Today, the EU’s General Data Protection Regulation comes into force…but then you knew that already. GDPR seeks to give consumers more control over their personal data. And as today has drawn closer, more businesses have began to understand what impact it will have on them. The legislation says that seven principles should lie at the heart of a business’ approach to processing personal data:
- Lawfulness, fairness and transparency
- Purpose limitation
- Data minimisation
- Storage limitation
- Integrity and confidentiality (security)
The risk and penalty of non-compliance has risen sharply; maximum fines are whichever is the higher of €20m or 4% of turnover.
Like many businesses, Appsumer’s inbox began to fill with questions from our clients. I put these questions to Moin Maniar, Appsumer’s CTO and Data Protection Officer…
What reaction are you seeing to GDPR from our clients and prospects?
People in the mobile advertising space have always been very clued up, so it’s not been a huge surprise to see clients and partners being proactive and organised. Many have conducting due-diligence as data-controllers who now have a legal obligation to to ensure that the data processors they use are GDPR compliant.
So is Appsumer GDPR compliant?
Yes. As a data-driven company, we are committed to data privacy and security. We’ve systematically been making changes since the turn of the year, so that our procedures are compliant in time for today’s deadline. We engaged with a GDPR consultancy to fine tune and document our processes around transparency and accountability, before implementing them across the company. We conducted risk assessments around security, response procedures and data recovery plans. We revised our contracts, T&Cs and privacy notice to reflect the changes we made.
We’ve a dedicated team who continually carry out compliance checks and data reviews. Being proactive, giving ourselves enough time leading upto May 25th, and widespread staff training have helped us a tremendous amount in making GDPR part of our everyday working practice.
What Personally Identifiable Information (PII) does Appsumer hold?
We data subjects as website visitors, prospects, clients, platform end users, and clients’ customers. Full details on how we deal with personally identifiable information can be found in our privacy notice. I think the most important question our clients are asking us is,
‘What about the PII from our clients (those using our apps and services)?’.
It is worth me stating here that the Appsumer platform aggregates data at a dimensional level (date, country, operating system, etc) and that any PII from our clients’ customers is not only not required, but never requested, gathered or stored.
Clients can rest assured that their customers can never be able to be identified, either in isolation or in combination with any other data sets from within the Appsumer Platform.
Who is your data protection officer?
The European Union stipulates that companies like Appsumer don’t strictly need to appoint a DPO because the quantities of personal data we process isn’t significant enough. However, we felt it was important enough to invest sufficiently in this area to provide our clients with the reassurance they’d want. Our Board took the decision to appoint one of our directors to take on data processing responsibilities. That director is me.
Where is the data stored?
All of our platform data is stored with the EU, our marketing and newbiz data is stored both in the EU and the US, where our suppliers are Privacy Shield compliant
Where can I find out more?
There’s no shortage of GDPR resources online, but The Information Commissioner’s Office is a great place to start.
You can find Appsumer’s privacy notice here, that includes contact details for me if you have specific questions.