Stay ahead of the GDPR with powerful web analytics that respects your user's privacy
The EU’s General Data Protection Regulation (GDPR), also known as DSGVO in German, and RGPD in French, is a regulation that applies to companies, non-profit organisations, and public entities worldwide to strengthen data protection for all individuals within the European Union (EU).
Why is it important?
You can be fined up to 4% of your yearly revenue for data/privacy breaches or non-compliance, according to Article 83 of the GDPR.
How is Matomo Analytics GDPR compliant?
How can we ensure GDPR compliance:
- Data anonymization
- GDPR Manager
- Users can opt-out of all tracking
- First-party cookies by default
- People can view the data collected
- Capabilities to delete visitor data when requested
- The data is not used for any other purposes (compared to Google Analytics)
- IP anonymization
- Visitor log and profiles can be disabled
- Data is stored in the EU (Matomo Cloud) or in any country of your choice (Matomo On-Premise)
In addition, if you’re complying with France’s National Data Protection Commission (CNIL) rules then you’ll also need to:
- Delete personal data after 25 months
- Have IP anonymiser enabled
- Offer Opt-out
- Disable Visits log and Visitor profile
- Agree not to export the RAW data to other systems like CRM or data warehouse without consent
Advantage of Matomo GDPR analytics compared to others
- According to the Berlin Data Protection Office, if you’re collecting and sending data to third-party services (like Google Analytics) who use data “for own purpose uses” in Berlin, you now need to ask for specific consent from visitors in order to collect that information. This is not the case for Matomo. With Matomo On-Premise, Cloud and Matomo for WordPress, the data you collect is yours to own and work with. Matomo will never use your data for “own purposes” or any other purpose, as your data is completely yours.
- The CJEU ruled US cloud servers don’t comply with GDPR. Matomo’s cloud-hosted data is stored in Europe and your On-Premise data can be stored in any country of your choosing.
- Matomo encourages data anonymization. By carrying out data anonymization techniques you can avoid needing to show users a consent screen.
Matomo offers an advanced General Data Protection Regulation (GDPR) Manager to ensure websites are fully compliant with the new regulation. As the GDPR continues to evolve, you can be assured that Matomo will be at the forefront of these changes to create a safer web experience for everyone.
This is to make sure websites are fully GDPR compliant by giving users:
✔ Right of access
✔ Right to withdraw consent
✔ Supports “Do Not Track”
✔ Right to data portability
✔ Right to object
✔ Delete historical data
✔ Right to erasure
✔ Anonymizing features
✔ Anonymize historical data
Added benefits of using Matomo
✔ 100% Data Ownership – Matomo gives you full control of your website data as you have 100% data ownership.
✔ Compliance with worldwide privacy laws – Matomo is compliant with a range of privacy laws around the world such as, HIPAA, CCPA, LGPD, and PECR.
✔ User-Privacy Protection – Matomo is trusted and used by industries that have strict compliance and data privacy regulations to ensure that their user’s privacy is protected.
✔ Reliable & Secure – Security is a top priority at Matomo. As potential issues are discovered, we validate, patch and release fixes as quickly as we can. We have a security bug bounty program in place that rewards researchers for finding security issues and disclosing them to us.
Personal data or personally identifiable information (PII) and GDPR
If you decide to process personal data, then it must be processed in accordance with the principles of lawfulness, fairness and transparency. It should be collected for specified, explicit and legitimate purposes, and not be processed if they don’t suit those purposes.
GDPR support and resources
We offer solutions and services to help you create a Matomo configuration that’s ready for GDPR compliance. As the world leaders when it comes to privacy and customer data, we are looking forward to providing support for our analytics platform to help you achieve GDPR compliance easily.
- GDPR Manager user guide
- How to fill in the information asset registration when using Matomo
- How to make Matomo GDPR compliant in 12 easy steps
- How to not process any personal data with Matomo and what it means for you
- PII, personal data and GDPR. Discover what this means for your privacy
- How should I write my privacy notice for Matomo Analytics under GDPR
- Lawful basis for processing personal data under GDPR with Matomo
- GDPR compliance for Premium Features
- How to get your Matomo plugin ready for GDPR
- Subprocessors on Matomo Cloud (subprocessors not applicable to On-Premise)
- Privacy in Matomo
Stay GDPR compliant without sacrificing powerful insights to grow you business
Matomo is a trusted and powerful all-in-one web analytics platform designed to give you the most conclusive insights to make smarter data-driven decisions.