Recherche avancée

Sur d’autres sites (6554)

• 7 Ecommerce Metrics to Track and Improve in 2024

  12 avril 2024, par Erin

  You can invest hours into market research, create the best ads you’ve ever seen and fine-tune your budgets. But the only way to really know if your digital marketing campaigns move the needle is to track ecommerce metrics.

  It’s time to put your hopes and gut feelings aside and focus on the data. Ecommerce metrics are key performance indicators that can tell you a lot about the performance of a single campaign, a traffic source or your entire marketing efforts. 

  That’s why it’s essential to understand what ecommerce metrics are, key metrics to track and how to improve them. 

  Ready to do all of the above ? Then, let’s get started.

  What are ecommerce metrics ? 

  An ecommerce metric is any metric that helps you understand the effectiveness of your digital marketing efforts and the extent to which users are taking a desired action. Most ecommerce metrics focus on conversions, which could be anything from making a purchase to subscribing to your email list.

  You need to track ecommerce metrics to understand how well your marketing efforts are working. They are essential to helping you run a cost-effective marketing campaign that delivers a return on investment. 

  For example, tracking ecommerce metrics will help you identify whether your digital marketing campaigns are generating a return on investment or whether they are actually losing money. They also help you identify your most effective campaigns and traffic sources. 

  Ecommerce metrics also help you spot opportunities for improvement both in terms of your marketing campaigns and your site’s UX. 

  For instance, you can use ecommerce metrics to track the impact on revenue of A/B tests on your marketing campaigns. Or you can use them to understand how users interact with your website and what, if anything, you can do to make it more engaging.

  What’s the difference between conversion rate and conversion value ?

  The difference between a conversion rate and a conversion value is that the former is a percentage while the latter is a monetary value. 

  There can be confusion between the terms conversion rate and conversion value. Since conversions are core metrics in ecommerce, it’s worth taking a minute to clarify. 

  Conversion rates measure the percentage of people who take a desired action on your website compared to the total number of visitors. If you have 100 visitors and one of them converts, then your conversion rate is 1%. 

  Here’s the formula for calculating your conversion rate :

  Conversion Rate (%) = (Number of conversions / Total number of visitors) × 100

  

  Using the example above :

  Conversion Rate = (1 / 100) × 100 = 1%

  Conversion value is a monetary amount you assign to each conversion. In some cases, this is the price of the product a user purchases. In other conversion events, such as signing up for a free trial, you may wish to assign a hypothetical conversion value. 

  To calculate a hypothetical conversion value, let’s consider that you have estimated the average revenue generated from a paying customer is $300. If the conversion rate from free trial to paying customer is 20%, then the hypothetical conversion value for each free trial signup would be $300 multiplied by 20%, which equals $60. This takes into account the number of free trial users who eventually become paying customers.

  So the formula for hypothetical conversion value looks like this :

  

  Hypothetical conversion value = (Average revenue per paying customer) × (Conversion rate)

  Using the values from our example :

  Hypothetical conversion value = $300 × 20% = $60

  The most important ecommerce metrics and how to track them

  There are dozens of ecommerce metrics you could track, but here are seven of the most important. 

  Conversion rate

  Conversion rate is the percentage of visitors who take a desired action. It is arguably one of the most important ecommerce metrics and a great top-level indicator of the success of your marketing efforts. 

  You can measure the conversion rate of anything, including newsletter signups, ebook downloads, and product purchases, using the following formula :

  

  Conversion rate = (Number of people who took action / Total number of visitors) × 100

  You usually won’t have to manually calculate your conversion rate, though. Almost every web analytics or ad platform will track the conversion rate automatically.

  Matomo, for instance, automatically tracks any conversion you set in the Goals report.

  

  As you can see in the screenshot, your site’s conversions are plotted over a period of time and the conversion rate is tracked below the graph. You can change the time period to see how your conversion rate fluctuates.

  If you want to go even further, track your new visitor conversion rate to see how engaging your site is to first-time visitors. 

  Try Matomo for Free

  Get the web insights you need, without compromising data accuracy.

  Start for free

  No credit card required

  Cost per acquisition

  Cost per acquisition (CPA) is the average cost of acquiring a new user. You can calculate your overall CPA or you can break CPA down by email campaign, traffic source, or any other criteria. 

  Calculate CPA by dividing your total marketing cost by the number of new users you acquire.

