As the GDPR will take effect in May, mobile app developers and publishers must ensure that any partner (SDK) vendors will not put their organization at risk.
Companies across the globe are scrambling to comply with a European law that represents the biggest shake-up of personal data privacy rules since the birth of the internet.
We are taking steps to certify our SDK with the European Interactive Digital Advertising Alliance (EDAA), the leading cross-industry self-regulatory initiative for enhancing transparency and user control over online behavioral advertising.
Why the New Regulation?
The law is intended to give European citizens more control over their online information and applies to all firms that are established in the EU or that actively monitor or provide services or goods to residents in the EU.
The GDPR changes everything from the age of consent to standards of privacy. These principals do not only apply to EU companies; many companies in Canada and the United States must become compliant as well.
How it Affects You
Many companies are scrambling to find DPOs to assist their companies on data audits for compliance with privacy laws, to train employees on data privacy, and to serve as the point of contact for European regulators. Other provisions of the law require that companies make personal information available to customers on request, or delete it entirely in some cases, and report any data breaches within 72 hours.
Appnext and GDPR
Our data protection practices are aligned with industry best practices, as well as the requirements of the GDPR, such as:
- Recognizing the crucial importance of data governance, we take great measures to ensure that data protection is managed as a corporate issue. We have also designated a Data Protection Officer to hold responsibility for data protection compliance.
- We are putting effective policies and procedures in place to ensure that our data processing activities are adequately documented.
- We are carrying out a comprehensive review of our privacy notices and putting a plan in place for making necessary changes in time for GDPR implementation.
- We review our procedures to ensure that they cover all the rights of individuals (i.e. right of access, right to erasure and right to object), within the new timescales.
- We review and affirm the lawful basis for our data processing activities under the GDPR.
- We are carrying out an extensive review of our contracts and the other arrangements we have in place when sharing data with our partners, vendors, and clients. In addition, we have put an internal partner vetting procedure in place to ensure that adequate safeguard protection is adopted prior to the sharing of personal data.
- We are carrying out a comprehensive review of our information security practices, adopting various technical, organizational and physical measures to ensure that personal data is adequately safeguarded.
- We make sure that we have adequate procedures in place to detect, report, investigate and contain a personal data breach, as well as to notify the data protection supervisory authority and data subjects, as required.
- We have initiated various steps to ensure that decision-makers and key personnel at Appnext are aware of the new changes under the GDPR, and are actively working towards raising its awareness.
Have any questions for us about GDPR? Don’t hesitate to reach out. Just send us a message at firstname.lastname@example.org.