The General Data Protection Regulation (GDPR) and mtribes.*
Disclaimer: This article is for information purposes only and does not serve as legal advice. Always consult professional legal counsel if you need to know more about how GDPR affects your business.
By now, most companies around the world would have heard about the General Data Protection Regulation (GDPR). It affects most, if not all of us in some way or another. In this article, we look at the GDPR in relation to mtribes, Deltatre Group’s newest product.
What is the GDPR?
GDPR stands for General Data Protection Regulation. It’s the European Union’s (EU) latest data protection law, which came into effect on 25 May 2018. It was intended to give more control to EU citizens over their personal data.
Who does it apply to?
Even though it is a European Regulation, it applies to any business in the world that processes personal data relating to an individual in the EU. The GDPR has an important and increasing impact on other privacy regulations around the world, for example:
1. The Californian Consumer Privacy Act (CCPA), which came into effect on 1 January 2020. The CCPA is similar to the GDPR and aims to provide Californian residents with specific rights around their personal data. It applies to any company doing business in California that meets at least one of the following thresholds:
- Has an annual gross revenue in excess of $25 million (USD)
- Buys or sells the personal information of 50,000 or more consumers or households
- Earns more than half of its annual revenue from selling consumers’ personal information
2. Japan’s Act on the Protection of Personal Information (APPI). The recent reforms carried out in 2017 significantly enhanced Japan’s privacy laws, which is now more similar to the GDPR. The Act’s main purpose is to protect the rights and interests of individuals, providing basic principles for the proper handling of personal information.
What are the GDPR requirements?
There are many requirements - in fact there are 11 chapters and 99 articles in the GDPR, which can all be found here. Some of the key requirements include:
- Ensuring that your company understands and clearly defines what is and is not personal data
- Ensuring that personal data is only used with explicit consent or another lawful basis for using it
- Ensuring that personal data is kept secure
- Granting users more rights over their personal data, including the right to see what data a company has collected and the right to request that it be deleted
It also outlines strict requirements for companies and enforces steep penalties on companies who do not comply. The GDPR applies to both controllers and processors of personal data.
What is personal data, a controller and a processor?
According to the GDPR:
- Personal data is any data that can be used to identify a living person directly or indirectly, including but not limited to name, address, email, location and IP address
- A controller is a natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of processing of personal data
- A processor is the natural or legal person that processes personal data on behalf of the controller
How does mtribes comply with GDPR?
mtribes is a software-as-a-service (SaaS) product that enables media companies to deliver targeted and personalized user experiences across devices to specific user groups.
mtribes is a data processor and only processes analytical data that our clients send to us about their users. Our clients are in turn required to provide their users with all relevant information and, when necessary, collect their consent before sending any data on to us, in accordance with our Data Processing Agreement (DPA).
We also apply the latest security protocols when processing data. This includes Transport Layer Security (TLS) and ensuring our data is encrypted at rest and in transit.
mtribes Privacy Team
In addition, mtribes has a dedicated Privacy Team that takes care of any data issues. The team is composed of legal, compliance, IT and cyber security experts and is committed to constantly providing Deltatre Group with support and advice. The team has been involved in every Deltatre Group activity and project since the design phase.