Recherche avancée

Sur d’autres sites (9658)

• Google Optimize vs Matomo A/B Testing : Everything You Need to Know

  17 mars 2023, par Erin — Analytics Tips

  Google Optimize is a popular A/B testing tool marketers use to validate the performance of different marketing assets, website design elements and promotional offers. 

  But by September 2023, Google will sunset both free and paid versions of the Optimize product. 

  If you’re searching for an equally robust, but GDPR compliant, privacy-friendly alternative to Google Optimize, have a look at Matomo A/B Testing. 

  Integrated with our analytics platform and conversion rate optimisation (CRO) tools, Matomo allows you to run A/B and A/B/n tests without any usage caps or compromises in user privacy.

  Disclaimer : Please note that the information provided in this blog post is for general informational purposes only and is not intended to provide legal advice. Every situation is unique and requires a specific legal analysis. If you have any questions regarding the legal implications of any matter, please consult with your legal team or seek advice from a qualified legal professional.

  Google Optimize vs Matomo : Key Capabilities Compared 

  This guide shows how Matomo A/B testing stacks against Google Optimize in terms of features, reporting, integrations and pricing.

  Supported Platforms 

  Google Optimize supports experiments for dynamic websites and single-page mobile apps only. 

  If you want to run split tests in mobile apps, you’ll have to do so via Firebase — Google’s app development platform. It also has a free tier but paid usage-based subscription kicks in after your product(s) reaches a certain usage threshold. 

  Google Optimize also doesn’t support CRO experiments for web or desktop applications, email campaigns or paid ad campaigns.Matomo A/B Testing, in contrast, allows you to run experiments in virtually every channel. We have three installation options — using JavaScript, server-side technology, or our mobile tracking SDK. These allow you to run split tests in any type of web or mobile app (including games), a desktop product, or on your website. Also, you can do different email marketing tests (e.g., compare subject line variants).

  A/B Testing 

  A/B testing (split testing) is the core feature of both products. Marketers use A/B testing to determine which creative elements such as website microcopy, button placements and banner versions, resonate better with target audiences. 

  You can benchmark different versions against one another to determine which variation resonates more with users. Or you can test an A version against B, C, D and beyond. This is called A/B/n testing. 

  Both Matomo A/B testing and Google Optimize let you test either separate page elements or two completely different landing page designs, using redirect tests. You can show different variants to different user groups (aka apply targeting criteria). For example, activate tests only for certain device types, locations or types of on-site behaviour. 

  The advantage of Matomo is that we don’t limit the number of concurrent experiments you can run. With Google Optimize, you’re limited to 5 simultaneous experiments. Likewise, 

  Matomo lets you select an unlimited number of experiment objectives, whereas Google caps the maximum choice to 3 predefined options per experiment. 

  Objectives are criteria the underlying statistical model will use to determine the best-performing version. Typically, marketers use metrics such as page views, session duration, bounce rate or generated revenue as conversion goals. 

  

  Multivariate testing (MVT)

  Multivariate testing (MVT) allows you to “pack” several A/B tests into one active experiment. In other words : You create a stack of variants to determine which combination drives the best marketing outcomes. 

  For example, an MVT experiment can include five versions of a web page, where each has a different slogan, product image, call-to-action, etc. Visitors are then served with a different variation. The tracking code collects data on their behaviours and desired outcomes (objectives) and reports the results.

  MVT saves marketers time as it’s a great alternative to doing separate A/B tests for each variable. Both Matomo and Google Optimize support this feature. However, Google Optimize caps the number of possible combinations at 16, whereas Matomo has no limits. 

  Redirect Tests

  Redirect tests, also known as split URL tests, allow you to serve two entirely different web page versions to users and compare their performance. This option comes in handy when you’re redesigning your website or want to test a localised page version in a new market. 

  Also, redirect tests are a great way to validate the performance of bottom-of-the-funnel (BoFU) pages as a checkout page (for eCommerce websites), a pricing page (for SaaS apps) or a contact/booking form (for a B2B service businesses). 

  You can do split URL tests with Google Optimize and Matomo A/B Testing. 

  Experiment Design 

  Google Optimize provides a visual editor for making simple page changes to your website (e.g., changing button colour or adding several headline variations). You can then preview the changes before publishing an experiment. For more complex experiments (e.g., testing different page block sequences), you’ll have to codify experiments using custom JavaScript, HTML and CSS.

  In Matomo, all A/B tests are configured on the server-side (i.e., by editing your website’s raw HTML) or client-side via JavaScript. Afterwards, you use the Matomo interface to start or schedule an experiment, set objectives and view reports. 