  

  CPA = Total marketing cost​ / Number of new users acquired 

  So if your Google Ads campaign costs €1,000 and you acquire 100 new users, your CPA is €10 (1000/100=10).

  It’s important to note that CPA is not the same as customer acquisition cost. Customer acquisition cost considers the number of paying customers. CPA looks at the number of users taking a certain action, like subscribing to a newsletter, making a purchase, or signing up for a free trial.

  Cost per acquisition is a direct measure of your marketing efforts’ effectiveness, especially when comparing CPA to average customer spend and return on ad spend. 

  If your CPA is higher than the average customer spend, your marketing campaign is profitable. If not, then you can look at ways to either increase customer spend or decrease your cost per acquisition.

  Customer lifetime value

  Customer lifetime value (CLV) is the average amount of money a customer will spend with your ecommerce brand over their lifetime. 

  Customer value is the total worth of a customer to your brand based on their purchasing behaviour. To calculate it, multiply the average purchase value by the average number of purchases. For instance, if the average purchase value is €50 and customers make 5 purchases on average, the customer value would be €250.

  Use this formula to calculate customer value :

  

  Customer value = Average purchase value × Average number of purchases

  Then you can calculate customer lifetime value using the following formula :

  

  CLV = Customer value × Average customer lifespan

  In another example, let’s say you have a software company and customers pay you €500 per year for an annual subscription. If the average customer lifespan is 5 years, then the Customer Lifetime Value (CLV) would be €2,500.

  Customer lifetime value = €500 × 5 = €2,500

  Knowing how much potential customers are likely to spend helps you set accurate marketing budgets and optimise the price of your products. 

  Return on investment

  Return on investment (ROI) is the amount of revenue your marketing efforts generate compared to total spend. 

  It’s usually calculated as a percentage using the following formula :

  

  ROI = (Revenue / Total spend) × 100

  If you spend €1,000 on a paid ad campaign and your efforts bring in €5,000, then your ROI is 500% (5,000/1,000 × 100).

  With a web analytics tool like Matomo, you can quickly see the revenue generated from each traffic source and you can drill down further to compare different social media channels, search engines, referral websites and campaigns to get more granular view. 

  

  In the example above in Matomo’s Marketing Attribution feature, we can see that social networks are generating the highest amount of revenue in the year. To calculate ROI, we would need to compare the amount of investment to each channel. 

  Let’s say we invested $1,000 per year in search engine optimisation and content marketing, the return on investment (ROI) stands at approximately 2576%, based on a revenue of $26,763.48 per year. 

  Conversely, for organic social media campaigns, where $5,000 was invested and revenue amounted to $71,180.22 per year, the ROI is approximately 1323%. 

  Despite differences in revenue generation, both channels exhibit significant returns on investment, with SEO and content marketing demonstrating a much higher ROI compared to organic social media campaigns. 

  With that in mind, we might want to consider shifting our marketing budget to focus more on search engine optimisation and content marketing as it’s a greater return on investment.

  Try Matomo for Free

  Get the web insights you need, without compromising data accuracy.

  Start for free

  No credit card required

  Return on ad spend

  Return on ad spend (ROAS) is similar to return on investment, but it measures the profitability of a specific ad or campaign.

  Calculate ROAS using the following formula :

  

  ROAS = Revenue / Ad cost 

  A positive ROAS means you are making money. If you generate €3 for every €1 you spend on advertising, for example, there’s no reason to turn off that campaign. If you only make €1 for every €2 you spend, however, then you need to shut down the campaign or optimise it. 

  Bounce rate

  Bounce rate is the percentage of visitors who leave your site without taking another action. Calculate it using the following formula :

  

  Bounce rate = (Number of visitors who bounce / Total number of visitors) × 100

  Some portion of users will always leave your site immediately, but you should aim to make your bounce rate as low as possible. After all, every customer that bounces is a missed opportunity that you may never get again. 

  You can check the bounce rate for each one of your site’s pages using Matomo’s page analytics report. Web analytics tools like Google Analytics can track bounce rates for online stores also. 

  

  Bounce rate is calculated automatically. You can sort the list of pages by bounce rate allowing you to prioritise your optimisation efforts. 

  Don’t stop there, though. Explore bounce rate further by comparing your mobile bounce rate vs. desktop bounce rate by segmenting your traffic. This will highlight whether your mobile site needs improving. 

