Recherche avancée

Sur d’autres sites (4063)

• How to not process any personal data with Matomo and what it means for you

  22 avril 2018, par InnoCraft

  Disclaimer : this blog post has been written by digital analysts, not lawyers. The purpose of this article is to explain how to not process any personal data with Matomo in order to avoid going through the GDPR compliance process with Matomo analytics. This work comes from our interpretation of different sources : the official GDPR text and the UK privacy commission : ICO resources. It cannot be considered as a professional legal advice. So as GDPR, this information is subject to change. GDPR may be also known as RGPD in French, Spanish, Portuguese, Datenschutz-Grundverordnung, DS-GVO in German, Algemene verordening gegevensbescherming in Dutch, Regolamento generale sulla protezione dei dati in Italian.

  Are you looking for a way to not process any personal data with Matomo ? If the answer is yes, you are at the right place. From our understanding, if you are not processing personal data, then you shouldn’t be concerned about GDPR. Our inspiration came from this official reference :

  “The principles of data protection should therefore not apply to anonymous information, namely information which does not relate to an identified or identifiable natural person or to personal data rendered anonymous in such a manner that the data subject is not or no longer identifiable. This Regulation does not therefore concern the processing of such anonymous information, including for statistical or research purposes.“

  In this blog post we are going to see how you can configure Matomo in order to not process any personal data and what the consequences are.

  Which data is considered as personal according to GDPR ?

  From : eur-lex.europa.eu

  (1) “‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’) ; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person ;”

  (30) “Natural persons may be associated with online identifiers provided by their devices, applications, tools and protocols, such as internet protocol addresses, cookie identifiers or other identifiers such as radio frequency identification tags. This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them.”

  So according to your Matomo configuration, it may leave some traces within the following data :

  1. IP addresses
  2. Cookies identifiers
  3. Page URL or page titles
  4. User ID and Custom “personal” data
  5. Ecommerce order IDs
  6. Location
  7. Heatmaps & Session Recordings

  Let’s see each of them in more detail.

  1. IP addresses

  IP addresses can indirectly identify an individual. It can also give a good approximation of an individual’s location.

  IP addresses are therefore considered as personal data which means you need to anonymize them. To do so, a feature is available within Matomo, where you can anonymize the IP. We recommend you to anonymize at least the last two bytes :

  

  See our configuration guide for more information

  What are the consequences of using this feature ?

  When applying IP anonymization on two bytes, you will no longer be able to see the full IP in the UI.

  Moreover, there is a small chance that 2 different visitors with the same device and software configuration will be identified as the same visitor if the anonymised IP address is the same for both.

  2. Cookies

  It is not clear for us yet if all cookies are considered equal under GDPR. At this stage it is too early to make a definite decision.

  Did you know ? Matomo lets you optionally disable the creation of cookies by adding an extra line of code to your tracking code see below.

  

  See our configuration guide for more information

  What are the consequences of using this feature ?

  Matomo is using a few first party cookies, and the following cookies may hold personal data :

  • _pk_id : contains a visitor id used to identify unique visitors
  • _pk_ref : to identify from where they came from

  If Matomo cannot set cookies, it will use a technique called Fingerprint. It is based on several metadata such as the operating system, browser, browser plugins, IP address, browser language ; just to name a few to identify a unique visitor. As this feature is less accurate than the one using cookies, the number of visitors and visits will be affected.

  3. Page URLs and page titles

  URLs are not mentioned within the official GDPR text. However, we know that according to the different CMS you use, some of them may have URLs including personal identifiers.

  For example :

  

  As a result, you need to find a way to anonymize this data.

  There are several ways you can perform this action according to your website. If your website is adding the personal data through query parameters, you can define a rule to exclude them from Matomo.

  If the personal data are not included within query parameters, you can use the “setCustomURL” feature and write your code as follow :

  

  See our developer documentation for more information

  If you are also processing personal data within the title tag, you can use the following function : “setDocumentTitle”.

  What are the consequences of using this feature ?

