Every company in the European Union and around the globe has been preparing for the big day. Yes, GDPR!
The General Data Protection Regulation has been in effect since 25 May 2018 and naturally, there are tons of questions in the air. What’s the fuss all about, you ask? How does it affect my business? How do I track my prospects / customers? How do I keep them engaged? How do I get consent to share data with a 3rd party service provider?
GDPR law provides EU citizens with the right to allow their personal data to be processed. The citizens have the right to decide.
It’s a lot to consume and act if you still haven't started. If your current analytics provider expects you to share consumer data with them, then you definitely need to take consent from your customers / prospects. In other words, you need to inform your customers / prospects that you need their consent so that you can share personal data with multiple third party service providers. And you also need to explain why you want to share.
Why GDPR is a serious matter?
Any company with their business in the EU or companies with their customer base in the EU need to act on this and take measures to make sure their business continues to grow and the customer data is not breached. Here are 10 key factors that businesses need to note according to Computer Weekly.
- GDPR applies to all companies that process personal data of EU citizens
- Any data that identifies an individual is considered personal data and it’s subject to GDPR. For instance, collecting information such as name, age, IP, gender and a lot more.
- The GDPR requires all organizations collecting personal data to be able to prove clear and affirmative consent to process that data.
- The appointment of a Data Processing Officer (DPO) is mandatory for certain organizations. DPO is a leadership role required by enterprises and is responsible for overseeing data protection strategy and implementation to ensure GDPR compliance. Any company that handles large amounts of personal data must have a DPO.
- The GDPR introduces mandatory Privacy Impact Assessment PIAs. The Data controller should conduct PIAs where there could be a privacy breach and the PIA is conducted to reduce the risks. Meaning, when an organisation handles large amounts of personal data, before initiating the project, the Data Processing Officer must conduct a privacy risk assessment to ensure they are in compliance.
- DPO should notify the local data protection authority of a data breach within 72 hours, if any.
- The Right to be Forgotten: Any organisation handling customer or prospect data may not hold the data no longer than it is required. When you collect the data, you will have to define why you need their personal information and what you intend to do with the data. Once this is defined, the organisation should adhere to it. Under no circumstances you are allowed to change the use of data. At the same time, the data should be deleted upon request of the user / data subject. This also means organisations should get consent before altering the use of the data.
- The GDPR expands liability beyond data controllers. Meaning, if you are a service provider, you are still liable provided you are working with any personal data.
- Privacy by design: Any software, system, or process that an organisation uses or follows should be GDPR compliant.
- The one stop Shop: Any EU Data Protection authority can take action against organisations, regardless of wherever the company is located in the world. The enforcement is backed by fines up to €20m or 4% of group annual global turnover.
Why does a company need to go through all these?
The GDPR focus is towards preventing data controllers, data aggregators, list building companies, list brokers, and the likes from using and selling personal data without any oversight for the data subjects.
Let’s talk about Analytics here. All the data you collect for analytics are considered personal data. Meaning, you need consent so that you can share with your analytics provider.
Having the right processes and technologies in place is very important. And Rakam is just the thing for organisations who handle EU data.
Rakam is an open source analytics platform that will run on your own servers. Which means you will have full control of your data. The ability to control sensitive information such as IP, used data, remove user data if requested and also to extract and share them if needed. The platform is fully customisable to meet your needs. The flexibility is endless.
The installation to your cloud provider like AWS, Heroku, docker is a seamless one-click installation.
Rakam also provides you with Prebuilt Analytics for Ads, Gaming, Web, Mobile, IoT and many more analytics solutions.
What kind of data is passed to Rakam?
- Anonymous usage data from Rakam api installation is collected that help improve the quality of the software.
- We collect the exceptions and stack traces of application crashes in order to find out and fix the bugs.
- Email, name information for authentication.
- Pages and features that are being used by users.
Rakam is easy to use, simple yet very powerful. And the platform is built with GDPR in focus. Ready to see Rakam in action? Feel free to sign up. We are here 24/7 to answer any queries you have.