Appoddo Compliance with GDPR
Effective Date: 10/05/2018
The EU General Data Protection Regulation (GDPR) will come into effect on 25 May 2018. All EU member states will then have the same legal wording regarding the protection of personal data. The intention of this regulation is to grant individuals more control over their personal information and make sure organisations have appropriate processes and systems in place when collecting personal data. High penalties may be imposed to organisations not adhering to the data protection regulations.
In very basic terms though, the key to GDPR is giving rights back to end users; in other words… letting individuals choose what happens to their personal data. As data subjects under GDPR, end users have the right to:
- Access, Correct, Export and Delete their personal information.
- Restrict and Object to Processing.
- Be Informed about their personal information and how it’s used.
Some of the basic data protection principles….
Accountability
- Organisations need to prove that the GDPR is being adhered to.
Limitation of purpose
- Personal data may not be used in a way that isn’t compliant with the purpose for which they have been collected.
- Information of the purpose should be understandable and easily accessible.
Authorisation
- Only those who need access to the personal data to perform their duties should have access to them.
- Privacy by design and Privacy by default.
How Appoddo makes sure to be GDPR compliant
Appoddo is taking the ‘legitimate interest’ route for consent. This means that for our publishers, working with us should be relatively easy. We have developed an Appoddo standard Data Processing Agreement for Advertisers and have adjusted our Affiliate & Publisher Terms and Conditions to comply with GDPR. This specifies that Appoddo operates as a Data Processor, and process personal data for tracking services on behalf of the Data Controller and in accordance with the applicable data protection law.
We are updating our personal data documentation including Privacy Policy and all functional policies. We are currently reviewing and negotiating Data Processing Agreements with our Data Processors and our aim is to have them all reviewed and signed by 25 May 2018. Appoddo´s Affiliates and Publishers are our sub-processors and we have adjusted our Affiliate Terms and Conditions to GDPR. Our policies, GDPR documentation, accesses to personal data, retention periods and request handling from individuals (data subjects, advertisers, publishers, Appoddo employees and job candidates) have been reviewed and adjusted to be GDPR compliant. Our team has also had GDPR briefings and a standard DPA Appendix for our Advertisers has been developed and can be found below.
DPA Agreement for Advertisers
Terms & Conditions for Publishers and Affiliates