  Experiment Configuration 

  Marketers know how complex customer journeys can be. Multiple factors — from location and device to time of the day and discount size — can impact your conversion rates. That’s why a great CRO app allows you to configure multiple tracking conditions. 

  Matomo A/B testing comes with granular controls. First of all, you can decide which percentage of total web visitors participate in any given experiment. By default, the number is set to 100%, but you can change it to any other option. 

  Likewise, you can change which percentage of traffic each variant gets in an experiment. For example, your original version can get 30% of traffic, while options A and B receive 40% each. We also allow users to specify custom parameters for experiment participation. You can only show your variants to people in specific geo-location or returning visitors only. 

  Finally, you can select any type of meaningful objective to evaluate each variant’s performance. With Matomo, you can either use standard website analytics metrics (e.g., total page views, bounce rate, CTR, visit direction, etc) or custom goals (e.g., form click, asset download, eCommerce order, etc). 

  In other words : You’re in charge of deciding on your campaign targeting criteria, duration and evaluation objectives.

  A free Google Optimize account comes with three main types of user targeting options : 

  • Geo-targeting at city, region, metro and country levels. 

  • Technology targeting  by browser, OS or device type, first-party cookie, etc. 
  • Behavioural targeting based on metrics like “time since first arrival” and “page referrer” (referral traffic source). 

  Users can also configure other types of tracking scenarios (for example to only serve tests to signed-in users), using condition-based rules. 

  Reporting 

  Both Matomo and Google Optimize use different statistical models to evaluate which variation performs best. 

  Matomo relies on statistical hypothesis testing, which we use to count unique visitors and report on conversion rates. We analyse all user data (with no data sampling applied), meaning you get accurate reporting, based on first-hand data, rather than deductions. For that reason, we ask users to avoid drawing conclusions before their experiment participation numbers reach a statistically significant result. Typically, we recommend running an experiment for at least several business cycles to get a comprehensive report. 

  Google Optimize, in turn, uses Bayesian inference — a statistical method, which relies on a random sample of users to compare the performance rates of each creative against one another. While a Bayesian model generates CRO reports faster and at a bigger scale, it’s based on inferences.

  Model developers need to have the necessary skills to translate subjective prior beliefs about the probability of a certain event into a mathematical formula. Since Google Optimize is a proprietary tool, you cannot audit the underlying model design and verify its accuracy. In other words, you trust that it was created with the right judgement. 

  In comparison, Matomo started as an open-source project, and our source code can be audited independently by anyone at any time. 

  Another reporting difference to mind is the reporting delays. Matomo Cloud generates A/B reports within 6 hours and in only 1 hour for Matomo On-Premise. Google Optimize, in turn, requires 12 hours from the first experiment setup to start reporting on results. 

  When you configure a test experiment and want to quickly verify that everything is set up correctly, this can be an inconvenience.

  User Privacy & GDPR Compliance 

  Google Optimize works in conjunction with Google Analytics, which isn’t GDPR compliant. 

  For all website traffic from the EU, you’re therefore obliged to show a cookie consent banner. The kicker, however, is that you can only show an Optimize experiment after the user gives consent to tracking. If the user doesn’t, they will only see an original page version. Considering that almost 40% of global consumers reject cookie consent banners, this can significantly affect your results.

  This renders Google Optimize mostly useless in the EU since it would only allow you to run tests with a fraction ( 60%) of EU traffic — and even less if you apply any extra targeting criteria. 

  In comparison, Matomo is fully GDPR compliant. Therefore, our users are legally exempt from displaying cookie-consent banners in most EU markets (with Germany and the UK being an exception). Since Matomo A/B testing is part of Matomo web analytics, you don’t have to worry about GDPR compliance or breaches in user privacy. 

  Digital Experience Intelligence 

  You can get comprehensive statistical data on variants’ performance with Google Optimize. But you don’t get further insights on why some tests are more successful than others. 

  Matomo enables you to collect more insights with two extra features :

  • User session recordings : Monitor how users behave on different page versions. Observe clicks, mouse movements, scrolls, page changes, and form interactions to better understand the users’ cumulative digital experience. 
  • Heatmaps : Determine which elements attract the most users’ attention to fine-tune your split tests. With a standard CRO tool, you only assume that a certain page element does matter for most users. A heatmap can help you determine for sure. 

  Both of these features are bundled into your Matomo Cloud subscription. 

  Integrations 

  Both Matomo and Google Optimize integrate with multiple other tools. 

