GDPR Compliance Overview
While the General Data Protection Regulation (GDPR) is a law meant to protect residents of the European Union, its reach does not end at EU borders. GDPR is the culmination of 6 years of EU proposals, drafts, comments, and negotiations aimed at creating uniform digital privacy protections. These protections extend to EU residents no matter where the company using their information is located. That’s why any company that has EU-based customers is preparing to meet the standards outlined in this legislation.
At Indicative, our commitment to data privacy and security is global, and we have always demonstrated a strong commitment to staying ahead of the curve. As such, GDPR readiness has been an ongoing priority for us. Indicative has taken care to thoroughly evaluate our platform’s data collection and storage protocols and ensure institutional GDPR compliance in advance of the law coming into effect on May 25, 2018.
Indicative’s Approach to GDPR Compliance
Our team has tackled GDPR with a two-pronged approach, in response to our dual role under the regulations as both a Data Processor and Data Controller.
As a Data Processor
Under GDPR, a data processor is defined as “any person (other than an employee of the data controller) who processes the data on behalf of the data controller.” As a behavioral analytics platform, Indicative is a vendor that ingests and processes consumer data on behalf of our clients. Accordingly, we are implementing the following measures:
- Product Features
- APIs: Our product team will provide three APIs which may be utilized to delete, rectify, or cease processing of data in accordance with GDPR stipulations. Customers will have access to documentation about these three APIs, and customer dev teams may utilize these APIs to rectify or delete user data.
- Data Access Form
- A form to request to view, alter, delete, or transfer existing data is available on the Indicative website. It may be accessed here.
- Data Processing Agreement
- Our Data Processing Agreement (DPA) has been updated to reflect EU model clauses. Customers may access the updated agreement here.
As a Data Controller
A data controller is defined as the “person or persons who determine the matter in which any personal data is processed.” Since Indicative collects information around usage of our platform for the purposes of quality assurance and bug tracking, we fall under this definition a well.
To comply with GDPR, we will have completed the following steps by May 25:
- Comprehensive Review of Vendors
- Our team is in the process of conducting a review of our existing vendors. The aim of this review has been to ensure that our contracts conform with GDPR security and privacy standards.
- Data Collection Opt-In
- Indicative users will be prompted with a pop-up widget, allowing them to opt in or out of platform usage data collection.
- Data Access Form
- Users may request to view, alter, delete, or transfer existing data through this form.
As a behavioral analytics service provider, the safety and security of our customer data is always our primary consideration. Beyond achieving and maintaining GDPR compliance, customers can count on us to stay ahead of new developments as the digital privacy landscape continues to evolve.
Image courtesy of Convert GDPR.