  By anonymizing the URLs containing personal data, some of your  URLs will be grouped together.

  4. User ID and custom personal data

  User ID is a feature (a tracking code needs to be added) which allows you to identify the same user across different devices.

  A User ID needs a corresponding database in order to link a user across different devices, it can be an email, a username, a name, a random number… All those data are either direct or non direct online identifiers and are therefore under the scope of GDPR.

  It will be the same situation if you are using custom variables and/or custom dimensions in order to push personal data to the system.

  To continue using the User ID feature but not recording personal data, you can consider using a hash function which will anonymize/convert your actual User ID into something like “3jrj3j34434834urj33j3”.

  Alternatively, you can enable the feature “Anonymise User IDs”. This feature will be available starting in Matomo 3.5.0 :

  

  What are the consequences of using this feature ?

  Under GDPR, User ID is personal data. Anonymizing the User ID using a hash function or our built-in functionality make the User Id pseudo-anonymous, which means it can’t be easily identified to a specific user. As a result, you will still get accurate visits and unique visitors metrics, and the Visitor Profile, but without tracking the original User ID which is personal data.

  5. Ecommerce order IDs

  Order IDs are the reference number assigned to the products/services bought by your customers. As this information can be crossed with your internal database, it is considered as an online identifier and is therefore under the scope of GDPR. As for User ID, you can anonymize order IDs using our built-in functionality to Anonymise Order IDs (see section 4. about User Id).

  What are the consequences of anonymizing order ID ?

  It really depends on your former use of order IDs. If you were not using them in the past then you should not see any difference.

  6. Location

  Based on the IP address of a visitor, Matomo can detect the visitors location. Location data is problematic for privacy as this technology has become quite accurate and can detect not only the city a visitor is from, but sometimes an even more precise position of a visitor.

  

  In order to not leave any accurate traces, we strongly recommend you to enable the IP anonymization feature. Next, you need to enable the setting “Also use the anonymized IP address when enriching visits”. You find this setting directly below the IP anonymization. This is important as otherwise the full IP address will be used to geolocate a visitor.

  

  What are the consequences of anonymizing location data ?

  The more bytes you anonymize from the IP, the more anonymized your location will be. When you remove two bytes as suggested, the city and region location reports will not be as accurate. In some cases even the country may not be detected correctly anymore.

  7. Heatmaps & Session Recordings

  Heatmaps & Session Recording is a premium feature in Matomo allowing you to see where users click, hover, type and scroll. With session recordings you can then replay their actions in a video.

  Heatmaps & Session Recordings are under the scope of GDPR as they can disclose in some specific cases (for example : filling a contact form) personal data :

  

  To avoid this, Matomo will anonymize all keystrokes which a user enters into a form field unless you specifically whitelist a field. Many fields that could contain personal data, such as a credit card, phone number, email address, password, social security number, and more are always anonymized and not recorded.

  See our configuration guide for more information

  Note that a page may still show personal information within the page as part of regular content (not a form element). For example an address, or the profile page of a forum user. We have added a feature which allows you to set an HTML attribute “data-matomo-mask” to anonymize any personal content shown in the UI.

  What are the consequences of using this feature ?

  Mainly, you will not be able to see in plain text what people are entering into your forms.

  What should you do with past data ?

  Once more, we have to say that we are not lawyers. So do not take our answers as legal advice. From : ec.europa.eu/newsroom/article29/document.cfm ?doc_id=50053

  “For example, as the GDPR requires that a controller must be able to demonstrate that valid consent was obtained, all presumed consents of which no references are kept will automatically be below the consent standard of the GDPR and will need to be renewed.”

  Our interpretation is that, if you were previously relying on consent, unless you can demonstrate that valid consent was obtained, you need to get the consent back (which is almost impossible) or you need to anonymize or remove that data.

  To anonymize previously tracked data, we are actively working on a feature to do just that directly within Matomo. Alternatively, you may also set up the deletion of logs after a certain amount of time.