  Google Optimize has native integrations with other products in the marketing family — GA, Google Ads, Google Tag Manager, Google BigQuery, Accelerated Mobile Pages (AMP), and Firebase. Separately, other popular marketing apps have created custom connectors for integrating Google Optimize data. 

  Matomo A/B Testing, in turn, can be combined with other web analytics and CRO features such as Funnels, Multi-Channel Attribution, Tag Manager, Form Analytics, Heatmaps, Session Recording, and more ! 

  You can also conveniently export your website analytics or CRO data using Matomo Analytics API to analyse it in another app. 

  Pricing 

  Google Optimize is a free tool but has usage caps. If you want to schedule more than 5 concurrent experiments or test more than 16 variants at once, you’ll have to upgrade to Optimize 360. Optimize 360 prices aren’t listed publicly but are said to be closer to six figures per year. 

  Matomo A/B Testing is available with every Cloud subscription (starting from €19) and Matomo On-Premise users can also get A/B Testing as a plugin (starting from €199/year). In each case, there are no caps or data limits. 

  Google Optimize vs Matomo A/B Testing : Comparison Table

  Features/capabilities	Google Optimize	Matomo A/B test
  Supported channels	Web	Web, mobile, email, digital campaigns
  A/B testing
  Multivariate testing (MVT)
  Split URL tests
  Web analytics integration	Native with UA/GA4	Native with Matomo You can also migrate historical UA (GA3) data to Matomo
  Audience segmentation	Basic	Advanced
  Geo-targeting
  Technology targeting
  Behavioural targeting	Basic	Advanced
  Reporting model	Bayesian analysis	Statistical hypothesis testing
  Report availability	Within 12 hours after setup	6 hours for Matomo Cloud 1 hour for Matomo On-Premise
  Heatmaps		Included with Matomo Cloud
  Session recordings		Included with Matomo Cloud
  GDPR compliance
  Support	Self-help desk on a free tier	Self-help guides, user forum, email
  Price	Free limited tier	From €19 for Cloud subscription From €199/year as plugin for On-Premise

  Final Thoughts : Who Benefits the Most From an A/B Testing Tool ?

  Split testing is an excellent method for validating various assumptions about your target customers. 

  With A/B testing tools you get a data-backed answer to research hypotheses such as “How different pricing affects purchases ?”, “What contact button placement generates more clicks ?”, “Which registration form performs best with new app subscribers ?” and more. 

  Such insights can be game-changing when you’re trying to improve your demand-generation efforts or conversion rates at the BoFu stage. But to get meaningful results from CRO tests, you need to select measurable, representative objectives.

  For example, split testing different pricing strategies for low-priced, frequently purchased products makes sense as you can run an experiment for a couple of weeks to get a statistically relevant sample. 

  But if you’re in a B2B SaaS product, where the average sales cycle takes weeks (or months) to finalise and things like “time-sensitive discounts” or “one-time promos” don’t really work, getting adequate CRO data will be harder. 

  To see tangible results from CRO, you’ll need to spend more time on test ideation than implementation. Your team needs to figure out : which elements to test, in what order, and why. 

  Effective CRO tests are designed for a specific part of the funnel and assume that you’re capable of effectively identifying and tracking conversions (goals) at the selected stage. This alone can be a complex task since not all customer journeys are alike. For SaaS websites, using a goal like “free trial account registration” can be a good starting point.

  A good test also produces a meaningful difference between the proposed variant and the original version. As Nima Yassini, Partner at Deloitte Digital, rightfully argues :

  “I see people experimenting with the goal of creating an uplift. There’s nothing wrong with that, but if you’re only looking to get wins you will be crushed when the first few tests fail. The industry average says that only one in five to seven tests win, so you need to be prepared to lose most of the time”.

  In many cases, CRO tests don’t provide the data you expected (e.g., people equally click the blue and green buttons). In this case, you need to start building your hypothesis from scratch. 

  At the same time, it’s easy to get caught up in optimising for “vanity metrics” — such that look good in the report, but don’t quite match your marketing objectives. For example, better email headline variations can improve your email open rates. But if users don’t proceed to engage with the email content (e.g. click-through to your website or use a provided discount code), your efforts are still falling short. 

  That’s why developing a baseline strategy is important before committing to an A/B testing tool. Google Optimize appealed to many users because it’s free and allows you to test your split test strategy cost-effectively. 

  With its upcoming depreciation, many marketers are very committed to a more expensive A/B tool (especially when they’re not fully sure about their CRO strategy and its results). 

  Matomo A/B testing is a cost-effective, GDPR-compliant alternative to Google Optimize with a low learning curve and extra competitive features. 

