You’ll learn the key changes that are part of GDPR, how Localytics is supporting the new privacy requirements, and what you need to know to start auditing your data collection processes.
3. This
Webinar
What this Webinar Is
● It is an overview of how you can use our suite of services in a compliant manner.
● It is about how we support your GDPR compliance as a Data Processor
What this Webinar Isn’t
● It is not a comprehensive overview of how you become GDPR Compliant
● It is not about how we are GDPR compliant as a Data Controller
● A replacement for working with your own legal counsel
Goal:
● Provide clarity around how you can use Localytics in a GDPR compliant manner.
4. Agenda
● Overview of GDPR
● Our Role; Your Role
● How Localytics Supports Compliance
● Questions and Discussion
5. Poll
How GDPR ready are you?
Just getting started Assessment stage
Audit/inventory stage Gap mitigation stage
Compliant
6. What is your role in GDPR compliance?
Poll
Data Controller Data Processor
Both a Controller and Processor Not quite sure
9. Linked
VS
Linkable
Traditional definition of PII:
Identifying information such as
names, addresses, or
government issued identification
numbers
New definition of PII (PD):
Includes as any identifiers that,
when combined with other data,
may identify an individual.
Information like Advertiser ID’s,
random/unique Identifiers +
behavioral data
10. Privacy
Principles
● EU citizens have the right to dictate and control
if and how their personal data is used
● Explicit consent must be granted, not assumed
13. Same Roles, New Responsibilities
Data Subject Data Controller Data Processor
14. You are the Data Controller
Localytics is the Data Processor
15. Data Controller
Responsibilities
● Ensuring transparency
● Obtaining and respecting consent
● Collecting only the data
necessary
● Protecting all data collected
● Acting on Right to be forgotten
instructions
● Instructing the Processor
Data Processor
Responsibilities
● Process as instructed
● Transparency to you and your
end-users
● Protect the data you send
● Provide access to your data
● Provide tools to respect consent
● Provide tools to act on requests
to be forgotten
How they
work
together
16. We Work Together
As a controller it’s your job to instruct your processors
on how to handle your data. In turn, we support your
requirements by giving you the tools to be compliant
17. Why Should We Care About GDPR
“With great power comes great responsibility”
- Uncle Ben
21. - SDK Method setOptedOut
- SDK Method setPrivacyOptedOut (new)
- Server-Side Profile Attribute (new)
- S3 Raw-Log support changes
- Pushed to your S3, use your KMS
Supporting Consent & Right-to-be-Forgotten
22. Delete Personal Data and Identifiers - 30 days
- Profiles (First/Last/Full Name, Email)
- Customer_ID
- Advertiser_ID
- Unique Identifiers
Effectively Orphan the behavioral data
How are we going to delete end-users?
23. Keep your
Event and
Profile Data
Separate
*Personal Data shouldn’t be tagged as
events/attributes or Custom Dimensions
24. What’s Next?
- New Methods and documentation to be
released end of March
- Account Managers, MEC’s and support are
available to assist you.
25. Tasks to
Consider
- Audit/Assess data - Classify Personal Data
- Implement latest SDK v5.1
- Implement Consent Solicitation using
setOptedOut
- Implement ‘Forget Me’ Setting using
setPrivacyOptedOut / Privacy Delete Attribute
- Sign DPA with your processors
- Migrate S3 - If applicable