  We really hope you enjoyed reading this article. GDPR is still on the go and we are pretty sure you have a lot of questions about it. You probably would like to share our vision about it. So do not hesitate to ask us through our contact form to see how we are interpreting GDPR at Matomo and InnoCraft.

  The post How to not process any personal data with Matomo and what it means for you appeared first on Analytics Platform - Matomo.

• Conversion Funnel Optimisation : 10 Ways to Convert More

  24 janvier 2024, par Erin

  Converting leads into happy customers is the ultimate goal of any sales and marketing team. But there are many steps in between those two events, or in other words, funnel stages. 

  Your sales funnel includes all the steps you take to make your audience aware of your product or services and convince them to purchase. Conversion funnel optimisation strategies can help you move users through the stages of your sales funnel. 

  This article will show you how to optimise your conversion funnel and boost sales — no matter how your funnel looks. We’ll go over practical tips you can implement and how you can analyse and measure results.

  Let’s get started.

  What is conversion funnel optimisation ? 

  Conversion funnel optimisation is the strategic and ongoing process of refining and improving the different stages of a sales or marketing funnel to increase the rate at which users complete desired actions.

  A sales funnel represents the stages a potential customer goes through before purchasing. 

  The typical stages of a sales funnel include :

  • Awareness : At the top of the funnel, potential customers become aware of your product or service. 
  • Consideration : In this stage, prospects evaluate the product or service against alternatives. They may compare features, prices and customer reviews to make an informed decision.
  • Conversion : The prospect completes the transaction and becomes an actual customer by purchasing.
  • Loyalty : You can turn one-time buyers into repeat customers and brand advocates. 

  It’s called a “funnel” because, similar to the shape of a funnel, the number of potential customers decreases as they progress through the various stages of the sales process — as you can see illustrated below.

  

  Sales funnels can vary across industries and business models, but the general concept remains the same. The goal is to guide potential customers through each funnel stage, addressing their needs and concerns at each step, ultimately leading to a successful conversion. 

  You can create and monitor a custom funnel for your site’s user journey with a web analytics solution like Matomo.

  Try Matomo for Free

  Get the web insights you need, without compromising data accuracy.

  Start for free

  No credit card required

  The importance of conversion funnel optimisation 

  At the heart of conversion funnel optimisation is the quest for higher conversion rates. 

  Refining the customer journey can increase the chances of turning visitors into customers who return repeatedly.

  Specifically, here’s how conversion funnel optimisation can benefit your business :

  • Increased conversions : Marketers can increase the likelihood of turning website visitors into customers by making the user journey more user-friendly and persuasive.
  • Higher revenue : Improved conversion rates aren’t just numbers on a chart ; they translate to tangible revenue. 
  • Increased ROI (return on investment) : By optimising the conversion funnel, you can get more value from your marketing and sales efforts. 
  • Improved customer satisfaction : When customers find it easy and enjoyable to interact with a website or service, it positively influences their satisfaction and likelihood of returning.
  • Data-driven decision-making : Businesses can make informed decisions on budgets and resources based on user behaviour and performance metrics by analysing and optimising conversion funnels.

  ​​Ultimately, conversion funnel optimisation efforts align the entire funnel with overarching business goals.

  10 ways to optimise your conversion funnel 

  Here are 10 ways to optimise your conversion funnel.

  1. Identify and segment your target audience

  The key to a successful conversion funnel begins with a deep understanding of your target audience. 

  Identifying and segmenting your audience lets you speak directly to their pain points, desires and motivations.

  One effective way to know your audience better is by creating detailed buyer personas. These are fictional representations of your ideal customers based on thorough market research and real data. Dive into demographics and behavioural patterns to craft personas that resonate with your audience.

  

  Note that consumer preferences are not static. They evolve, influenced by trends, technological advancements and shifts in societal values. Staying attuned to these changes is crucial as part of optimising your conversion funnel.

  Thus, you must regularly update your buyer personas and adjust your marketing strategies accordingly.