  Discover if Matomo A/B Testing is the ideal Google Optimize alternative for your organization with our free 21-day trial. No credit card required.

• Overcoming Fintech and Finserv’s Biggest Data Analytics Challenges

  13 septembre 2024, par Daniel Crough — Banking and Financial Services, Marketing, Security

  Data powers innovation in financial technology (fintech), from personalized banking services to advanced fraud detection systems. Industry leaders recognize the value of strong security measures and customer privacy. A recent survey highlights this focus, with 72% of finance Chief Risk Officers identifying cybersecurity as their primary concern.

  Beyond cybersecurity, fintech and financial services (finserv) companies are bogged down with massive amounts of data spread throughout disconnected systems. Between this, a complex regulatory landscape and an increasingly tech-savvy and sceptical consumer base, fintech and finserv companies have a lot on their plates.

  How can marketing teams get the information they need while staying focused on compliance and providing customer value ? 

  This article will examine strategies to address common challenges in the finserv and fintech industries. We’ll focus on using appropriate tools, following effective data management practices, and learning from traditional banks’ approaches to similar issues.

  What are the biggest fintech data analytics challenges, and how do they intersect with traditional banking ?

  Recent years have been tough for the fintech industry, especially after the pandemic. This period has brought new hurdles in data analysis and made existing ones more complex. As the market stabilises, both fintech and finserve companies must tackle these evolving data issues.

  Let’s examine some of the most significant data analytics challenges facing the fintech industry, starting with an issue that’s prevalent across the financial sector :

  1. Battling data silos

  In a recent survey by InterSystems, 54% of financial institution leaders said data silos are their biggest barrier to innovation, while 62% said removing silos is their priority data strategy for the next year.

  

  Data silos segregate data repositories across departments, products and other divisions. This is a major issue in traditional banking and something fintech companies should avoid inheriting at all costs.

  Siloed data makes it harder for decision-makers to view business performance with 360-degree clarity. It’s also expensive to maintain and operationalise and can evolve into privacy and data compliance issues if left unchecked.

  To avoid or remove data silos, develop a data governance framework and centralise your data repositories. Next, simplify your analytics stack into as few integrated tools as possible because complex tech stacks are one of the leading causes of data silos.

  Use an analytics system like Matomo that incorporates web analytics, marketing attribution and CRO testing into one toolkit.

  

  Matomo’s support plans help you implement a data system to meet the unique needs of your business and avoid issues like data silos. We also offer data warehouse exporting as a feature to bring all of your web analytics, customer data, support data, etc., into one centralised location.

  Try Matomo for free today, or contact our sales team to discuss support plans.

  2. Compliance with laws and regulations

  A survey by Alloy reveals that 93% of fintech companies find it difficult to meet compliance regulations. The cost of staying compliant tops their list of worries (23%), outranking even the financial hit from fraud (21%) – and this in a year marked by cyber threats.

  

  Data privacy laws are constantly changing, and the landscape varies across global regions, making adherence even more challenging for fintechs and traditional banks operating in multiple markets. 

  In the US market, companies grapple with regulations at both federal and state levels. Here are some of the state-level legislation coming into effect for 2024-2026 :

  • Oregon – Oregon Consumer Privacy Act (July 1, 2024)
  • Florida – Florida Digital Bill of Rights (July 1, 2024)
  • Texas – Texas Data Privacy and Security Act (July 1, 2024)
  • Montana – Montana Consumer Data Privacy Act (October 1, 2024)
  • Delaware – Delaware Personal Privacy Act (January 1, 2025)
  • Iowa – Iowa Consumer Data Protection Act (January 1, 2025)
  • New Jersey – SB 332 (January 15, 2025)
  • Tennessee – Tennessee Information Protection Act (July 1, 2025)
  • Indiana – Indiana Consumer Data Protection Act ( January 1, 2026)

  Other countries are also ramping up regional regulations. For instance, Canada has Quebec’s Act Respecting the Protection of Personal Information in the Private Sector and British Columbia’s Personal Information Protection Act (BC PIPA).

  Ignorance of country- or region-specific laws will not stop companies from suffering the consequences of violating them.

  The only answer is to invest in adherence and manage business growth accordingly. Ultimately, compliance is more affordable than non-compliance – not only in terms of the potential fines but also the potential risks to reputation, consumer trust and customer loyalty.

  This is an expensive lesson that fintech and traditional financial companies have had to learn together. GDPR regulators hit CaixaBank S.A, one of Spain’s largest banks, with multiple multi-million Euro fines, and Klarna Bank AB, a popular Swedish fintech company, for €720,000.

