The Challenge
A European government agency serving millions of citizens through their digital services faced a critical compliance issue: their use of Google Analytics meant citizen data was being transferred to US servers, violating GDPR requirements following the Schrems II ruling.
The agency needed a privacy-compliant analytics solution that would give them complete control over citizen data while maintaining the analytical capabilities their teams relied on for service improvement.
Key Requirements
- Full data sovereignty: All data must remain within EU borders and under agency control
- GDPR compliance: No consent banners required for basic analytics
- No third-party access: Zero data sharing with external companies
- Feature parity: Must maintain current reporting capabilities
- Government security standards: Deployment on approved government infrastructure
The Solution
We implemented a self-hosted Matomo instance on the agency's own government-approved datacenter infrastructure, ensuring complete data sovereignty and GDPR compliance by design.
Architecture Overview
- Self-hosted Matomo: Deployed on government datacenter with high availability
- Cookie-less tracking: Configured for GDPR-compliant tracking without consent requirements
- Data anonymization: IP anonymization and configurable data retention policies
- Internal MySQL cluster: All data stored on government-controlled database servers
Implementation Process
Week 1: Infrastructure Setup
We deployed Matomo on the agency's Kubernetes cluster within their government datacenter. This included setting up a dedicated MySQL cluster, Redis caching, and proper backup procedures that met government security requirements.
Week 2: Configuration and Privacy Settings
We configured Matomo for maximum privacy compliance: IP anonymization (last 2 bytes), cookie-less tracking using fingerprint-free methods, automatic data deletion after 26 months, and GDPR-compliant consent integration for optional enhanced tracking.
Week 3: Migration and Tracking Setup
We migrated tracking from Google Analytics to Matomo across 15 public-facing websites and 3 citizen service portals. Historical data was not migrated (by design—starting fresh with privacy-compliant data).
Week 4: Dashboards and Training
We built custom dashboards for service performance monitoring, trained the digital team on Matomo's interface, and documented all privacy configurations for audit purposes.
Results
The agency now operates a fully compliant analytics infrastructure:
- 100% data sovereignty: All citizen data remains on government servers within EU
- Zero third-party data sharing: No external companies have access to any analytics data
- GDPR compliance without consent banners: Cookie-less tracking requires no user consent for basic analytics
- Audit-ready documentation: Complete paper trail for data protection authority reviews
- Maintained analytical capabilities: Full visibility into service usage, user journeys, and conversion funnels
Privacy Configuration Details
- IP addresses anonymized (2 bytes masked)
- User ID tracking disabled
- Fingerprinting disabled—using session-based tracking only
- Do Not Track browser setting honored
- Data retention: 26 months, then automatic deletion
- No data shared with any third parties or Matomo cloud services
"We can now demonstrate to citizens and data protection authorities that their data never leaves our control. Matomo gives us the insights we need to improve services while respecting privacy by design."