Digital Analytics in transition: Privacy, tooling and future trends

In today’s digital analytics landscape, analysts are navigating a dynamic and challenging terrain. Despite these formidable challenges, the role of analysts has never been more critical. We must rise to the occasion, providing strategic recommendations to our businesses and executing these recommendations with precision. In this interview with Marie Fenner and Louis-Marie Guérif (Piano), we delve into the crucial developments shaping the digital analytics field and explore the steps necessary to ensure data privacy assurance, common errors to avoid, and the future direction of analytics tools.

Marie Fenner is the Global SVP for Analytics, and Louis-Marie Guérif is the Group DPO & Sustainability Manager at Piano (the sponsor of the 2023 DDMA Digital Analytics Summit on October 12th).

There is a lot happening within the digital analytics field. What are some significant developments that are currently playing a pivotal role in shaping this field?

‘Never have we faced such turbulence in the analytics market as we do now with the triple whammy effect – strict data privacy enforcement, sunset of Universal Analytics and sunset of third-party cookies. We, as analysts, must find a way of protecting our brands from any enforcement action and financial fines, embark on a major migration to GA4 or alternative tools and find reliable ways to attribute the success of our marketing campaigns.

Also, there’s a lot happening at NOYB. They have started making official complaints about the companies who are not following the GDPR guidelines on their mobile apps tracking. Although the new framework to transfer data between the EU and the US has been announced, there is a great deal of uncertainty as NOYB plans their legal action against this new framework (expect Schrems III!).

Finally, despite ‘crying wolf twice’, Google will deprecate third-party cookies next year.

Daunting though it may sound, analysts’ position should be elevated to take on these challenges, make the right recommendations to the business, and execute these recommendations.’

When examining data privacy, what steps must we take to ensure its assurance? Which factors come into play, and over which ones we’re able to exert influence?

‘When considering data privacy, it’s essential to take specific steps to ensure its assurance. Several factors come into play, and we have the ability to influence some of them.

To begin with, I think we should be focusing more on Privacy by Design principles. Data protection is fundamentally a risk-based approach. It’s good that companies are increasingly conducting Data Protection Assessments or Audits to evaluate the reliability of the chosen Analytics solutions in relation to their risk acceptance criteria.

Transparency is another key aspect. Being forthright about how data will be used, where it will be stored, and how end-users’ rights will be upheld is very important. Additionally, committing to a well-defined and purpose-limited Data Processing Agreement is a key step in ensuring data privacy.

In summary, safeguarding data privacy involves a multifaceted approach that includes risk assessment, transparent practices, and clear contractual commitments. It’s imperative for organizations to proactively address these aspects to protect sensitive information and build trust with their stakeholders.’

What are the common errors made when striving to prioritize privacy? Is there something that everyone should refrain from doing immediately?

‘When it comes to prioritizing privacy, it’s crucial to be aware of some common misconceptions and pitfalls that organizations often encounter. Avoiding these errors is essential for ensuring that your privacy efforts are effective and compliant with regulations. Some key points to keep in mind:

  1. Misunderstanding PII vs. Personal Data: One common mistake is assuming that Personally Identifiable Information (PII) is equivalent to the definition of Personal Data within the GDPR. While there is overlap, PII and GDPR-defined Personal Data may not always align perfectly. It’s important to understand the nuanced differences to ensure accurate compliance.
  2. Confusing pseudonymization with anonymization: pseudonymization is not the same as anonymization. Pseudonymization involves replacing or masking identifying information but still allows for potential re-identification in some cases. Anonymization, on the other hand, makes it practically impossible to identify individuals from the data. Recognizing this distinction is vital for safeguarding privacy effectively.
  3. Not Relying Solely on the DPF List: It isn’t guaranteed that a provider in the Data Processing Framework (DPF) always complies with international data transfer requirements under the GDPR. It’s important to remember that there are countries outside the EU (apart from the USA), and that data transfer compliance involves more than just the provider’s location. Always conduct a thorough assessment to ensure compliance.

Also, just because a provider is listed in the DPF list doesn’t automatically make them GDPR compliant. Data transfer is just one aspect of GDPR compliance. You must consider various other factors, including data processing, security measures, and consent management, to ensure comprehensive compliance.’

Concerning performance, what are the current limitations of analytics tools, and where do you envision the field heading in the future?

