While the General Data Protection Regulation (GDPR) is a law meant to protect residents of the European Union, its reach does not end at EU borders. GDPR is the culmination of 6 years of EU proposals, drafts, comments, and negotiations aimed at creating uniform digital privacy protections. These protections extend to EU residents no matter where the company using their information is located. That’s why any company that has EU-based customers is preparing to meet the standards outlined in this legislation.
At Indicative, our commitment to data privacy and security is global, and we have always demonstrated a strong commitment to staying ahead of the curve. As such, GDPR readiness has been an ongoing priority for us. Indicative has taken care to thoroughly evaluate our platform’s data collection and storage protocols and ensure institutional GDPR compliance in advance of the law coming into effect on May 25, 2018.
Indicative’s Approach to GDPR Compliance
Our team has tackled GDPR with a two-pronged approach, in response to our dual role under the regulations as both a Data Processor and Data Controller.
As a Data Processor
Under GDPR, a data processor is defined as “any person (other than an employee of the data controller) who processes the data on behalf of the data controller.” As a behavioral analytics platform, Indicative is a vendor that ingests and processes consumer data on behalf of our clients.
Accordingly, we are implementing the following measures:
- Product Features
- APIs: Our product team will provide three APIs which may be utilized to delete, rectify, or cease processing of data in accordance with GDPR stipulations. Customers will have access to documentation about these three APIs, and customer dev teams may utilize these APIs to rectify or delete user data.
- Data Deletion API: Allows the quick and easy deletion of existing data.
- Data Rectification API: Allows the alteration and rectification of existing data.
- Data Processing Cessation API: Allows the restriction of data processing.
- APIs: Our product team will provide three APIs which may be utilized to delete, rectify, or cease processing of data in accordance with GDPR stipulations. Customers will have access to documentation about these three APIs, and customer dev teams may utilize these APIs to rectify or delete user data.
- Data Processing Agreement
- For any questions related to a Data Processing Agreement, please reach out privacy@mparticle.com.
As a Data Controller
A data controller is defined as the “person or persons who determine the matter in which any personal data is processed.” Since Indicative collects information around usage of our platform for the purposes of quality assurance and bug tracking, we fall under this definition a well.
To comply with GDPR, we will have completed the following steps by May 25:
- Privacy Policy Update
- In conjunction with our legal team, we have conducted a comprehensive review and update of our privacy policy to ensure that it meets GDPR standards. The updated privacy policy takes effect on May 25, 2018. Prior to the updated policy taking effect, customers will be provided with an outline of specific changes either within their accounts upon login or via email.
- Comprehensive Review of Vendors
- Our team is in the process of conducting a review of our existing vendors. The aim of this review has been to ensure that our contracts conform with GDPR security and privacy standards.
- Data Collection Opt-In
- Indicative users will be prompted with a pop-up widget, allowing them to opt in or out of platform usage data collection.
As a behavioral analytics service provider, the safety and security of our customer data is always our primary consideration. Beyond achieving and maintaining GDPR compliance, customers can count on us to stay ahead of new developments as the digital privacy landscape continues to evolve.
Image courtesy of Convert GDPR.