  To avoid similar fates, companies should :

  1. Build solid data systems
  2. Hire compliance experts
  3. Train their teams thoroughly
  4. Choose data analytics tools carefully

  Remember, even popular tools like Google Analytics aren’t automatically safe. Find out how Matomo helps you gather useful insights while sticking to rules like GDPR.

  3. Protecting against data security threats

  Cyber threats are increasing in volume and sophistication, with the financial sector becoming the most breached in 2023.

  

  The cybersecurity risks will only worsen, with WEF estimating annual cybercrime expenses of up to USD $10.5 trillion globally by 2025, up from USD $3 trillion in 2015.

  While technology brings new security solutions, it also amplifies existing risks and creates new ones. A 2024 McKinsey report warns that the risk of data breaches will continue to increase as the financial industry increasingly relies on third-party data tools and cloud computing services unless they simultaneously improve their security posture.

  The reality is that adopting a third-party data system without taking the proper precautions means adopting its security vulnerabilities.

  In 2023, the MOVEit data breach affected companies worldwide, including financial institutions using its file transfer system. One hack created a global data crisis, potentially affecting the customer data of every company using this one software product.

  The McKinsey report emphasises choosing tools wisely. Why ? Because when customer data is compromised, it’s your company that takes the heat, not the tool provider. As the report states :

  “Companies need reliable, insightful metrics and reporting (such as security compliance, risk metrics and vulnerability tracking) to prove to regulators the health of their security capabilities and to manage those capabilities.”

  Don’t put user or customer data in the hands of companies you can’t trust. Work with providers that care about security as much as you do. With Matomo, you own all of your data, ensuring it’s never used for unknown purposes.

  

  4. Protecting users’ privacy

  With security threats increasing, fintech companies and traditional banks must prioritise user privacy protection. Users are also increasingly aware of privacy threats and ready to walk away from companies that lose their trust.

  Cisco’s 2023 Data Privacy Benchmark Study reveals some eye-opening statistics :

  • 94% of companies said their customers wouldn’t buy from them if their data wasn’t protected, and 
  • 95% see privacy as a business necessity, not just a legal requirement.

  Modern financial companies must balance data collection and management with increasing privacy demands. This may sound contradictory for companies reliant on dated practices like third-party cookies, but they need to learn to thrive in a cookieless web as customers move to banks and service providers that have strong data ethics.

  This privacy protection journey starts with implementing web analytics ethically from the very first session.

  

  The most important elements of ethically-sound web analytics in fintech are :

  1. 100% data ownership : Make sure your data isn’t used in other ways by the tools that collect it.
  2. Respecting user privacy : Only collect the data you absolutely need to do your job and avoid personally identifiable information.
  3. Regulatory compliance : Stick with solutions built for compliance to stay out of legal trouble.
  4. Data transparency : Know how your tools use your data and let your customers know how you use it.

  Read our guide to ethical web analytics for more information.

  5. Comparing customer trust across industries 

  While fintech companies are making waves in the financial world, they’re still playing catch-up when it comes to earning customer trust. According to RFI Global, fintech has a consumer trust score of 5.8/10 in 2024, while traditional banking scores 7.6/10.

  

  This trust gap isn’t just about perception – it’s rooted in real issues :

  • Security breaches are making headlines more often.
  • Privacy regulations like GDPR are making consumers more aware of their rights.
  • Some fintech companies are struggling to handle fraud effectively.

  According to the UK’s Payment Systems Regulator, digital banking brands Monzo and Starling had some of the highest fraudulent activity rates in 2022. Yet, Monzo only reimbursed 6% of customers who reported suspicious transactions, compared to 70% for NatWest and 91% for Nationwide.

  So, what can fintech firms do to close this trust gap ?

  • Start with privacy-centric analytics from day one. This shows customers you value their privacy from the get-go.
  • Build and maintain a long-term reputation free of data leaks and privacy issues. One major breach can undo years of trust-building.
  • Learn from traditional banks when it comes to handling issues like fraudulent transactions, identity theft, and data breaches. Prompt, customer-friendly resolutions go a long way.
  • Remember : cutting-edge financial technology doesn’t make up for poor customer care. If your digital bank won’t refund customers who’ve fallen victim to credit card fraud, they’ll likely switch to a traditional bank that will.

  The fintech sector has made strides in innovation, but there’s still work to do in establishing trustworthiness. By focusing on robust security, transparent practices, and excellent customer service, fintech companies can bridge the trust gap and compete more effectively with traditional banks.

