If you’ve been keeping up with the news lately, you’ve probably heard a lot about the General Data Protection Regulation (GDPR). This regulation has far-ranging implications for companies, so it’s critical for anyone involved in data collection and usage to understand it. We know this regulation can seem convoluted, so we’ve compiled answers to some of the most common questions about the GDPR below.
What exactly is the GDPR?
The GDPR is a new set of rules around data privacy, set to go into effect in the EU on May 25, 2018. The main objective of the regulation is to give end users greater control over their data. While consumers are often prepared to allow companies to access their data in order to improve their user experience, they expect their data to remain private and secure. Some consumers may not want to share their data at all. The GDPR provides a comprehensive set of data collection rules that require companies to obtain user consent and exhibit transparent processes when collecting data from users.
Why does the GDPR matter?
The GDPR is important because it establishes much-needed rules on data privacy. Not only will this regulation benefit marketers in the long term, but it will also benefit end users and ultimately society as a whole. For marketers, the GDPR will enhance transparency between brands and consumers. Transparency often leads to greater trust, and to a more productive brand-consumer relationship.
For end users, the GDPR will ensure all personal information is kept private and secure, and that the end users are informed at every stage of the data collection process. For society at large, the GDPR will promote a healthy data environment, also enabling organizations to use anonymous, privacy-compliant data and analytics for the good of the community.
An example of how data can help drive innovation and enhance the quality of life around the globe is through not-for-profit initiatives, such as our Data for Good program, which we launched in 2017. Through Data for Good, we partner with 25+ universities and nonprofit organizations to support causes such as natural disaster planning and relief, quality of life improvement in underserved communities, prevention of epidemic spreading, and smart city development.
How is Cuebiq preparing for the GDPR?
Cuebiq has been committed to protecting users’ privacy from day one. We strive to be at the forefront of global industry privacy standards, and we have taken specific measures to do so. To start, we have a direct relationship with our partner apps, which means we give users full control over whether they share their location or not. We also work closely with and are certified by industry privacy associations such as NAI, which stipulates that all data Cuebiq collects and manages must meet specific privacy regulations, and TrustArc, which provides users with an additional opportunity to opt out from our location data gathering.
As for GDPR preparation, we have been working tirelessly over the past nine months to get ready for the regulation to take effect and ensure we will be 100% compliant when it does. We’ve been pouring resources not only into our own technology to make sure it’s compliant but also into working with our partner apps to support them as they prepare for the regulation.
Here’s a breakdown of each of the key GDPR compliance steps, along with the actions we’ve taken to ensure we will be ready when it goes into effect:
1. User Consent
The GDPR requires businesses to request and receive consent from users in order to collect and utilize their data, to clearly inform users about data collection, and to enable users to withdraw consent just as easily as they were able to give it.
Thanks to our proprietary data collection methodology, we only process de-identified data from users who opted in to share location with our partner apps, and we allow users to easily opt out through device settings. Additionally, we developed a new version of our SDK that will help our app partners streamline the user opt-in and opt-out flow to maximize transparency and user experience.
2. User Rights
Under the GDPR, European nationals have the right to access and control their data.
We will manage and protect users’ rights through a proprietary mobile application, which will be available for both Android and iOS, and will empower users to exercise their rights by establishing a one-to-one communication channel to make sure all requests are properly documented and addressed.
3. Privacy by Design and Security
Under the GDPR, privacy and data protection will be required at the start and throughout all projects’ life cycle. Companies will have to ensure that private information is properly encrypted and that they appoint a Data Protection Officer.
We already implemented technical, administrative, and physical measures and safeguards to guarantee compliance of our data security systems, and we identified a Data Protection Officer who will enforce all security requirements.
Why should a GDPR-compliant framework be embraced beyond the EU?
We believe the GDPR is the gold standard for user privacy, and we hope that the entire mobile apps ecosystem will embrace a GDPR-compliant framework, giving end users greater control and transparency over their data. To this end, Cuebiq has started and will continue working with all of our partner apps, not just the ones with users in the EU, to adopt such a framework.
Privacy compliance is a global issue, and we believe that this approach to privacy and transparency will be beneficial to all stakeholders: end users, app developers and data companies alike.
Do you have questions about preparing for the GDPR? Lets talk. Fill out this form and we’ll be in touch.