  Try Matomo for Free

  Get the web insights you need, without compromising data accuracy.

  Start for free

  No credit card required

  Click-through rate

  Your clickthrough rate (CTR) tells you the number of people who click on your ads as a percentage of total impressions. You can calculate it by dividing the number of clicks your ad gets by the total number of times people see it. 

  So the formula looks like this :

  

  CTR (%) = (Number of clicks / Total impressions​) × 100

  If an ad gets 1,000 impressions and 10 people click on it, then the CTR will be 10/1,000 × 100 = 1%

  You don’t usually need to calculate your clickthrough rate manually, however. Most ad platforms like Google Ads will automatically calculate CTR.

  What is considered a good ecommerce sales conversion rate ?

  This question is so broad it’s almost impossible to answer. The thing is, sales conversion rates vary massively depending on the conversion event and the industry. A good conversion rate in one industry might be terrible in another. 

  That being said, research shows that the average website conversion rate across all industries is 2.35%. Of course, some websites convert much better than this. The same study found that the top 25% of websites across all industries have a conversion rate of 5.31% or higher. 

  How can you improve your conversion rate ?

  Ecommerce metrics don’t just let you track your campaign’s ROI, they help you identify ways to improve your campaign. 

  Use these five tips to start improving your marketing campaign’s conversion rates today :

  Run A/B tests

  The most effective way to improve almost all of the ecommerce metrics you track is to test, test, and test again.

  A/B testing or multivariate testing compares two different versions of the same content, such as a landing page or blog post. Seeing which version performs better can help you squeeze as many conversions as possible from your website and ad campaigns. But only if you test as many things as possible. This should include :

  • Ad placement
  • Ad copy
  • CTAs
  • Headlines
  • Straplines
  • Colours
  • Design

  To create and analyse tests and their results effectively, you’ll need either an A/B testing platform or a web analytics solution like Matomo, which offers one out of the box.

  

  Matomo’s A/B Testing feature makes it easy to create and track tests over time, breaking down each test’s variations by the metrics that matter. It automatically calculates statistical significance, too, meaning you can be sure you’re making a change for the better. 

  Try Matomo for Free

  Get the web insights you need, without compromising data accuracy.

• Clickstream Data : Definition, Use Cases, and More

  15 avril 2024, par Erin

  Gaining a deeper understanding of user behaviour — customers’ different paths, digital footprints, and engagement patterns — is crucial for providing a personalised experience and making informed marketing decisions. 

  In that sense, clickstream data, or a comprehensive record of a user’s online activities, is one of the most valuable sources of actionable insights into users’ behavioural patterns. 

  This article will cover everything marketing teams need to know about clickstream data, from the basic definition and examples to benefits, use cases, and best practices. 

  What is clickstream data ? 

  As a form of web analytics, clickstream data focuses on tracking and analysing a user’s online activity. These digital breadcrumbs offer insights into the websites the user has visited, the pages they viewed, how much time they spent on a page, and where they went next.

  

  Your clickstream pipeline can be viewed as a “roadmap” that can help you recognise consistent patterns in how users navigate your website. 

  With that said, you won’t be able to learn much by analysing clickstream data collected from one user’s session. However, a proper analysis of large clickstream datasets can provide a wealth of information about consumers’ online behaviours and trends — which marketing teams can use to make informed decisions and optimise their digital marketing strategy. 

  Clickstream data collection can serve numerous purposes, but the main goal remains the same — gaining valuable insights into visitors’ behaviours and online activities to deliver a better user experience and improve conversion likelihood. 

  Depending on the specific events you’re tracking, clickstream data can reveal the following : 

  • How visitors reach your website 
  • The terms they type into the search engine
  • The first page they land on
  • The most popular pages and sections of your website
  • The amount of time they spend on a page 
  • Which elements of the page they interact with, and in what sequence
  • The click path they take 
  • When they convert, cancel, or abandon their cart
  • Where the user goes once they leave your website

  As you can tell, once you start collecting this type of data, you’ll learn quite a bit about the user’s online journey and the different ways they engage with your website — all without including any personal details about your visitors.