  6. Collecting quality data

  Adhering to data privacy regulations, protecting user data and implementing ethical analytics raises another challenge. How can companies do all of these things and still collect reliable, quality data ?

  Google’s answer is using predictive models, but this replaces real data with calculations and guesswork. The worst part is that Google Analytics doesn’t even let you use all of the data you collect in the first place. Instead, it uses something called data sampling once you pass certain thresholds.

  In practice, this means that Google Analytics uses a limited set of your data to calculate reports. We’ve discussed GA4 data sampling at length before, but there are two key problems for companies here :

  1. A sample size that’s too small won’t give you a full representation of your data.
  2. The more visitors that come to your site, the less accurate your reports will become.

  For high-growth companies, data sampling simply can’t keep up. Financial marketers widely recognise the shortcomings of big tech analytics providers. In fact, 80% of them say they’re concerned about data bias from major providers like Google and Meta affecting valuable insights.

  This is precisely why CRO:NYX Digital approached us after discovering Google Analytics wasn’t providing accurate campaign data. We set up an analytics system to suit the company’s needs and tested it alongside Google Analytics for multiple campaigns. In one instance, Google Analytics failed to register 6,837 users in a single day, approximately 9.8% of the total tracked by Matomo.

  In another instance, Google Analytics only tracked 600 visitors over 24 hours, while Matomo recorded nearly 71,000 visitors – an 11,700% discrepancy.

  

  Financial companies need a more reliable, privacy-centric alternative to Google Analytics that captures quality data without putting users at potential risk. This is why we built Matomo and why our customers love having total control and visibility of their data.

  Unlock the full power of fintech data analytics with Matomo

  Fintech companies face many data-related challenges, so compliant web analytics shouldn’t be one of them. 

  With Matomo, you get :

  • An all-in-one solution that handles traditional web analytics, behavioural analytics and more with strong integrations to minimise the likelihood of data siloing
  • Full compliance with GDPR, CCPA, PIPL and more
  • Complete ownership of your data to minimise cybersecurity risks caused by negligent third parties
  • An abundance of ways to protect customer privacy, like IP address anonymisation and respect for DoNotTrack settings
  • The ability to import data from Google Analytics and distance yourself from big tech
  • High-quality data that doesn’t rely on sampling
  • A tool built with financial analytics in mind

  Don’t let big tech companies limit the power of your data with sketchy privacy policies and counterintuitive systems like data sampling. 

  Start your Matomo free trial or request a demo to unlock the full power of fintech data analytics without putting your customers’ personal information at unnecessary risk.

• LGPD : Demystifying Brazil’s New Data Protection Law

  31 août 2023, par Erin — Privacy

  The General Personal Data Protection Law (LGPD or Lei Geral de Proteção de Dados Pessoais) is a relatively new legislation passed by the Brazilian government in 2018. The law officially took effect on September 18, 2020, but was not enforced until August 1, 2021, due to complications from the COVID-19 pandemic.

  For organisations that do business in Brazil and collect personal data, the LGPD has far-reaching implications, with 65 separate articles that outline how organisations must collect, process, disclose and erase personal data.

  In this article, you’ll learn what the LGPD is, including its contents and how a legal entity can be compliant.

  What is the LGPD ?

  The LGPD is a new data protection and privacy law passed by the Federal Brazilian Government on May 29, 2018. The purpose of the law is to unify the 40 previous Brazilian laws that regulated the processing of personal data.

  

  Many of the older laws have been either updated or removed to accommodate this change. The LGPD comprises 65 separate articles, and each covers a different area of the legislation, such as the rights of data subjects and the legal bases on which personal data may be collected. It also sets out the responsibilities of the National Data Protection Authority (ANPD), a newly created agency responsible for the guidance, supervision and enforcement of the LGPD.

  LGPD compliance is essential for organisations wishing to operate in Brazil and collect personal data for commercial purposes, whether online or offline. However, understanding the different rules and regulations and even figuring out if the LGPD applies to you can be challenging.

  Fortunately, the LGPD is relatively easy to understand and shares many similarities with the General Data Protection Regulation (GDPR), the data protection law implemented on May 25, 2018, by the European Union. This may help you better understand why the LGPD was enacted, the policies it contains and the goals it hopes to achieve. Both laws are very similar, but some items are unique to Brazil, such as what qualifies as a legal basis for collecting personal data.

  For these reasons, organisations should not apply a one-size-fits-all approach to GDPR and LGPD compliance, for they are different laws with different guiding principles and requirements.

  Who does the LGPD apply to, and who is exempt ?