  2. Create content for every stage of the funnel

  Each funnel stage represents a different mindset and needs for your potential customers. Tailoring your content ensures you deliver the right message at the right time to the right audience. 

  Here’s how to tailor your content to fit prospective customers at every conversion funnel stage.

  Awareness-stage content

  Prospects here are seeking information. Your content should be educational and focused on addressing their pain points. Create blog posts, infographics and videos introducing them to your industry, product or service.

  This video we created at Matomo is a prime example of awareness-stage content, grabbing attention and educating viewers about Matomo.

  Consideration-stage content

  Prospects are evaluating their options. Provide content highlighting your product’s unique selling points, such as case studies, product demonstrations and customer testimonials.

  Here’s how we use a versus landing page at Matomo to persuade prospects at this funnel stage.

  

  Conversion-stage content

  This is the final push. Ensure a smooth transition to conversion with content like promotional offers, limited-time discounts and clear calls to action (CTA).

  Loyalty-stage content

  In this stage, you might express gratitude for the purchase through personalised thank-you emails. Follow up with additional resources, tips or exclusive offers to reinforce a positive post-purchase experience. This also positions your brand as a helpful resource beyond the initial sale.

  Reward customer loyalty with exclusive offers, discounts or membership in a loyalty program.

  3. Capture leads

  Lead magnets are incentives offered to potential customers in exchange for their contact information, typically their email addresses. 

  Examples of lead magnets include :

  • Ebooks and whitepapers : In-depth resources that delve into specific topics of interest to your target audience.
  • Webinars and workshops : Live or recorded sessions that offer valuable insights, training or demonstrations.
  • Free trials and demos : Opportunities for potential customers to experience your product or service firsthand.
  • Checklists and templates : Practical tools that help your audience solve specific challenges.
  • Exclusive offers and discounts : Special promotions are available to those who subscribe or provide their contact information.

  For instance, here’s how HubSpot uses templates as lead magnets.

  

  Similarly, you can incorporate your lead magnets into relevant articles or social media posts, email campaigns and other marketing channels.

  4. Optimise your landing pages

  Understanding how visitors interact with your landing pages is a game-changer. So, the first step in optimising your landing pages is to analyse them.

  Enter Matomo’s heatmaps — the secret weapon in landing page optimisation. They visually represent how users interact with your pages, revealing where they linger, what catches their attention and where they may encounter friction. 

  

  Here are a few landing page elements you should pay attention to :

  • Strategic visual elements : Integrate high-quality images, videos and graphics that support your message and guide visitors through the content.
  • Compelling copy : Develop concise and persuasive copy that emphasises the benefits of your offering, addressing user pain points.
  • Effective CTA : Ensure your CTA is prominently displayed, using compelling language and colours that stand out.
  • Mobile responsiveness : Optimise your landing pages for various devices, especially considering the prevalence of mobile users.
  • Minimal form fields : Reduce friction by keeping form fields to a minimum, requesting only essential information.
  • ​​Leverage social proof : Integrate testimonials, reviews and trust badges to build trust and credibility.
  • A/B testing : Experiment with variations in design, copy and CTAs through A/B testing, allowing data to guide your decisions.

  Try Matomo for Free

  Get the web insights you need, without compromising data accuracy.

  Start for free

  No credit card required

  5. ​​Use compelling Calls to Action (CTAs)

  Crafting compelling CTAs is an art that involves a careful balance of persuasion, clarity and relevance.

  Here are a few tips you can implement to write CTAs that support your goals :

  • Use language that compels action. Instead of generic phrases like “Click Here,” opt for more persuasive alternatives such as “Unlock Exclusive Access” or “Start Your Free Trial.”
  • Make sure your CTAs are clear and straightforward. Visitors should instantly understand what action you want them to take. 
  • Tailor CTAs to the specific content on the page. Whether it’s a blog post, landing page or email, the CTA should seamlessly connect with the surrounding context.
  • Position your CTAs strategically. They should be prominently displayed and easily noticeable, guiding visitors without intruding.
  • Create a sense of urgency. Encourage immediate action by incorporating language that instils a sense of urgency. Phrases like “Limited Time Offer” or “Act Now” can prompt quicker responses.