  Types of clickstream data 

  While all clickstream data keeps a record of the interactions that occur while the user is navigating a website or a mobile application — or any other digital platform — it can be divided into two types : 

  • Aggregated (web traffic) data provides comprehensive insights into the total number of visits and user interactions on a digital platform — such as your website — within a given timeframe 
  • Unaggregated data is broken up into smaller segments, focusing on an individual user’s online behaviour and website interactions 

  One thing to remember is that to gain valuable insights into user behaviour and uncover sequential patterns, you need a powerful tool and access to full clickstream datasets. Matomo’s Event Tracking can provide a comprehensive view of user interactions on your website or mobile app — everything from clicking a button and completing a form to adding (or removing) products from their cart. 

  On that note, based on the specific events you’re tracking when a user visits your website, clickstream data can include : 

  • Web navigation data : referring URL, visited pages, click path, and exit page
  • User interaction data : mouse movements, click rate, scroll depth, and button clicks
  • Conversion data : form submissions, sign-ups, and transactions 
  • Temporal data : page load time, timestamps, and the date and time of day of the user’s last login 
  • Session data : duration, start, and end times and number of pages viewed per session
  • Error data : 404 errors and network or server response issues 

  Try Matomo for Free

  Get the web insights you need, without compromising data accuracy.

  Start for free

  No credit card required

  Clickstream data benefits and use cases 

  Given the actionable insights that clickstream data collection provides, it can serve a wide range of use cases — from identifying behavioural patterns and trends and examining competitors’ performance to helping marketing teams map out customer journeys and improve ROI.

  

  According to the global Clickstream Analytics Market Report 2024, some key applications of clickstream analytics include click-path optimisation, website and app optimisation, customer analysis, basket analysis, personalisation, and traffic analysis. 

  

  The behavioural patterns and user preferences revealed by clickstream analytics data can have many applications — we’ve outlined the prominent use cases below. 

  Customer journey mapping 

  Clickstream data allows you to analyse the e-commerce customer’s online journey and provides insights into how they navigate your website. With such a comprehensive view of their click path, it becomes easier to understand user behaviour at each stage — from initial awareness to conversion — identify the most effective touchpoints and fine-tune that journey to improve their conversion likelihood. 

  Identifying customer trends 

  Clickstream data analytics can also help you identify trends and behavioural patterns — the most common sequences and similarities in how users reached your website and interacted with it — especially when you can access data from many website visitors. 

  Think about it — there are many ways in which you can use these insights into the sequence of clicks and interactions and recurring patterns to your team’s advantage. 

  Here’s an example : 

  It can reveal that some pieces of content and CTAs are performing well in encouraging visitors to take action — which shows how you should optimise other pages and what you should strive to create in the future, too. 

  Preventing site abandonment 

  Cart abandonment remains a serious issue for online retailers : 

  According to a recent report, the global cart abandonment rate in the fourth quarter of 2023 was at 83%. 

  That means that roughly eight out of ten e-commerce customers will abandon their shopping carts — most commonly due to additional costs, slow website loading times and the requirement to create an account before purchasing. 

  In addition to cart abandonment predictions, clickstream data analytics can reveal the pages where most visitors tend to leave your website. These drop-off points are clear indicators that something’s not working as it should — and once you can pinpoint them, you’ll be able to address the issue and increase conversion likelihood.

  Improving marketing campaign ROI 

  As previously mentioned, clickstream data analysis provides insights into the customer journey. Still, you may not realise that you can also use this data to keep track of your marketing effectiveness. 

  Global digital ad spending continues to grow — and is expected to reach $836 billion by 2026. It’s easy to see why relying on accurate data is crucial when deciding which marketing channels to invest in. 

  You want to ensure you’re allocating your digital marketing and advertising budget to the channels — be it SEO, pay-per-click (PPC) ads, or social media campaigns — that impact driving conversions. 

  When you combine clickstream e-commerce data with conversion rates, you’ll find the latter in Matomo’s goal reports and have a solid, data-driven foundation for making better marketing decisions.

  Try Matomo for Free

  Get the web insights you need, without compromising data accuracy.

  Start for free

  No credit card required

  Delivering a better user experience (UX) 

  Clickstream data analysis allows you to identify specific “pain points” — areas of the website that are difficult to use and may cause customer frustration. 

  It’s clear how this would be beneficial to your business : 

  Once you’ve identified these pain points, you can make the necessary changes to your website’s layout and address any technical issues that users might face, improving usability and delivering a smoother experience to potential customers. 