  The LGPD applies to any natural person, public entity and private entity that collects, processes and stores personal data for commercial purposes within the national territory of Brazil. The same also applies to those who process the personal data of Brazilian and non-Brazilian citizens within the national territory of Brazil, even if the data processor is outside of Brazil. It also applies to those who process personal data collected from the national territory of Brazil.

  So, what does this all mean ? 

  Regardless of your location, if you conduct any personal data processing activities in Brazil or you process data that was collected from Brazil, then there is a high possibility that the LGPD applies to you. This is especially true if the data processing is for commercial purposes ; or, to be more precise, for the offering or provision of goods or services. It also means that subjects whose personal data is collected under these conditions are protected by the nine data subject rights.

  There are exceptions where the LGPD does not apply to data processors. These include if you process personal data for private or non-commercial reasons ; for artistic, journalistic and select academic purposes ; and for the purpose of state security, public safety, national defence and activities related to the investigation and prosecution of criminal offenders. Also, if the processed data originates from a country with similar data protection laws to Brazil, such as any country in the European Union (where the GDPR applies), then the LGPD will not apply to that individual or organisation.

  For these reasons, it is vital that you are familiar with the LGPD so that your data processing activities comply with the new standards. This is also important for the future, as an estimated 75% of the global population’s personal data will be protected by a privacy regulation. Getting things right now will make life easier moving forward.

  What are the nine LGPD data subject rights ?

  The LGPD has nine data subject rights. These protect the rights and freedoms of subjects, regardless of their political opinion and religious belief.

  

  These rights, listed under Article 19 of the LGPD, confirm that a data subject has the right to :

  1. Confirm the processing of their data.
  2. Access their data.
  3. Correct data that is incomplete, not accurate and out of date.
  4. Anonymize, block and delete data that is excessive, unnecessary and was not processed in compliance with the law.
  5. Move their data to a different service provider or product provider by special request.
  6. Delete or stop using personal data under certain circumstances.
  7. Gain information about who the data processor has shared the processed data with, including private and public entities.
  8. Be informed as to what the consequences may be for denying consent to the collection of personal data.
  9. Revoke consent to have their personal data processed under certain conditions.

  Many of these data subject rights are like the GDPR. For example, both the GDPR and LGPD give data subjects the right to be informed, the right to access, the right to data portability and the right to rectify false data. However, while the LGPD has nine data subject rights, the GDPR has only eight. What is the extra data subject right ? The right to gain information on who a data processor has shared your data with.

  There are other slight differences between the GDPR and LGPD with regard to data subject rights. For instance, the GDPR has a clear right to restrict certain data processing activities, such as those related to automation. The LGPD has this, too. But the subject of data collection automation is under Article 20, separate from all the data subject rights listed under Article 19.

  Under what conditions can personal data in Brazil be processed ?

  There are various conditions under which organisations can legally conduct personal data processing in Brazil. The aim of these conditions is to give data subjects confidence — that their personal data is processed for only safe, legal and ethical reasons. Also, the conditions help data processors, both individuals and organisations, determine if they have a legal basis for processing personal data in or in relation to Brazil.

  

  According to Article 7 of the LGPD, data processing may only be carried out if done :

  1. With consent by the data subject.
  2. To comply with a legal or regulatory obligation.
  3. By public authorities to assist with the execution of a public policy, one established by law or regulation.
  4. To help research entities carry out studies ; granted, when possible, subjects can anonymize their data.
  5. To carry out a contract or preliminary procedure, in particular, one related to a contract where the data subject is a party.
  6. To exercise the right of an arbitration, administration or judicial procedure.
  7. To protect the physical safety or life of someone
  8. To protect the health of someone about to undergo a procedure performed by health entities
  9. To fulfill the legitimate interests of a data processor, unless doing so would compromise a data subject’s fundamental rights and liberties.
  10. To protect one’s credit score.

  Much like the nine data subject rights, there are key differences between the LGPD and GDPR. The GDPR has six lawful bases for data processing, while the LGPD has ten. One notable addition to the LGPD is for the protection of one’s credit score, which is not covered by the GDPR. Another reason to ensure compliance with both data protection laws separately.

  LGPD vs. GDPR : How do they differ ?

  The LGPD was modeled closely on the GDPR, so it’s no surprise the two are similar. 

  Both laws ensure a high level of protection for the rights and freedoms of data subjects. They outline the legal justifications for data processing, establish the responsibilities of a data protection authority and lay out the penalties for non-compliance. That said, there are key differences between them.