  6. Have an active social presence

  Social media platforms are bustling hubs of activity where your target audience spends a significant portion of their online time. Cultivating a social media presence allows you to meet your audience where they are, fostering a direct line of communication.

  Moreover, the integration of shopping features directly into social media platforms transforms them into seamless shopping experiences. Nearly half of Instagram users shop weekly through the platform. 

  Also, the US social commerce sales continue to grow each year and are expected to reach $79.64 billion by 2025.

  

  7. Build a brand community

  Four in five customers consider communities important to how engaged they are with a brand.

  A strong community fosters a sense of belonging and loyalty among members. When customers feel connected to your brand and each other, they are more likely to remain loyal over the long term. 

  Also, satisfied community members often share their positive experiences with others, expanding your brand’s reach without additional marketing efforts.

  For example, Nike’s community for runners is a digital space where individuals share their running journeys, accomplishments and challenges. 

  

  By strategically building and nurturing a community, you not only enhance retention and spur referrals but also create a space where your brand becomes an integral part of your customers’ lives. 

  8. Conduct A/B tests

  A/B testing systematically compares two versions of a webpage, email or other content to determine which performs better.

  Examples of elements to A/B test :

  • CTAs : The language, colour, size and placement of CTAs can significantly impact user engagement. A/B testing allows you to discover which variations prompt the desired actions.
  • Headlines : Crafting compelling headlines is an art. Test different versions to identify which headlines resonate best with your audience, whether they are more drawn to clarity, humour, urgency or curiosity.
  • Images : Test different images to understand your audience’s visual preferences. This could include product images, lifestyle shots or graphics.

  

  With Matomo’s A/B testing feature, you can test various elements to see which is successful in converting visitors or moving them to the next stage of the conversion funnel.

  9. Leverage social proof

  In an era where consumers are inundated with choices, the opinions, reviews and endorsements of others serve as beacons, guiding potential customers through the decision-making process. 

  Simply put — when people see that others have had positive experiences with your brand, it instils trust and confidence.

  

  You can proactively gather social proof and display it prominently across your marketing channels. Here are some examples of social proof you can leverage :

  • Customer reviews : Positive reviews and testimonials from satisfied customers serve as authentic endorsements of your products or services. 
  • Case studies : In-depth case studies that showcase successful collaborations or solutions provided to clients offer a detailed narrative of your brand’s capabilities. These are particularly effective in B2B scenarios or for complex products and services.
  • User-generated content : Encourage customers to share their experiences. This could include photos, videos or posts on social media platforms, providing a dynamic and genuine portrayal of your brand.
  • Influencer endorsements : Collaborating with influencers in your industry or niche can amplify your social proof. When influencers vouch for your products or services, their followers are more likely to take notice.

  10. Measure and analyse performance

  This is a continuous loop of refinement, where you should use analysis and data-driven insights to guide your conversion funnel optimisation efforts.

  Here’s a systematic approach you can take :

  1. Identify the path users take on your site using a feature like Users Flow.
  2. Map the customer journey using a Funnels feature like the one in Matomo. 
  3. Identify the metrics that align with your conversion goals at each stage of the funnel, such as website traffic, conversion rates, click-through rates and customer acquisition costs.
  4. Assess conversion rates at different stages of the funnel. Identify areas with significant drop-offs and investigate factors that might contribute to the decline.
  5. Use heatmaps and session recordings to see first-hand how users interact with your site.
  6. Create an experiment to test and improve a specific area within your funnel using insights from the heatmaps and session recordings.
  7. A/B test, analyse the results to understand which variations performed better. Use this data to refine elements within your funnel.

  See how Concrete CMS 3x their leads with conversion optimisation.

  Conclusion 

  The customer journey is not linear. However, it involves a few specific stages your audience will go through — from first learning about your product or services to considering whether to try it. The goal is to turn them into happy and loyal customers.