‘Legacy tools ‘trained’ us to live by their rules – flawed data quality, fixed data models, a limited number of dimensions and metrics, biased attribution models, and the chronic lack of direct dialogue between the software vendor and the customers. The move to the ‘event-based model’ is a great idea but not at the expense of visit and user-based analysis.

The sunsetting of Universal Analytics and privacy compliance is triggering new thinking – what if I can start afresh, instead of continuing to patch things up? Many companies have made a brave move to move away from Google Analytics here in Europe and have never looked back. The digital maturity has led many companies to build their own data pipeline and data products to improve their digital efficiencies. But this is not for the faint-hearted and requires a substantial investment both in technical infrastructure and human capital. We expect this trend to continue.

AI will have a fundamental effect on our industry. More and more companies will embed AI in their customer journey, and they will expect the same in analytics tools. It will go beyond machine-learning-based anomaly and prediction and into NLP-based analysis. Watch this space.’

Interview Matteo Zambon (Tag Manager Italia): is sGTM feasible for every organization?

In this exclusive interview, we have the privilege of speaking with a true trailblazer in the realm of digital analytics, Matteo Zambon. A pioneer who has shaped the Italian landscape of Google Tag Manager (GTM) and Google Analytics. He is not your typical academic expert; instead, he embarked on a unique journey of self-discovery and community-driven knowledge sharing, winning important analytics prizes like the Golden Punchard and the Quanties Awards along the way. And… fortunately for us, he will be speaking at the upcoming DDMA Digital Analytics Summit on October 12th.

Come check out Matteo Zambon’s Talk at the DDMA Digital Analytics 2023 on October 21th. Tickets available at:

Can you briefly introduce yourself? Who are you, and what do you do?

I’ve never followed an academic digital analytics path. I preferred to trace my own path from the very beginning, for the sake of community knowledge, the desire for constant improvement and because of my burning passion, in particular, for Google Tag Manager and Google Analytics, and in general for the entire digital analytics world.

As a matter of fact, I’ve been the first expert in Italy to divulge, since 2015, the importance of Google Tag Manager and how to use this tool to improve the business and marketing campaigns’ performances of web marketing professionals and entrepreneurs. Besides that, I’m an official Google Tag Manager Beta Tester and Alpha Tester of Google Analytics 4.

Also, I co-founded and run Tag Manager Italia, one of the top digital analytics agencies in Italy, which is organized in 3 vertical business units – Consulting, Education, and R&D -, along with my “dream team” made up of more than 25 experts and professionals.

SuperWeek, Measurecamp Europe, Measurecamp UK, Measurecamp North America, ADworld Experience, Web Marketing Festival, SMXL (and MeasureSUmmit, of course) are just some the international events where I held workshops and educational speeches.

To what extent is sGTM truly the solution for every organization, especially considering capacity, investments, and feasibility? Is it achievable for everyone?

I believe that sGTM is the most accessible, scalable, and effective solution for any company managing advertising campaigns and having digital business assets (websites, e-commerce, marketplaces, social media, etc.). Of course, provided that the company wishes to implement significantly more profitable and efficient business and marketing strategies through the collection and use of precise and timely data 🙂

Jokes aside, many companies have recognized that sGTM is a system that is hard to match, as it can integrate more quickly, simply, and effectively into any organization (from SMEs to non-profit organizations to multinational corporations) compared to most other suites on the market. In this regard, I would like to emphasize the significant cost-opportunity advantage and simplicity that the GTM ecosystem and especially sGTM put in the hands of digital analysts, marketing managers and advertising specialists.

First and foremost, thanks to the integration with third-party systems for Server-Side system management, the creation of tracking systems implemented via GTM not only becomes much simpler and faster, but the quality and quantity of the collected data skyrockets. Costs are affordable for companies of any size, and tracking is carried out in full compliance with the GDPR regulations in force.

In my opinion, the only differentiating factor in choosing sGTM as a centralized tracking system is whether the company in question intends to fully leverage its digital assets, grow, and optimize its campaigns and marketing activities using data.

Is it technically feasible for anyone to use sGTM tracking systems? To this question, I answer ‘certainly not.’ Undoubtedly, the creation and management of a Server-Side tracking system that is now necessary – compared to the ‘classic’ Client-Side system – require specialized agencies and technical experts with advanced technical skills to manage and optimize Server-Side tracking. In this scenario, dedicated budgets proportional to website traffic and server requests must be provided for Server-Side activities.