  First, data subject rights ; the LGPD has nine, while the GDPR has eight. The GDPR gives data subjects the right to request a human review of automated decision-making, while the LGPD does not. Second, the legal bases for processing ; the LGPD has ten, while the GDPR has six. The four legal bases unique to the LGPD are : for protection of credit, for protection of health, for protection of life and for research entities carrying out studies.

  Both the LGPD and GDPR have different non-compliance penalties. The maximum fine for an infraction under the GDPR is up to €20 million (or 4% of the offender’s annual global revenue, whichever is higher). The maximum fine for an LGPD infraction is up to 50 million reais (around €9.2 million), or up to 2% of an offender’s revenue in Brazil, whichever is higher.

  6 steps to LGPD compliance with Matomo

  Below are steps you can follow to ensure your organisation is LGPD compliant. You’ll also learn how Matomo can help you comply quickly and easily.

  

  Let’s dive in.

  1. Appoint a DPO

  A DPO is a person, group, or organisation that communicates with data processors, data subjects, and the ANDP.

  Curiously, the LGPD lets you appoint your own DPO — even if they reside out of Brazil. So if the LGPD applies to you, you can appoint someone in your organisation to be a DPO. Just make sure that the nominated person has the understanding and capacity to perform the role’s duties.

  2. Assess your data

  Once you’re familiar with the LGPD and confirm your eligibility for LGPD compliance, take the time to assess your data. If you plan to collect data within the territory of Brazil, you’ll need to confirm the exact location of your data subjects. 

  To do this in Matomo, simply go to the previous year’s calendar. Then click on visitors, go to locations, and look for Brazil under the “Region” section. This will tell you how many of your web visitors are located in Brazil.

  

  3. Review privacy practices

  Review your existing privacy policies and practices, as there’s a good chance they’ll need to be updated to comply with the LGPD. Also, review your data sharing and third-party agreements, as you may need to communicate these new policies to partners that you rely on to deliver your services. 

  Lastly, review your procedures for tracking personal data and Personally Identifiable Information (PII). You may need to modify the type of data that you track to comply with the LGPD. You may even be tracking this data without your knowledge.

  4. Anonymize tracking data

  Data subjects under the LGPD have the right to request data anonymity. Therefore, to be LGPD compliant, your organisation must be able to accommodate for such a request.

  Fortunately, Matomo has various data anonymization techniques that help you protect your data subject’s privacy and comply with the LGPD. These techniques include the ability to anonymize previously tracked raw data, anonymize visitor IP addresses, and anonymize relevant geo-location data such as regions, cities and countries.

  

  You can find these features and more under the Anonymize data tab within the Privacy menu on the Matomo Settings page. Learn more about how to configure privacy settings in Matomo.

  5. Comply with LGPD consent laws without cookies

  By using Matomo to anonymize the data of your data subjects, this enables you to comply with LGPD consent laws and remove the need to display cookie consent banners on your website. This is made possible by the fact that Matomo is a cookieless tracking web analytics platform.

  Unlike other web analytics platforms like Google Analytics, which collect and use third-party cookies (persistent data that remains on your device, until that data expires or until you manually delete it) for their “own purposes,” Matomo is different. We use alternative means to identify web visitors, such as count the number of unique IP addresses and perform browser fingerprinting, neither of which involve the collection of personal data.

  As a result, you don’t have to display cookie consent banners on your website, and you can track your web visitors even if they disable cookies.

  6. Give users the right to opt-out

  Under the LGPD, data subjects have the right to opt-out of your data collection procedures. For this reason, make sure that your web visitors can do this on your website.

  

  You can do this in Matomo by adding an opt-out from tracking form to your website. To do this, click on the cog icon in the top menu, load the settings page, and click on the Users opt-out menu item in the Privacy section. Then follow the instructions to customise and publish the Matomo opt-out form.

  Achieve LGPD compliance with Matomo

  Like GDPR for Europe, the LGPD will impact organisations doing business in Brazil. And while they both share much of the same definitions and data subject rights, they differ on what qualifies as a legal basis for processing sensitive data. Complying with the GDPR and LGPD separately is non-negotiable and essential to avoiding maximum fines of €20 million and €9.2 million, respectively.

  

  As a web analytics platform with LGPD compliance, Matomo prioritises data privacy without compromising performance. Switch to a powerful LGPD-compliant web analytics platform that respects users’ privacy. 

  Get a 21-day free trial of Matomo today. No credit card required.

  Disclaimer

  We are not lawyers and don’t claim to be. The information provided here is to help give an introduction to LGPD. We encourage every business and website to take data privacy seriously and discuss these issues with your lawyer if you have any concerns.