  Collecting clickstream data : Tools and legal implications 

  Your team will need a powerful tool capable of handling clickstream analytics to reap the benefits we’ve discussed previously. But at the same time, you need to respect users’ online privacy throughout clickstream data collection.

  

  Generally speaking, there are two ways to collect data about users’ online activity — web analytics tools and server log files.

  Web analytics tools are the more commonly used solution. Specifically designed to collect and analyse website data, these tools rely on JavaScript tags that run in the browser, providing actionable insights about user behaviour. Server log files can be a gold mine of data, too — but that data is raw and unfiltered, making it much more challenging to interpret and analyse. 

  That brings us to one of the major clickstream challenges to keep in mind as you move forward — compliance.

  While Google remains a dominant player in the web analytics market, there’s one area where Matomo has a significant advantage — user privacy. 

  Matomo operates according to privacy laws — including the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA), making it an ethical alternative to Google Analytics. 

  It should go without saying, but compliance with data privacy laws — the most talked-about one being the GDPR framework introduced by the EU — isn’t something you can afford to overlook. 

  The GDPR was first implemented in the EU in 2018. Since then, several fines have been issued for non-compliance — including the record fine of €1.2 billion that Meta Platforms, Inc. received in 2023 for transferring personal data of EU-based users to the US.

  Clickstream analytics data best practices 

  

  As valuable as it might be, processing large amounts of clickstream analytics data can be a complex — and, at times, overwhelming — process. 

  Here are some best practices to keep in mind when it comes to clickstream analysis : 

  Define your goals 

  It’s essential to take the time to define your goals and objectives. 

  Once you have a clear idea of what you want to learn from a given clickstream dataset and the outcomes you hope to see, it’ll be easier to narrow down your scope — rather than trying to tackle everything at once — before moving further down the clickstream pipeline. 

  Here are a few examples of goals and objectives you can set for clickstream analysis : 

  • Understanding and predicting users’ behavioural patterns 
  • Optimising marketing campaigns and ROI 
  • Attributing conversions to specific marketing touchpoints and channels

  Analyse your data 

  Collecting clickstream analytics data is only part of the equation ; what you do with raw data and how you analyse it matters. You can have the most comprehensive dataset at your disposal — but it’ll be practically worthless if you don’t have the skill set to analyse and interpret it. 

  In short, this is the stage of your clickstream pipeline where you uncover common sequences and consistent patterns in user behaviour. 

  Clickstream data analytics can extract actionable insights from large datasets using various approaches, models, and techniques. 

  Here are a few examples : 

  • If you’re working with clickstream e-commerce data, you should perform funnel or conversion analyses to track conversion rates as users move through your sales funnel. 
  • If you want to group and analyse users based on shared characteristics, you can use Matomo for cohort analysis. 
  • If your goal is to predict future trends and outcomes — conversion and cart abandonment prediction, for example — based on available data, prioritise predictive analytics.

  Try Matomo for Free

  Get the web insights you need, without compromising data accuracy.

  Start for free

  No credit card required

  Organise and visualise your data

  As you reach the end of your clickstream pipeline, you need to start thinking about how you will present and communicate your data. And what better way to do that than to transform that data into easy-to-understand visualisations ? 

  Here are a few examples of easily digestible formats that facilitate quick decision-making : 

  • User journey maps, which illustrate the exact sequence of interactions and user flow through your website 
  • Heatmaps, which serve as graphical — and typically colour-coded — representations of a website visitor’s activity 
  • Funnel analysis, which are broader at the top but get increasingly narrower towards the bottom as users flow through and drop off at different stages of the pipeline 

  Collect clickstream data with Matomo 

  Clickstream data is hard to beat when tracking the website visitor’s journey — from first to last interaction — and understanding user behaviour. By providing real-time insights, your clickstream pipeline can help you see the big picture, stay ahead of the curve and make informed decisions about your marketing efforts. 

  Matomo accurate data and compliance with GDPR and other data privacy regulations — it’s an all-in-one, ethical platform that can meet all your web analytics needs. That’s why over 1 million websites use Matomo for their web analytics.

  Try Matomo free for 21 days. No credit card required.

  Try Matomo for Free

  21 day free trial. No credit card required.