As a Google Tag Manager guru, what GTM feature(s) would you like to see in the future? And perhaps more importantly, which feature(s) would you like to see disappear?

I love the GTM Community and I think Template is one of the best features released. Thanks to Templates and the Community Gallery you can create any Tags or Variables you need.

The big problem of this community is that there are no star reviews, description reviews and the number of “downloads”. Sometimes it is difficult to understand what are the right tags or variables because there are two or three types of tags/variables with similar operations.

Another thing is about “Folder”. You cannot use it for different elements or you cannot create a nested folder.

What are the most common mistakes that Digital Analytics professionals make regarding Google Tag Manager? What should they really stop doing?

One of the most common mistakes I see is not having GTM activated if the user does not accept marketing consent. GTM does not create cookies, it is the services activated by GTM that create cookies.

Another mistake is to think that GTM has the sole purpose of installing services (Tags). It’s not simply that. You can use GTM to expand the functionality of certain services, effectively making it a temporary data lake.

You’ve built the Italian community around GTM. Have you encountered anything specific to the Italian market that stood out? What challenges have you faced? Do you have any tips for those looking to implement similar initiatives in other countries?

Unlike what happens abroad, in Italy, the potential of GTM was not initially understood, and it is still not fully comprehended today, which is why we created the community. The biggest challenge has been responding patiently to the questions of some members of the community who would like universally applicable solutions rather than adopting a personalized approach to their specific needs. My advice is to start by helping people who are at the beginning of their journey in digital analytics, trying to understand their perspective and the difficulties they are facing.

Can you provide a sneak peek of what you’ll be discussing at the Summit?

My talk will focus on Real-Time Reports in GA4 and BigQuery. I chose this topic because many of the clients who turn to my agency for GA4 implementation consultations are bewildered by the subject of real-time reports. Real-time data was easily viewable with GA3, but it now requires a detailed implementation process with GA4 and BigQuery. The implementation and analysis of real-time reports are extremely useful and valuable for all businesses that need to monitor daily incoming traffic on their digital assets, like publishing and news websites.

During my talk, I will delve into the details of some real case studies of implementations and the customized technical solutions that my team and I have developed for our clients. I’ll also share the challenges we encountered, how we resolved them during the implementation phase, and the final results we achieved.

Come check out Matteo Zambon’s Talk at the DDMA Digital Analytics 2023 on October 21th. Tickets available at:

Tim Wilson (Analytics Power Hour): ‘We need to get comfortable with the probabilistic nature of analytics’

Tim Wilson is a seasoned analytics consultant with over two decades of experience. Lucky for us, he will be speaking at the DDMA Digital Analytics Summit on October 12th. We got the chance to talk with him beforehand, discussing analytics maturity across industries to questioning the utility of multitouch marketing attribution models. As a self-proclaimed “Analytics Curmudgeon”, he reflects on the evolving landscape of digital analytics, emphasizing the importance of shifting focus from data collection to purposeful data usage to unlock true business value.

Come check out Tim Wilson’s talk at the DDMA Digital Analytics Summit 2023 on October 12th. Tickets available at:

Hi Tim, can you briefly introduce yourself? Who are you, and what do you do?

‘I’m an analyst. I stumbled into the analytics world by way of digital analytics a couple of decades ago, and I’ve been wandering around in a variety of roles in the world of analytics ever since. To be a bit more specific, I’m an analytics consultant who works in the realm of marketing and product analytics—working with organizations primarily on the people and process side of things. Or, to put it a bit more in data terms, I work with companies to help them put their data to productive use, as opposed to working with them on how they are collecting and managing their data.

At the moment, I’m between paid employment, as I left my last role at the beginning of this year to take a few breaths to figure out exactly what I’ll be doing next (as well as to have a few adventures with various of my kids as they fly the coop). So, “what I do” in analytics in the present tense is: co-host and co-produce the bi-weekly Analytics Power Hour podcast, co-run the monthly Columbus Web Analytics Wednesday meetup, speak at various conferences (like Digital Analytics Summit!), develop content for an analytics book I’m working on with a former colleague, and do gratuitous little analyses here and there to keep my R coding skills sharp.’

From your experience, it seems you’ve been a consultant for various industries, including healthcare, pharma, retail, CPG, and financial services. Do you see significant differences in the analytics maturity and strategy of their Digital Analytics activities, for instance looking at their governance?

