Say Hello to GDPR! Updates to EU Privacy and Data Regulations

Back in April 2016 you may have heard of an EU ruling that would change the way businesses collect and store data about their customers. That decision has come to life in the form of the General Data Protection Regulation (GDPR). Even if you’re not a European company, there are practices you might need to change to comply and legally collect data from EU residents.

Rest assured: Localytics will be compliant when GDPR goes into effect, which means the components of your app that leverage our analytics and engagement products will also be compliant.

What GDPR means for Localytics customers

GDPR takes effect on May 25, 2018. It places a greater emphasis on consumer consent and transparency in the collection and use of personal data. The intent of this regulation is to strengthen and unify privacy and personal data protection for all European citizens.

GDPR impacts organizations that are “data controllers” and “data processors.” Data controllers are organizations that collect data from EU residents, while data processors are organizations that process data on behalf of a data controller. By GDPR’s definition, Localytics is considered a “data processor” so we are updating our technical and organizational approach to comply and support you, the “data controllers.” In the coming weeks, we’ll update our privacy policy and DPA to reflect the new standards.

There are major consequences to violating these new rules. Administrative fines can reach 20 million Euros or four percent of annual global revenue, whichever is higher. So, we want to make sure that you know what it means to be GDPR complaint.

Below you can find a summary of the changes, how we support them, and some areas you can review on your journey to compliance.

A new definition of “personal data”

Under GDPR, the definition of “personal data” goes beyond traditional personally identifiable information (name, email address, etc.). It now includes identifiers that may, when combined with other data, identify an individual. This is a huge change in the way that we think about personal data.

Localytics does not require any sensitive data to deliver our services; however, our analytics systems do use arbitrary unique identifiers to provide accurate and valid analytics data. Because this information could potentially be considered “personal data,” we are implementing improvements to handle these data points appropriately. We are also updating our systems to better support GDPR requirements such as a data-subject’s request to be forgotten.

Your role as a data controller

The new regulations require you, as a “data controller” to receive consent from your customers for the collection and processing of any data they will share through your services. Making this ask will look different across your different digital properties, like your website or your app. One way you can request permission from your app users is through a Localytics in-app message, which gives your users the option to opt out or agree to have your app track their engagement.

The Localytics SDK currently supports an opt-out method that can be configured in conjunction with any policy notification and consent request mechanism to support your GDPR compliance requirements in this area. Additionally, Localytics customers have full control over what data is collected and the ability to export their data to ensure compliance with their specific privacy or consent requirements.

There are 3 months until GDPR goes into effect. To help you prepare, we are hosting a webinar on March 21st where you can learn more about GDPR and get best practices for obtaining consent for data collection in your apps.

New Call-to-action