etc.)
  • Data categories (names, emails, financial data, etc.)
  • Data subject categories (customers, employees)
  • Transfers outside the EEA (legal basis, safeguards like SCCs, etc.)
  • Retention periods for each data category
  • Security measures (encryption, access controls, etc.).

  For data controllers, the ROPA must also include the names and details of any people who receive personal data, such as services or processors. The register should also map the flow of data through the organisation (and any third parties), which is needed for audits or analysing a data breach.

  An effective ROPA depends on strong data governance. Clearly-defined processes, ongoing training, and regular reviews are necessary to keep internal policies aligned with how personal data is actually handled in practice.

  Maintaining a ROPA also supports GDPR’s accountability principle : organisations must be able to show compliance, not just claim it. Documented policies, audits, and training records provide the evidence needed to demonstrate this.

  Step 11 : Data subject rights management

  Organisations that collect, store, analyse, or process the personal data of EEA data subjects must regularly advise customers of their rights under GDPR. In particular, they must remind data subjects of their right to submit a Data Subject Access Request (DSAR) and respond promptly to DSARs from individuals requesting access to their personal data.

  Among other things, EEA data subjects may request :

  • Confirmation that their data is being processed
  • A copy of their data
  • Information about how and why their data is being processed
  • The purposes of processing
  • Categories of personal data involved
  • Recipients or categories of recipients who receive the data
  • Data retention periods or criteria used to determine them
  • The data source (if not collected directly from the individual)

  DSARs can be refused if they’re manifestly unfounded or excessive or if providing the data would adversely affect the rights of others. But it’s advisable to use that as a last resort.

  GDPR compliance in practice

  GDPR compliance isn’t automatic — not even with privacy-focused tools like Matomo or reconfigured platforms like Google Analytics 4. 

  Regardless of which analytics solution you use, data protection laws like GDPR and the ePrivacy Directive require organisations to : 

  • Track only occurs when lawful, and with valid user consent when required.
  • Configure privacy settings to comply with the GDPR.
  • Only collect data that is proportionate, transparent, and serves a legitimate, disclosed purpose.

  Even the best tools can fail if they aren’t used properly. That’s why governance, intentional setup, and consistent consent management are necessary parts of compliance.

  Matomo offers secure, privacy-focused GDPR analytics. It includes a built-in GDPR Manager and privacy centre to fine-tune your privacy settings.

  To get started with Matomo, you can sign up for a 21-day free trial — no credit card required. 

• Homepage Design : Best Practices & Examples

  5 octobre 2022, par Erin

  Did you know users spend about 50 milliseconds deciding if they like your website’s homepage design or not ?

  With billions of websites and scrolling often done on the go, you have to make a strong first impression because the chances for a once-over are slim. 

  Learn how to design magnetically-appealing website homepages from this guide. 

  What is a homepage in web design ?

  Homepage is the front page of your website — a destination where users land when typing your website URL address. It’s located at the root of the website’s domain (e.g., matomo.org) or a subdomain (e.g., university.webflow.com).

  Design-wise a homepage has two goals :

  • Explain the purpose of the website and present overview information 
  • Provide top-level navigation to lower-level web pages (e.g., blog, sales pages, etc.) 

  Separately, a homepage is also the place where users will return each time they’ll feel stuck and want to start anew. Thus, your homepage website design should provide obvious navigation paths to other website areas.

  6 Must-Know Website Homepage Design Best Practices

  Behind every winning homepage design stands a detailed customer journey map. 

  A customer journey is a schematic representation of how site visitors will move around your website to accomplish various goals. 

  A good customer journey map lists different actions a user will take after landing on your website (e.g., browse product pages, save items to a wishlist, register an account, etc.) — and it does so for different audience segments. 

  

  Your homepage design should help users move from the first step on their journey (e.g., learning about your website) to the final one (e.g., converting to a paid customer). At the same time, your homepage should serve the needs of both new and returning visitors — prospects who may be at a different stage of their journey (e.g., consideration). 