  In this article, we went over strategies and practical tips you can use to guide customers through the conversion funnel. From segmenting your audience to capturing leads, optimising landing pages and running A/B tests, there are steps you can take to ensure your audience will move to the next stage.

  And of course, you have to continuously measure and analyse your performance. That’s how you know whether you’re heading in the right direction and, if not, where to correct your course. 

  For that, you need a robust web analytics solution with conversion optimisation features. Try Matomo free for 21 days and start optimising your conversion funnel—no credit card required. 

  Try Matomo for Free

  21 day free trial. No credit card required.

  
  

  Your email address
  

  Your website address
  

  Your Analytics subdomain will be .matomo.cloud (

• LGPD : Demystifying Brazil’s New Data Protection Law

  31 août 2023, par Erin — Privacy

  The General Personal Data Protection Law (LGPD or Lei Geral de Proteção de Dados Pessoais) is a relatively new legislation passed by the Brazilian government in 2018. The law officially took effect on September 18, 2020, but was not enforced until August 1, 2021, due to complications from the COVID-19 pandemic.

  For organisations that do business in Brazil and collect personal data, the LGPD has far-reaching implications, with 65 separate articles that outline how organisations must collect, process, disclose and erase personal data.

  In this article, you’ll learn what the LGPD is, including its contents and how a legal entity can be compliant.

  What is the LGPD ?

  The LGPD is a new data protection and privacy law passed by the Federal Brazilian Government on May 29, 2018. The purpose of the law is to unify the 40 previous Brazilian laws that regulated the processing of personal data.

  

  Many of the older laws have been either updated or removed to accommodate this change. The LGPD comprises 65 separate articles, and each covers a different area of the legislation, such as the rights of data subjects and the legal bases on which personal data may be collected. It also sets out the responsibilities of the National Data Protection Authority (ANPD), a newly created agency responsible for the guidance, supervision and enforcement of the LGPD.

  LGPD compliance is essential for organisations wishing to operate in Brazil and collect personal data for commercial purposes, whether online or offline. However, understanding the different rules and regulations and even figuring out if the LGPD applies to you can be challenging.

  Fortunately, the LGPD is relatively easy to understand and shares many similarities with the General Data Protection Regulation (GDPR), the data protection law implemented on May 25, 2018, by the European Union. This may help you better understand why the LGPD was enacted, the policies it contains and the goals it hopes to achieve. Both laws are very similar, but some items are unique to Brazil, such as what qualifies as a legal basis for collecting personal data.

  For these reasons, organisations should not apply a one-size-fits-all approach to GDPR and LGPD compliance, for they are different laws with different guiding principles and requirements.

  Who does the LGPD apply to, and who is exempt ?

  The LGPD applies to any natural person, public entity and private entity that collects, processes and stores personal data for commercial purposes within the national territory of Brazil. The same also applies to those who process the personal data of Brazilian and non-Brazilian citizens within the national territory of Brazil, even if the data processor is outside of Brazil. It also applies to those who process personal data collected from the national territory of Brazil.

  So, what does this all mean ? 

  Regardless of your location, if you conduct any personal data processing activities in Brazil or you process data that was collected from Brazil, then there is a high possibility that the LGPD applies to you. This is especially true if the data processing is for commercial purposes ; or, to be more precise, for the offering or provision of goods or services. It also means that subjects whose personal data is collected under these conditions are protected by the nine data subject rights.

  There are exceptions where the LGPD does not apply to data processors. These include if you process personal data for private or non-commercial reasons ; for artistic, journalistic and select academic purposes ; and for the purpose of state security, public safety, national defence and activities related to the investigation and prosecution of criminal offenders. Also, if the processed data originates from a country with similar data protection laws to Brazil, such as any country in the European Union (where the GDPR applies), then the LGPD will not apply to that individual or organisation.