‘I have to be a little careful about selection bias, as every company I work with is a company that has sought out external analytics support in some form. In theory, very analytically mature organizations—regardless of their industry—have less of a need for outside support.

Having said that, while the business models for different verticals vary, I see a lot of similarities when it comes to their analytics and analytics maturity. Perhaps painting with too broad of a brush, but every organization feels like its data is fragmented and incomplete, that there is more value to be mined from it, and that a deluge of actionable insights will burst forth if they can just get all of the right data pieces in place. Many organizations—again, regardless of their vertical—have a Big Project related to their data tooling or infrastructure under way: implementing a data lake, adding a customer journey analytics tool, rolling out a customer data platform (CDP), migrating to a new BI tool, or even simply shifting to a new digital analytics platform. Often, in my view, these efforts are misguided…but that’s the core of my talk at Summit, and I recognize it is a contrarian position.

I do think it’s worth noting that the nature of the data that organizations in different verticals have can be quite different. For instance, CPG/FMCG companies rarely have access to customer-level data for their customers, since much of the marketing and sales occurs through channels owned and managed by their distribution partners. Retailers often have both online and offline sales channels so, even if they have customer-level data in some form, the nature of that data varies based on the channel (and stitching together a single person’s activity across online and offline at scale is a losing proposition). And, of course, the sensitivity of the data can vary quite a bit as well—even as GDPR and other regulations require all organizations to think about personal data and be very protective of it, the nature of that data is considerably more sensitive in, say, healthcare and financial services, than it is in retail or CPG/FMCG.

I think I’ve given a prototypical consultant answer, no? Basically, “yes, no, and it depends!”’

On LinkedIn, you mention that you help clients choose algorithmic multitouch marketing attribution models. The once-promising idea that these models would be the holy grail of attribution has yet to be fully realized. How do you perceive this, and how do you ensure that these models are truly workable in today’s context?

‘Oh, dear. I have helped clients make those choices, but it’s always been under duress, because multitouch marketing attribution never did and never will actually be what many marketers expect it to be. I’ve delivered entire presentations and even posted a lengthy Twitter/X thread on the topic. Trying to be as succinct as possible, the fundamental misunderstanding is that multitouch attribution is an “assignment of value” exercise, but it gets treated as though it is a tool for “measuring value.” The latter is what marketers (and analysts) expect: how much value did channel X (or sub-channel Y, or campaign Z) deliver? The true answer to this question would be a calculation that takes the total revenue realized (or whatever the business metric of choice is) and then subtract from that the total revenue that was realized in a parallel universe where channel X was not used at all. In fancy-statistics-speak, this is the concept of “counterfactuals.” Obviously, we can’t actually experience multiple universes, but there are techniques that approximate them. Specifically, randomized controlled trials (RCTs, or experiments) and marketing mix modelling (MMM). Multitouch attribution, regardless of its degree of algorithmic-ness, is not particularly good at this. The other nice benefit of RCTs and MMM is that neither one relies on tracking individual users across multiple touchpoints, so a whole pile of privacy considerations—technical and regulatory—are rendered moot!

This doesn’t mean that RCTs and MMM are silver bullets. They’re inherently less granular, and they take time and effort to configure and run. Multitouch attribution has a place: it’s quick, it’s relatively easy, it can be very granular (keyword-, tactic-, or placement-level) and it provides some level of signal as to which activities are garnering a response. It doesn’t show, though, when any given response is cannibalizing a response that would have happened elsewhere in the absence of the tactic (think: branded paid search terms getting clicks that would have come through via organic search, anyway).

What I find exciting is that there is an increasing interest in RCTs, and MMM—which existed long before digital—is making a comeback. At the end of the day, the most mature companies use multiple techniques and use RCTs and MMM to calibrate each other and their multitouch attribution modeling.’

It’s often said that the field of Digital Analytics is rapidly evolving. But is this really the case? We tend to cling to what we’re used to in our field. Can you provide your perspective as an “Analytics Curmudgeon” on this?

‘Let me first don my Curmudgeon Hat and say that, as Stéphane Hamel recently put it, “digital analytics is mostly ‘analytics engineering’ (aka ‘tagging’), and very few real analyses and business outcomes.” The data collection aspects of digital analytics have certainly been rapidly evolving: it wasn’t that long ago that we didn’t have tag managers, cookies have become increasingly unreliable as a means for identifying a single user across sessions (cookies were always a hack on which client-side tracking was built, so we shouldn’t really be surprised), and privacy regulations and browser and operating system changes have added even more challenges to comprehensively tracking users. As a result, there is a lot of handwringing by practitioners about how they’re having to work harder and harder simply to backslide as slowly as possible with the data they’re collecting.