  
  

  Your email address
  

  Your website address
  

  Your Analytics subdomain will be .matomo.cloud (change)

  Choose your analytics subdomain
  

  .matomo.cloud

  I accept the terms and conditions and data processing agreement (DPA)

  
  Your information will be used to create an account on our cloud service. For more information please consult our privacy policy.
  
  
  

  Start improving your websites now

  

• A Guide to GDPR Sensitive Personal Data

  13 mai 2024, par Erin

  The General Data Protection Regulation (GDPR) is one of the world’s most stringent data protection laws. It provides a legal framework for collection and processing of the personal data of EU individuals.

  The GDPR distinguishes between “special categories of personal data” (also referred to as “sensitive”) and other personal data and imposes stricter requirements on collection and processing of sensitive data. Understanding these differences will help your company comply with the requirements and avoid heavy penalties.

  In this article, we’ll explain what personal data is considered “sensitive” according to the GDPR. We’ll also examine how a web analytics solution like Matomo can help you maintain compliance.

  What is sensitive personal data ?

  The following categories of data are treated as sensitive :

  1. 1. Personal data revealing :
        • Racial or ethnic origin ;
        • Political opinions ;
        • Religious or philosophical beliefs ;
        • Trade union membership ;
     2. Genetic and biometric data ;
     3. Data concerning a person’s :
        • Health ; or
        • Sex life or sexual orientation.

  

  Sensitive vs. non-sensitive personal data : What’s the difference ?

  While both categories include information about an individual, sensitive data is seen as more private, or requiring a greater protection. 

  Sensitive data often carries a higher degree of risk and harm to the data subject, if the data is exposed. For example, a data breach exposing health records could lead to discrimination for the individuals involved. An insurance company could use the information to increase premiums or deny coverage. 

  In contrast, personal data like name or gender is considered less sensitive because it doesn’t carry the same degree of harm as sensitive data. 

  Unauthorised access to someone’s name alone is less likely to harm them or infringe on their fundamental rights and freedoms than an unauthorised access to their health records or biometric data. Note that financial information (e.g. credit card details) does not fall into the special categories of data.

  

  Legality of processing

  Under the GDPR, both sensitive and nonsensitive personal data are protected. However, the rules and conditions for processing sensitive data are more stringent.

  Article 6 deals with processing of non-sensitive data and it states that processing is lawful if one of the six lawful bases for processing applies. 

  In contrast, Art. 9 of the GDPR states that processing of sensitive data is prohibited as a rule, but provides ten exceptions. 

  It is important to note that the lawful bases in Art. 6 are not the same as exceptions in Art. 9. For example, while performance of a contract or legitimate interest of the controller are a lawful basis for processing non-sensitive personal data, they are not included as an exception in Art. 9. What follows is that controllers are not permitted to process sensitive data on the basis of contract or legitimate interest. 

  The exceptions where processing of sensitive personal data is permitted (subject to additional requirements) are : 

  • Explicit consent : The individual has given explicit consent to processing their sensitive personal data for specified purpose(s), except where an EU member state prohibits such consent. See below for more information about explicit consent. 
  • Employment, social security or social protection : Processing sensitive data is necessary to perform tasks under employment, social security or social protection law.
  • Vital interests : Processing sensitive data is necessary to protect the interests of a data subject or if the individual is physically or legally incapable of consenting. 
  • Non-for-profit bodies : Foundations, associations or nonprofits with a political, philosophical, religious or trade union aim may process the sensitive data of their members or those they are in regular contact with, in connection with their purposes (and no disclosure of the data is permitted outside the organisation, without the data subject’s consent).
  • Made public : In some cases, it may be permissible to process the sensitive data of a data subject if the individual has already made it public and accessible. 
  • Legal claims : Processing sensitive data is necessary to establish, exercise or defend legal claims, including legal or in court proceedings.
  • Public interest : Processing is necessary for reasons of substantial public interest, like preventing unlawful acts or protecting the public.
  • Health or social care : Processing special category data is necessary for : preventative or occupational medicine, providing health and social care, medical diagnosis or managing healthcare systems.
  • Public health : It is permissible to process sensitive data for public health reasons, like protecting against cross-border threats to health or ensuring the safety of medicinal products or medical devices. 
  • Archiving, research and statistics : You may process sensitive data if it’s done for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes.

  In addition, you must adhere to all data handling requirements set by the GDPR.