  For these reasons, it is vital that you are familiar with the LGPD so that your data processing activities comply with the new standards. This is also important for the future, as an estimated 75% of the global population’s personal data will be protected by a privacy regulation. Getting things right now will make life easier moving forward.

  What are the nine LGPD data subject rights ?

  The LGPD has nine data subject rights. These protect the rights and freedoms of subjects, regardless of their political opinion and religious belief.

  

  These rights, listed under Article 19 of the LGPD, confirm that a data subject has the right to :

  1. Confirm the processing of their data.
  2. Access their data.
  3. Correct data that is incomplete, not accurate and out of date.
  4. Anonymize, block and delete data that is excessive, unnecessary and was not processed in compliance with the law.
  5. Move their data to a different service provider or product provider by special request.
  6. Delete or stop using personal data under certain circumstances.
  7. Gain information about who the data processor has shared the processed data with, including private and public entities.
  8. Be informed as to what the consequences may be for denying consent to the collection of personal data.
  9. Revoke consent to have their personal data processed under certain conditions.

  Many of these data subject rights are like the GDPR. For example, both the GDPR and LGPD give data subjects the right to be informed, the right to access, the right to data portability and the right to rectify false data. However, while the LGPD has nine data subject rights, the GDPR has only eight. What is the extra data subject right ? The right to gain information on who a data processor has shared your data with.

  There are other slight differences between the GDPR and LGPD with regard to data subject rights. For instance, the GDPR has a clear right to restrict certain data processing activities, such as those related to automation. The LGPD has this, too. But the subject of data collection automation is under Article 20, separate from all the data subject rights listed under Article 19.

  Under what conditions can personal data in Brazil be processed ?

  There are various conditions under which organisations can legally conduct personal data processing in Brazil. The aim of these conditions is to give data subjects confidence — that their personal data is processed for only safe, legal and ethical reasons. Also, the conditions help data processors, both individuals and organisations, determine if they have a legal basis for processing personal data in or in relation to Brazil.

  

  According to Article 7 of the LGPD, data processing may only be carried out if done :

  1. With consent by the data subject.
  2. To comply with a legal or regulatory obligation.
  3. By public authorities to assist with the execution of a public policy, one established by law or regulation.
  4. To help research entities carry out studies ; granted, when possible, subjects can anonymize their data.
  5. To carry out a contract or preliminary procedure, in particular, one related to a contract where the data subject is a party.
  6. To exercise the right of an arbitration, administration or judicial procedure.
  7. To protect the physical safety or life of someone
  8. To protect the health of someone about to undergo a procedure performed by health entities
  9. To fulfill the legitimate interests of a data processor, unless doing so would compromise a data subject’s fundamental rights and liberties.
  10. To protect one’s credit score.

  Much like the nine data subject rights, there are key differences between the LGPD and GDPR. The GDPR has six lawful bases for data processing, while the LGPD has ten. One notable addition to the LGPD is for the protection of one’s credit score, which is not covered by the GDPR. Another reason to ensure compliance with both data protection laws separately.

  LGPD vs. GDPR : How do they differ ?

  The LGPD was modeled closely on the GDPR, so it’s no surprise the two are similar. 

  Both laws ensure a high level of protection for the rights and freedoms of data subjects. They outline the legal justifications for data processing, establish the responsibilities of a data protection authority and lay out the penalties for non-compliance. That said, there are key differences between them.

  First, data subject rights ; the LGPD has nine, while the GDPR has eight. The GDPR gives data subjects the right to request a human review of automated decision-making, while the LGPD does not. Second, the legal bases for processing ; the LGPD has ten, while the GDPR has six. The four legal bases unique to the LGPD are : for protection of credit, for protection of health, for protection of life and for research entities carrying out studies.

  Both the LGPD and GDPR have different non-compliance penalties. The maximum fine for an infraction under the GDPR is up to €20 million (or 4% of the offender’s annual global revenue, whichever is higher). The maximum fine for an LGPD infraction is up to 50 million reais (around €9.2 million), or up to 2% of an offender’s revenue in Brazil, whichever is higher.