  With the above in mind, let’s take a look at several website homepage design ideas and the reasons why they work. 

  1. Use Familiar Design Elements

  Whether you’re designing a new website or refreshing an old one, it’s always tempting to go “out of the box” — use horizontal scrolling, skip header navigation or include arty animations. 

  Bold design choices work for some brands, mainly those who aren’t using their website as a primary sales channel (e.g., luxury brands). 

  But unfamiliar design patterns can also intimidate a lot of shoppers. In one observational study, people were asked to guess where specific content (e.g., information on international calls) would be placed on a telecom website. 75% of users picked the same location. This means two things :

  • People already have expectations of where specific website information is typically placed 
  • Yet, one in four users struggles to identify the right areas even within standard website layouts

  So why make the job harder for them ? As UX consultant Peter Ramsey rightfully notes : 

  The truth is : designing the best experience isn’t about being unique, it’s about being easy. And guess what feels really easy to use ? Things that feel familiar.

  Therefore, analyse other homepage layout designs in your industry. Pay attention to the number and type of homepage screens and approaches to designing header/footer navigation. 

  Take some of those ideas as your “base”. Then make your homepage design on-brand with unique typography, icons, visuals and other graphic design elements.

  Take a cue from ICAM — a steel manufacturing company. Their niche isn’t typically exciting. Yet, their homepage design stops you in your tracks and tinkers your curiosity to discover more (even if you aren’t shopping for metalware). 

  

  The interesting part is that ICAM uses a rather standard homepage layout. You have a hero image in the first screen, followed by a multi-column layout of their industry expertise and an overview of manufacturers. 

  But this homepage design feels fresh because the company uses plenty of white space, bold typography and vibrant visuals. Also, they delay the creative twist (horizontal scrolling area) to the bottom of the homepage, meaning that it’s less likely to intimidate less confident web users. 

  2. Decide On The Optimal Homepage Layout 

  In web design, a homepage layout is your approach to visually organising different information on the screen. 

  Observant folks will notice that good homepage designs often have the same layout. For example, include a split-view “hero” screen with a call to action on the left and visuals (photo or video) on the left. 

  

  The reason for using similar layouts for website homepage design isn’t a lack of creativity. On the contrary, some layouts have become the “best practice” because they :

  • Offer a great user experience (UX) and don’t confuse first-time visitors 
  • Feel familiar and create a pleasurable sense of deja-vu among users 
  • Have proven to drive higher conversion rates through benchmarks and tests 

  Popular types of website homepage layouts : 

  • Single column – a classic option of presenting main content in a single, vertical column. Good choice for blogs, personal websites and simple corporate sites. 
  • Split screen layout divides the page in two equal areas with different information present. Works best for Ecommerce homepages (e.g., to separate different types of garments) or SaaS websites, offering two product types (e.g., a free personal product version and a business edition). 
  • Asymmetrical layout assumes dividing your homepage into areas of different size and styles. Asymmetry helps create specific focal points for users to draw their attention to the most prominent information. 
  • Grid of cards layout helps present a lot of information in a more digestible manner by breaking down bigger bulks of text into smaller cards — a graphic element, featuring an image and some texts. By tapping a card, users can then access extra content. 
  • Boxes are visually similar to cards, but can be of varying shape. For example, you can have a bigger header-width box area, followed by four smaller boxes within it. Both of these website layouts work well for Ecommerce. 
  • Featured image layout gives visuals (photos and videos) the most prominent placement on the homepage, with texts and other graphic design elements serving a secondary purpose. 
  • F-pattern layout is based on the standard eye movement most people have when reading content on the website. Eye tracking studies found that we usually pay the most attention to information atop of the page (header area), then scan horizontally before dripping down to the next vertical line until we find content that captures our attention. 