When it comes to how data actually gets used to inform business decisions, there is also a continuing evolution. Ten years ago, very few digital analysts were even thinking about SQL, Python, or R as tools they needed to have in their toolbelt. While there are still (too) many analysts resisting that evolution, I truly believe they are limiting their career growth. Increasingly (and this is not particularly new), organizations are finding they have to work with data across different sources, and that often means some combination of programmatically extracting data through APIs and working with data that is housed in an enterprise-grade database, be it BigQuery, Azure, AWS, or something else. Along with those “broader sets of data” often comes “working with data scientists,” and that opens the door to smarter, better, and deeper thinking about different analytical techniques. My mind was blown—in a positive way—when these types of collaborations introduced me to several concepts and techniques: counterfactuals (which I referenced earlier), time-series decomposition, stationarity, first differences, and Bayesian structural time series. These are enormously useful, and they’re all much, much easier to do when using a programming language like R or Python. Really, this is an “evolution” that is about bringing time-tested techniques from other fields—econometrics, social sciences, and elsewhere—into the world of digital analytics.

And, of course, AI will drive some evolution in the space, too. My sense is that it is both underhyped and overhyped—mishyped, maybe?—but there are more than enough people with Strong Opinions on that subject already, so I’ll leave it at that.

But, yes, I think “rapid evolution” is a fair description of what’s going on in digital analytics. Some of that evolution is for the better, some of it really isn’t!’

What are the trends and developments that digital analytics professionals should really focus on within the field in the upcoming years?

‘There is almost certainly a gap—potentially a massive chasm—between what the industry will focus on and what I think they should focus on. I don’t have enough hubris to declare that I’m absolutely right, but the biggest trend I see being thrust upon the industry is a decline in the availability of person-level data. We’ve already touched on this—”privacy” both from a regulatory perspective and a technological perspective are driving organizations farther and farther away from the nirvana of a “360-degree view of the customer.” That nirvana was never achievable at scale, but organizations are increasingly more aware that that’s the case.

What I’d like the analytics industry to do as a response to this reality is twofold.

First, I’d like for us to stop treating complete, user-level data as an analytical goal in and of itself and, instead, embrace incomplete and aggregated data as being perfectly adequate. This means getting comfortable with the probabilistic nature of analytics—eschewing a search for an “objective truth” and, instead, viewing our role as “reducing uncertainty in the service of making decisions.” This requires a mindset shift on the part of analysts and a mindset shift on the part of our business counterparts. It’s no small feat, but it’s where I hope things go.

Second, I hope we start realizing how easy it is to get caught up in the technical and engineering challenges of collecting and managing data, and that we start actively pushing back against those forces to focus on how we’re helping our business counterparts actually use the data we’re collecting. It’s always easier to gather and integrate more data or push out another dashboard than it is to roll up our sleeves, identify the biggest problems and challenges the business is facing, and then figure out the most effective and efficient ways that we can use data (analytics, experimentation, research) to drive the business forward.

These are, admittedly, pretty lofty aspirations, but it’s where I think we need to go if we don’t want to find ourselves becoming marginalized as simply chart-generating cost centers.’

Can you provide a sneak peek of what you’ll be discussing at the Summit?

‘You kind of teed me up for this with your last question! I’ll be diving into the idea that all data work can be divided into two discrete buckets: data collection and management work, and data usage work. I’ll make the case that, while it is easy to get seduced into thinking that there is inherent business value in data collection, there really isn’t. The collection and management of data only provides the potential for business value. To actually realize business value, we have to do things with the data, and it’s either naive or irresponsible (or both) to expect our business counterparts to shoulder the entire load for that.

I’ll dive into some of the powerful forces that push us (and our business counterparts) to think that there is business value in data collection itself, and then I will (briefly) provide a framework for putting data to meaningful use.’