  6 steps to LGPD compliance with Matomo

  Below are steps you can follow to ensure your organisation is LGPD compliant. You’ll also learn how Matomo can help you comply quickly and easily.

  

  Let’s dive in.

  1. Appoint a DPO

  A DPO is a person, group, or organisation that communicates with data processors, data subjects, and the ANDP.

  Curiously, the LGPD lets you appoint your own DPO — even if they reside out of Brazil. So if the LGPD applies to you, you can appoint someone in your organisation to be a DPO. Just make sure that the nominated person has the understanding and capacity to perform the role’s duties.

  2. Assess your data

  Once you’re familiar with the LGPD and confirm your eligibility for LGPD compliance, take the time to assess your data. If you plan to collect data within the territory of Brazil, you’ll need to confirm the exact location of your data subjects. 

  To do this in Matomo, simply go to the previous year’s calendar. Then click on visitors, go to locations, and look for Brazil under the “Region” section. This will tell you how many of your web visitors are located in Brazil.

  

  3. Review privacy practices

  Review your existing privacy policies and practices, as there’s a good chance they’ll need to be updated to comply with the LGPD. Also, review your data sharing and third-party agreements, as you may need to communicate these new policies to partners that you rely on to deliver your services. 

  Lastly, review your procedures for tracking personal data and Personally Identifiable Information (PII). You may need to modify the type of data that you track to comply with the LGPD. You may even be tracking this data without your knowledge.

  4. Anonymize tracking data

  Data subjects under the LGPD have the right to request data anonymity. Therefore, to be LGPD compliant, your organisation must be able to accommodate for such a request.

  Fortunately, Matomo has various data anonymization techniques that help you protect your data subject’s privacy and comply with the LGPD. These techniques include the ability to anonymize previously tracked raw data, anonymize visitor IP addresses, and anonymize relevant geo-location data such as regions, cities and countries.

  

  You can find these features and more under the Anonymize data tab within the Privacy menu on the Matomo Settings page. Learn more about how to configure privacy settings in Matomo.

  5. Comply with LGPD consent laws without cookies

  By using Matomo to anonymize the data of your data subjects, this enables you to comply with LGPD consent laws and remove the need to display cookie consent banners on your website. This is made possible by the fact that Matomo is a cookieless tracking web analytics platform.

  Unlike other web analytics platforms like Google Analytics, which collect and use third-party cookies (persistent data that remains on your device, until that data expires or until you manually delete it) for their “own purposes,” Matomo is different. We use alternative means to identify web visitors, such as count the number of unique IP addresses and perform browser fingerprinting, neither of which involve the collection of personal data.

  As a result, you don’t have to display cookie consent banners on your website, and you can track your web visitors even if they disable cookies.

  6. Give users the right to opt-out

  Under the LGPD, data subjects have the right to opt-out of your data collection procedures. For this reason, make sure that your web visitors can do this on your website.

  

  You can do this in Matomo by adding an opt-out from tracking form to your website. To do this, click on the cog icon in the top menu, load the settings page, and click on the Users opt-out menu item in the Privacy section. Then follow the instructions to customise and publish the Matomo opt-out form.

  Achieve LGPD compliance with Matomo

  Like GDPR for Europe, the LGPD will impact organisations doing business in Brazil. And while they both share much of the same definitions and data subject rights, they differ on what qualifies as a legal basis for processing sensitive data. Complying with the GDPR and LGPD separately is non-negotiable and essential to avoiding maximum fines of €20 million and €9.2 million, respectively.

  

  As a web analytics platform with LGPD compliance, Matomo prioritises data privacy without compromising performance. Switch to a powerful LGPD-compliant web analytics platform that respects users’ privacy. 

  Get a 21-day free trial of Matomo today. No credit card required.

  Disclaimer

  We are not lawyers and don’t claim to be. The information provided here is to help give an introduction to LGPD. We encourage every business and website to take data privacy seriously and discuss these issues with your lawyer if you have any concerns.