  User behaviour analytics (UBA) tools are the best way to determine what type of layout will work for your homepage. 

  For example, you can use Matomo Heatmaps and Session Recording to observe how users navigate your homepage, which areas or links they click and what blockers they face during navigation.

  

  Matomo can capture accurate behavioural insights because we track relative positions to elements within your websites. This approach allows us to provide accurate data for users with different browsers, operating systems, zoom-in levels and fonts. 

  The best part ? You can collect behavioural data from up to 100 different user segments to understand how different audience cohorts engage with your product.

  3. Include a One-Sentence Tagline

  A tagline is a one-line summary of what your company does and what its unique sales proposition (USP) is. It should be short, catchy and distinguish you from competitors.

  A modern homepage design practice is to include a call to action in the first screen. Why ? Because you then instantly communicate or remind of your value proposition to every user — and provide them with an easy way to convert whenever they are ready to do business with you. 

  Here’s how three companies with a similar product, a project management app, differentiate themselves through homepage taglines. 

  Monday.com positions itself as an operating system (OS) for work. 

  

  Basecamp emphasises its product simplicity and openly says that they are different from other overly-complex software. 

  

  Asana, in turn, addresses a familiar user pain point (siloed communication) that it attempts to fix with its product. 

  

  Coming up with the perfect homepage tagline is a big task. You may have plenty of ideas, but little confidence in what version will stick. 

  The best approach ? Let a series of A/B tests decide. You can test a roaster of homepage slogans on a rotating bi-weekly/monthly schedule and track how copy changes affect conversion rates. 

  With Matomo A/B test feature, you can create, track and manage all experiments straight from your web analytics app — and get consolidated reports on total page visitors and conversion rates per each tested variation. 

  

  Beyond slogans, you can also run A/B tests to validate submission form placements, button texts or the entire page layout. 

  For instance, you can benchmark how your new homepage design performs compared to the old version with a subset of users before making it publicly available. 

  4. Highlight The Main Tasks For The User

  Though casual browsing is a thing, most of us head to specific websites with a clear agenda — find information, compare prices, obtain services, etc. 

  Thus, your homepage should provide clear starting points for users’ main tasks (those you’ve also identified as conversion goals on your customer journey maps !).

  These tasks can include : 

  • Account registration 
  • Product demo request 
  • Newsletter sign-up 

  The best website homepage designs organically guide users through a set number of common tasks, one screen at a time. 

  Let’s analyse Sable homepage design. The company offers a no-fee bank account and a credit card product for soon-to-be US transplants. The main task a user has : Decide if they want to try Sable and hopefully open an account with them. 

  

  This mono-purpose page focuses on persuading a prospect that Sable is right for them. 

  The first screen hosts the main CTA with an animated drop-down arrow to keep scrolling. This is likely aimed at first-time visitors that just landed on the page from an online ad or social media post. 

  The second screen serves the main pitch — no-fee, no-hassle access to a US banking account that also helps you build your credit score. 

  The third screen encourages users to learn more about Sable Credit — the flagship product. For the sceptics, the fourth screen offers several more reasons to sign up for the credit product. 

  Then Sable moves on to pitching its second offering — a no-fee debit card with a cashback. Once again, the follow-up screen sweetens the deal by bringing up other perks (higher cashback for popular services like Amazon) and overcoming objections (no SSN required and multi-language support available). 

  The sequence ends with side-by-side product comparison and some extra social proof. 

  In Sable’s case, each homepage screen has a clear purpose and is designed to facilitate one specific user action — account opening. 

  For multi-product companies, the above strategy works great for designing individual landing pages. 

  5. Design Proper Navigation Paths

  All websites have two areas reserved for navigation : 

  • Header menu 
  • Footer menu 

  Designing an effective header menu is more important since it’s the primary tool visitors will use to discover other pages. 

  Your header menu can be :

  • Sticky — always visible as the person keeps scrolling. 
  • Static — e.g., a hidden drop-down menu. 