Come check out Tim Wilson at the DDMA Digital Analytics Summit 2023 on October 12th. Tickets available at:

Server-side tag management at HelloFresh as crucial factor to ensure privacy and compliance

HelloFresh recently made the switch to server-side tagging. It has allowed the meal delivery company to have much more control over tracking on their platform that operates in more than 17 countries, according to Alejandro Zielinsky, Global Digital Tracking/Measurement Lead at Hellofresh. During the DDMA Digital Analytics Summit, Alejandro will talk at length about the technical solution it took to make this turn. In this interview, conducted for the Life After GDPR Podcast, he gives a little sneak peek.

About Alejandro: Alejandro Zielinsky is Global Digital Tracking/Measurement Lead at Hellofresh. He and his team are responsible for collecting data and setting up the technology to give marketing and product analysts within Hellofriesh the tools they need to do their jobs.

Watch/listen to the full podcast below:

Why server-side tagging?

Everyone is talking about server-side tagging these days. At HelloFresh, it forms the solution to increase the quality of the data they collect. Alejandro: “Before the switch, we were looking for a platform that allowed us to measure every hit we got. In total, we record about 3 billion events per month for all brands in all countries. That’s about 1,000 hits per second. Logically, we needed a platform that could handle this, and at the same time connect to APIs to enrich our data internally. That’s why we ended up choosing server-side tagging.’

Another reason for this setup is because HelloFresh wanted to improve browser performance. Alejandro: ‘We were having a lot of problems with marketing tagging in the browser, on the client side. Also, locally, HelloFresh was quite a jungle. In each country we had a different setup to solve the same problem, affecting browser performance. Each country had separate tech managers, with each country having its own container.

Now most of the data collection happens server-side. Whether it’s for Google analytics, for first-party solutions, or for sending data to marketing vendors, like Facebook, TikTok or Snapchat. Everything works with server-side APIs, using the GTM server, Alejandro explains. “With this setup, we can enrich data on-the-fly. We can remove data that we don’t actually need. In a number of countries this is very important, for example in Japan or in the GDPR countries in Europe.’

This and much more will be covered during the Life After GDPR Podcast. Among other things, they will talk about:

  • How HelloFresh finally implemented Server-side Tag Management
  • How they addressed privacy and consent, and how server-side tagging played a vital role in it
  • The challenges they encountered to be compliant with local laws around the world.

Facilitating Data-Driven Decision Making at Adyen | With Melody Barlage

As a payment processing company, Adyen has been working with a lot of sensitive data since its origin. Accordingly, Adyen has treated data very carefully in a secure way, Melody Barlage, Product Manager of Business Intelligence at Adyen, explains. The same goes for the, maybe less sensitive data, they later added to their database. During the DDMA Digital Analytics Summit, Melody will talk about how Adyen handles data. In this interview, conducted for an episode of the Life After GDPR podcast (by Rick Dronkers), she already gave a small taste of what to expect during her presentation.

About Melody: Melody is Product Manager Business Intelligence at Adyen. She and her team facilitate a large team of data analysts and data end users throughout the organisation. Melody will be speaking at the DDMA Digital Analytics Summit 2022 on October 13. Tickets available at:

Different layers of security

Currently, a large part of the world has made a payment though Adyen. Accordingly, some would say Adyen has a lot of sensitive data about pretty much everyone. It’s good to know though, that all that data is not Adyen’s, but of the merchants they service, Melody claims: ‘We’re just there to process the data and keep it safe. We use it internally to improve our processes and report to regulatory institutions, but that’s it. But naturally, because we process massive amounts of sensitive data, we do everything in our power to prevent any breaches. And if there’s a breach, that data is always tokenized or hashed.

Other than that, we always work with hashed payment references. Also, a lot of data is aggregated, not only because of privacy considerations but also because of the sheer amount of data we’re processing. When data gets into Looker we add another layer of security, all to make sure that nobody within Adyen can get access to data they should not be able to. Finally, everybody within Adyen is considered a security officer. Everybody should always ask themselves if the data they have is really necessary for what they do and what they’re aiming to do.’

This mindset has been there from Adyen’s beginning, Melody says: ‘As you can imagine, for us, data about online marketing, Google Analytics, or the tracking on our website is not as important for us as it is for e-commerce companies. From the beginning, we started with much more sensitive data. The data we added after we treated with the same regime. We consider all data as valuable, but it is not equally as sensitive. But because we already possessed that mindset we decided to treat all data in the same way.’