  Important : Note that for any data sent that you are processing, you always need to identify a lawful basis under Art. 6. In addition, if the data sent contains sensitive data, you must comply with Art. 9.

  Explicit consent

  While consent is a valid lawful basis for processing non-sensitive personal data, controllers are permitted to process sensitive data only with an “explicit consent” of the data subject.

  The GDPR does not define “explicit” consent, but it is accepted that it must meet all Art. 7 conditions for consent, at a higher threshold. To be “explicit” a consent requires a clear statement (oral or written) of the data subject. Consent inferred from the data subject’s actions does not meet the threshold. 

  The controller must retain records of the explicit consent and provide appropriate consent withdrawal method to allow the data subject to exercise their rights.

  Examples of compliant and non-compliant sensitive data processing

  Here are examples of when you can and can’t process sensitive data :

  • When you can process sensitive data : A doctor logs sensitive data about a patient, including their name, symptoms and medicine prescribed. The hospital can process this data to provide appropriate medical care to their patients. An IoT device and software manufacturer processes their customers’ health data based on explicit consent of each customer. 
  • When you can’t process sensitive data : One example is when you don’t have explicit consent from a data subject. Another is when there’s no lawful basis for processing it or you are collecting personal data you simply do not need. For example, you don’t need your customer’s ethnic origin to fulfil an online order.

  Other implications of processing sensitive data

  If you process sensitive data, especially on a large scale, GDPR imposes additional requirements, such as having Data Privacy Impact Assessments, appointing Data Protection Officers and EU Representatives, if you are a controller based outside the EU.

  Penalties for GDPR non-compliance

  Mishandling sensitive data (or processing it when you’re not allowed to) can result in huge penalties. There are two tiers of GDPR fines :

  • €10 million or 2% of a company’s annual revenue for less severe infringements
  • €20 million or 4% of a company’s annual revenue for more severe infringements

  In the first half of 2023 alone, fines imposed in the EU due to GDPR violations exceeded €1.6 billion, up from €73 million in 2019.

  Examples of high-profile violations in the last few years include :

  • Amazon : The Luxembourg National Commission fined the retail giant with a massive $887 million fine in 2021 for not processing personal data per the GDPR. 
  • Google : The National Data Protection Commission (CNIL) fined Google €50 million for not getting proper consent to display personalised ads.
  • H&M : The Hamburg Commissioner for Data Protection and Freedom of Information hit the multinational clothing company with a €35.3 million fine in 2020 for unlawfully gathering and storing employees’ data in its service centre.

  One of the criteria that affects the severity of a fine is “data category” — the type of personal data being processed. Companies need to take extra precautions with sensitive data, or they risk receiving more severe penalties.

  What’s more, GDPR violations can negatively affect your brand’s reputation and cause you to lose business opportunities from consumers concerned about your data practices. 76% of consumers indicated they wouldn’t buy from companies they don’t trust with their personal data.

  Organisations should lay out their data practices in simple terms and make this information easily accessible so customers know how their data is being handled.

  Get started with GDPR-compliant web analytics

  The GDPR offers a framework for securing and protecting personal data. But it also distinguishes between sensitive and non-sensitive data. Understanding these differences and applying the lawful basis for processing this data type will help ensure compliance.

  Looking for a GDPR-compliant web analytics solution ?

  At Matomo, we take data privacy seriously. 

  Our platform ensures 100% data ownership, putting you in complete control of your data. Unlike other web analytics solutions, your data remains solely yours and isn’t sold or auctioned off to advertisers. 

  Additionally, with Matomo, you can be confident in the accuracy of the insights you receive, as we provide reliable, unsampled data.

  Matomo also fully complies with GDPR and other data privacy laws like CCPA, LGPD and more.

  Start your 21-day free trial today ; no credit card required. 

  Disclaimer

  We are not lawyers and don’t claim to be. The information provided here is to help give an introduction to GDPR. We encourage every business and website to take data privacy seriously and discuss these issues with your lawyer if you have any concerns.

  Try Matomo for Free

  21 day free trial. No credit card required.

  
  

  Your email address
  

  Your website address
  

  Your Analytics subdomain will be .matomo.cloud (change)

  Choose your analytics subdomain
  

  .matomo.cloud

  I accept the terms and conditions and data processing agreement (DPA)

  
  Your information will be used to create an account on our cloud service. For more information please consult our privacy policy.
  
  
  

  Start improving your websites now