This is how you can protect the user's rights with Matomo
Matomo is a free web analytics software platform that gives you detailed reports and information about your website and its visitors. You can adapt and optimize your website to your visitors through the languages used, downloads and keywords searched for. With a script at the end of your website, Matomo records the activities and evaluates them accordingly. You can also easily check other websites with Matomo to quickly find out the advantages and implementation of data protection by the competition. In this article you will find out how Matomo helps you evaluate user data in compliance with the GDPR.
What is the GDPR?
GDPR is the abbreviation for General Data Protection Regulation. This ensures uniform regulations and strengthening in the area of data processing and storage. For companies and website operators, this means a higher documentation requirement. In order for you to be able to process and use data, you must meet certain requirements. You must be able to prove to the supervisory authorities that you are authorized to collect data at any time.
The General Data Protection Regulation has been officially applied since May 25, 2018. If you as a website operator do not comply with this regulation, you can expect high penalties, including the forced closure of your company.
How do you implement the GDPR with Matomo?
If you and your company do not collect personal data about your users, you will probably not be affected by the new regulations. However, if you do not want to anonymize this information, you must respect user rights, document the data and comply with security measures. To comply with the regulation, you must grant your users the following rights.
a) Right to information
When processing personal data, you are obliged to inform users through a clear data protection declaration. The reasons for the personal data processing, as well as the period of time, must be shown. Information about other parties with whom you share the data must also be included.
b) Right of access
If a user requests access to their personal information, you must verify their identity. You can do this, for example, by comparing his email address with the registered address. However, if you have already anonymized the data, you do not have to comply with these requests.
Using appropriate Matomo GDPR tools, you have the opportunity to have all information about a person provided and searched. Through a final verification you can export the data and forward it to your customer via email.
c) Right to deletion
Users can also request that their data or their entire profile be deleted. To do this, you need to search for their data in the GDPR tools using the user's ID and then delete the selected areas. Then inform the person concerned and confirm the deletion process.
d) Right to rectification
If you are asked to edit user data, it is better to delete the user account, as this will save you a lot of effort. You can only make direct changes in the Matomo database, which is usually too incomprehensible for normal users.
e) Right to data portability
The GDPR gives the user the right to request a copy of the data they have collected. After identity verification, you can find the person in the GDPR tools by entering the ID. The selected areas can also be exported and thus forwarded to the user.
f) Right to object
After lawful data processing, the user has the right to object to the processing. An integrated deactivation function allows you to set this up without much effort. With Matomo you can easily integrate this function into your own website by making a small change to the HTML code.
g) Right of withdrawal after consent
Even if the user has consented to the use of the data, you must subsequently give them the opportunity to revoke this consent. You can also easily integrate this option into your website using a corresponding function.
This way you ensure privacy and have less work
If you anonymize your users' IPs directly, they have fewer opportunities to make direct demands on you. In this case, it is no longer personal data because you cannot draw any conclusions about the exact user. Additionally, it is protected by an IP address, which keeps the data safe and ensures privacy.
By deleting the old visitor logs, you not only improve data protection on your website, but also free up space in the database. After six months at the latest, you should delete the Matomo logs to free up memory. However, if users still have questions about the data collected in the meantime, they should still be available.
By using appropriate functions to deactivate data processing, you give users on your website the opportunity to decide for themselves about their data. This means you hand over some of the responsibility and save yourself the work of many questions and requests to delete data.
Although you can also collect additional user data from other websites through tracking, this is generally not recommended. By collecting this data, the privacy of users may no longer be guaranteed. In this case, too, an integrated button to easily deactivate this function on your website helps.
By creating a privacy policy entry on your website, you give users the opportunity to inform themselves in advance. Taking the GDPR into account, this information is now mandatory if you want to process data.
Open source or closed source – what are the respective dependencies?
Open source:
- For open source programs, the source code is visible and freely accessible. With a little prior knowledge, you can edit the program files yourself and adapt them to your needs.
- However, since you do not own the program, you may not distribute the edited version.
Closed sources:
- It is also known as closed source because it makes software unreadable from the outside by translating it into machine language.
- Closed source means you cannot edit the data of a program, so the user is dependent on the associated company.
Using closed source makes it more difficult for third parties to access data and settings, but it also makes it impossible for users to access their own data. It is therefore not possible to change the program independently.
Programs with open source are much more user-friendly and have the opportunity to be edited and improved by the user due to the open source. This puts greater pressure on the respective company to optimize the program itself.
Although both variants protect the data, they have often been hacked in the past. This happened regardless of closed or open source interpretation and shows that user data is never completely secure.
By providing user information on your website, you undertake to handle this data carefully and maintain privacy.
Matomo offers the opportunity to design your website as successfully as possible while complying with general data protection regulations. You can also protect the privacy of users as best as possible by simply anonymizing the data right from the start.
Reviewing the competition will also provide you with useful feedback to optimize your website and make it more user-friendly. The product is supported by numerous sponsors and is therefore free for you as a user.