  If you go for a static header and have a longer homepage layout (e.g., 5+ screens), you also need to add extra navigation elements somewhere mid-page. Or else users might not figure out where to go next and merely bounce off. 

  You can do this by : 

  • Promoting other areas of your website (e.g., sub-category pages) by linking out to them 
  • Adding a carousel of “recent posts”, “recommended reads” and “latest products” 
  • Using buttons and CTAs to direct users towards specific actions (e.g., account registration) or assets (free eBook)

  For instance, cosmetics brand Typology doesn’t have a sticky header on the homepage. Instead, they prompt discovery by promoting different product categories (best sellers, bundles, latest arrivals) and their free skin diagnostic quiz — a great engagement mechanism to retain first time users.

  

  Once the user scrolls down to the bottom of the page, they should have an extra set of navigational options — aka footer links. 

  Again, these help steer the visitor towards discovering more content without scrolling back up to the top of your homepage. 

  Nielsen Norman Group says that people mostly use footers as :

  • A second chance to be convinced — after reading the entire homepage, the user is ready to give your product a go.
    
  • The last resort for hard-to-find content that’s not displayed in global header navigation (e.g., Terms and Conditions or shipping information pages).

  As a rule of thumb, you should designate the following information to the footer : 

  • Utility links (Contact page, Terms & Conditions, Privacy Policy, etc.) 
  • Secondary-task links (e.g., Career page, Investor Details, Media contacts, etc.) 
  • Brands within the organisation (if you operate several) 
  • Customer engagement link (email newsletters and social media buttons)

  The key is to keep the area compact — not more than one standard user screen resolution of 1280×720. 

  6. Show Users What’s Clickable (Or Not) 

  A homepage invites your site visitors on a journey. But if they don’t know which elements to click, they aren’t going to get anywhere.

  Good homepage design makes it obvious which page elements are clickable, i.e., can take the user to a new page or another segment of the homepage. 

  Here are several must-know homepage design tips for better on-page navigation : 

  • Use colour and underline or bold to highlight clickable words. Alternatively, you can change the browser cursor from a standard arrow into another element (e.g., a larger dot or a pointy finger) to indicate when the cursor hovers over a clickable website area. 
  • Make descriptive button texts that imply what will happen when a user clicks the page. Instead of using abstract and generic button texts like “see more” or “learn more”, try a more vibrant language like “dive in” for clicking through to a spa page. 
  • Use a unified hover area to show how different homepage design elements represent a single path or multiple navigation paths. When multiple items are encapsulated in one visual element (e.g., a box), users may be reluctant to click the image because they aren’t sure if it’s one large hit area leading to a single page or if there are multiple hit areas, leading to different pages. 

  Homepage of BEAUSiTE — a whimsical hotel in the Swiss Alps – embodies all of the above design principles. They change the cursor style whenever you scroll into a hit area, use emotive and creative micro-copy for all button texts and clearly distinguish between different homepage elements.

  

  How to Make Your Homepage Design Even More Impactful ? 

  Website homepage design is roughly 20% of pure design work and 80% of behind-the-scenes research. 

  To design a high-performing homepage you need to have data-backed answers to the following questions : 

  • Who are your primary and secondary target audiences ? 
  • Which tasks (1 to 4) you’d want to help them solve through your homepage ?

  You can get the answers to both questions from your web analytics data by using audience segmentation and page transition (behaviour flow) reports in Matomo. 

  Based on these, you can determine common user journeys and tasks people look to accomplish when visiting your website. Next, you can collect even more data with UBA tools  like heatmaps and user session recordings. Then translated the observed patterns into working homepage design ideas. 

  Improve your homepage design and conversion rates with Matomo. Start your free 21-day trial now ! 

  21 day free trial. No credit card required.

  Your email address
  

  Your website address
  

  Your Analytics subdomain will be .matomo.cloud (