Stay ahead of the GDPR with powerful web analytics that respects your user's privacy
The EU’s General Data Protection Regulation (GDPR), also known as DSGVO in German, and RGPD in French, is a regulation that applies to companies, non-profit organisations, and public entities worldwide to strengthen data protection for all individuals within the European Union (EU).
Why is GDPR compliance important?
You can be fined up to 4% of your yearly revenue for data/privacy breaches or non-compliance, according to Article 83 of the GDPR.
How is Matomo Analytics GDPR compliant?
How can we ensure GDPR compliance:
- Data anonymization
- GDPR Manager
- Users can opt-out of all tracking
- First-party cookies by default
- People can view the data collected
- Capabilities to delete visitor data when requested
- The data is not used for any other purposes (compared to Google Analytics)
- IP anonymization
- Visitor log and profiles can be disabled
- Data is stored in the EU (Matomo Cloud) or in any country of your choice (Matomo On-Premise)
Matomo has also been approved by the French Data Protection Authority (CNIL) as one of the select few web analytics tools that can be used to collect data without tracking consent. For those complying with CNIL, find out how to configure Matomo without tracking consent.
The latest GDPR rulings and how Matomo compares
Recent GDPR rulings have targeted Google Analytics in particular for insufficient data protection.
According to the Berlin Data Protection Office, if you’re collecting and sending data to third-party services (like Google Analytics) who use data “for own purpose uses” in Berlin, you now need to ask for specific consent from visitors in order to collect that information.
This is not the case for Matomo. With Matomo On-Premise, Cloud and Matomo for WordPress, the data you collect is yours to own and work with. Matomo will never use your data for “own purposes” or any other purpose, as your data is completely yours.
In 2020, the CJEU ruled US cloud servers don’t comply with GDPR. Then in 2022, the Austrian Data Protection Authority and French Data Protection Authority (CNIL) ruled that the use of Google Analytics is illegal due to data transfers to the US.
With Matomo Cloud your data is stored in Europe and no data is transferred to the US. On the other hand, with Matomo On-Premise, the data is stored in your country of choice.
"Collecting data from one’s visitors is very useful, and it is possible to do so despite the GDPR, including via Matomo, the solution we have chosen. It incorporates the right to be forgotten – meaning a user wants a website to delete all the data it has collected about him or her – and the ability to choose not to be tracked at all when visiting a site. That is why we have chosen Matomo. High security, high flexibility, and we know exactly who is looking at the data collected."
GDPR Manager
Matomo offers an advanced General Data Protection Regulation (GDPR) Manager to ensure websites are fully compliant with the new regulation. As the GDPR continues to evolve, you can be assured that Matomo will be at the forefront of these changes to create a safer web experience for everyone.
This is to make sure websites are fully GDPR compliant by giving users:
✔ Right of access
✔ Right to withdraw consent
✔ Supports “Do Not Track”
✔ Right to data portability
✔ Right to object
✔ Delete historical data
✔ Right to erasure
✔ Anonymizing features
✔ Anonymize historical data
Benefits of using Matomo
✔ 100% Data Ownership – Matomo gives you full control of your website data as you have 100% data ownership.
✔ Compliance with worldwide privacy laws – Matomo is compliant with a range of privacy laws around the world such as, HIPAA, CCPA, LGPD, and PECR.
✔ User-Privacy Protection – Matomo is trusted and used by industries that have strict compliance and data privacy regulations to ensure that their user’s privacy is protected.
✔ Reliable & Secure – Security is a top priority at Matomo. As potential issues are discovered, we validate, patch and release fixes as quickly as we can. We have a security bug bounty program in place that rewards researchers for finding security issues and disclosing them to us.
✔ Host On-Premise or on Cloud – You can breathe easy knowing both options give you full data ownership and respect for user privacy.
✔ No need for cookie consent screens – By carrying out data anonymization techniques, you can track visitors without a cookie consent screen.
"Europa Analytics is based on Matomo which is the leading open-source analytics platform that provides relevant and reliable insights into user behaviour. The data and information collected by Matomo is 100% owned and controlled by the European Commission. This guarantees compliance with strict privacy regulations and laws. Matomo is used by more than 1,000,000 websites worldwide, including large corporations, SMEs, governments & non-profit organisations."
Personal data or personally identifiable information (PII) and GDPR
If you decide to process personal data, then it must be processed in accordance with the principles of lawfulness, fairness and transparency. It should be collected for specified, explicit and legitimate purposes, and not be processed if they don’t suit those purposes.
Here are a few steps to start with:
Step one: learn what personal data or PII is
Step two: learn about data anonymization
Step three: learn about GDPR and cookie compliance
Step four: Make your Matomo GDPR compliant in 12 steps
GDPR support and resources
We offer solutions and services to help you create a Matomo configuration that’s ready for GDPR compliance. As the world leaders when it comes to privacy and customer data, we are looking forward to providing support for our analytics platform to help you achieve GDPR compliance easily.
GDPR Resources:
- GDPR Manager user guide
- How to fill in the information asset registration when using Matomo
- How to make Matomo GDPR compliant in 12 easy steps
- How to not process any personal data with Matomo and what it means for you
- PII, personal data and GDPR. Discover what this means for your privacy
- How should I write my privacy notice for Matomo Analytics under GDPR
- Lawful basis for processing personal data under GDPR with Matomo
- How to complete your privacy policy with Matomo Analytics under GDPR
- GDPR compliance for Premium Features
- How to get your Matomo plugin ready for GDPR
- Subprocessors on Matomo Cloud (subprocessors not applicable to On-Premise)
- Privacy in Matomo
Stay GDPR compliant without sacrificing powerful insights to grow you business
Matomo is a trusted and powerful all-in-one web analytics platform designed to give you the most conclusive insights to make smarter data-driven decisions.