Fraud and regulations

There are differences in what is allowed in the treatment of data across the world, for instance between the US and the EU. And because Adyen is active all around the world, they take local regulations very seriously; they have offices all around the world, with local expertise. Naturally, this impacts Adyen’s local services. Melody: ‘We have products which you could use for commercial purposes in some parts of the world, but not in others because of regulations. Consent regulations, for instance, can be very different. But in some cases, consent is not always needed. Obviously this is the case when it comes to chargeback data coming from fraudulent transactions. There’s a lot more possible dealing with these cases than for commercial reasons. We’re actually obliged to report suspicious transactions to the Financial Intelligence Unit (FIU).’

At Adyen, there are a lot of measures in place to discover suspicious activity. Melody: ‘If there is a suspicious transaction, we flag it and, if required, we pass it on to the authorities. But we do this not only on a transactional basis. Sometimes transactions only become suspicious in context. For instance, at Chanel, a 50K transaction seems normal. If you do it 20 times in a row though, it might not be normal.’

On-premise software as a USP

Looker is Adyen’s data modelling and data visualization tool. Adyen currently has around 200 developers at least partially working on creating models and data visualization in Looker, Melody explains: ‘Part of the reason we chose Looker is that we try to run as much as possible on-premise and open source. Also, when it comes to functionalities Looker has a very good way of managing permission and consent. Essentially every data visualisation is possible, but whether you can see it depends on the data you’re allowed to see.’

The main reason for the choice of on-premise software is not arbitrary. Of course, it drives performance, but it was also chosen because of privacy and security reasons. The choice is in line with all of Adyen’s other on-premise activities, Melody Barlage explains: ‘Before merchants started working with cloud services, our on-premise way of working was actually one of our unique selling points. We could tell merchants we keep all their data to ourselves. Nowadays merchants use cloud services fervently, so we’ll have to see how this approach will develop in the future.’

Tools, processes and guidelines are context-driven

At Adyen, they work with immense amounts of data. Naturally, they’ve built an appropriate tech stack to handle this data, Melody explains: ‘To some extent, we are bound to certain tools, like the Hadoop Spark framework. It does an awesome job of storing massive amounts of data. We also work with, a query-on-everything type of engine, which will be our new connector between Spark and Looker. We also increasingly make use of Druid, a database of sorts, which allows inflexible, but super rapid querying. Still, you have to keep in mind that our stack build-up is all context-driven. Your tech set-up really depends on your company. Eventually, everything comes down to making sure that everybody can find the right data they need to do their job and that data is of good quality. With  currently 2500 employees, we’re still in the process of professionalising this by imposing more and more rules.’

Adyen’s 20X mindset

Adyen’s developers know that the work they’re doing is very delicate. After all, they don’t want transactions to fail, Melody notes. ‘This is the reason why our developers consider it normal to strictly follow our guidelines, to make sure products are sustainable.

Some might point out that it would be hard to strive for future goals when one is this careful in their company practice like Adyen. Still, according to Melody, they aim high: ‘In our team, I want to achieve a 20X mindset, in which we ask ourselves continuously how we want to work if we have 20 times more developers, or 20 times more the merchants, et cetera. How do we make sure we have a user-friendly environment for everybody in the organisation with everything 20 times more than we currently have?

The presence of this mindset varies from team to team. We manage it by having teams like mine, which have a central overview. But more importantly, it is the futuristic thinking that is embedded in our company that pushes this. If someone finds something important, they can take ownership and do it, no matter where they’re coming from. If they have a good story, they can go ahead and do it. There’s a lot of freedom.’

Making tech work is easy, making people work together is the challenge

Some people say that making technology work is easy. Yes, it requires a lot of work, but in the end, organisations always manage it. It’s the people and how they work together that often forms the challenge. A lot of organisations struggle with this, Melody claims: ‘Especially in large enterprises, where discussions about the centralisation or decentralisation of teams come up regularly, this is the case, also at Adyen at a certain point, we had so many data people that we decided to decentralize them.

But as I said before, it also comes down to what works for your organisation. It certainly has to do with the number of people, but also with what kind of data you work with. What is also important: you have to adjust and learn. The upside for us is because we’re quite flexible, that we’re not that scared to completely move things around.’

On October 13 Melody will speak at the DDMA Digital Analytics Summit in Amsterdam. She will give you a taste of how Adyen uses data. She will provide some practical examples and elaborate on how they have organised these and how they’ve made them work. She’ll touch on it a tiny bit from a technical perspective, mainly because their big data platform is very impressive. Tickets available at: