It all started back in April 2016 when the news broke out on an EU ruling that introduced the idea of empowering end consumers to control and restrict the storage & use of their personal data with the companies they interact with. That ruling went on to be called General Data Protection Regulation (GDPR) and it is not just the European businesses that would be affected, if you have customers from the EU region, you would be required to implement the GDPR practices which change the way you collect and legally store data of your customers. To help you with it, ShepHertz announces the full set of resources and features for GDPR compliance, which will become effective from 25 May, 2018 onwards.

GDPR will impact organizations that are “data controllers” and “data processors.” Data controllers are organizations that collect data from EU residents, while data processors are organizations that process data on behalf of a data controller. By GDPR’s definition, ShepHertz is considered a “data processor” so we have updated our SDKs, features and resources to comply and support you, the “data controllers.” Full set of resources to ShepHertz GDPR compliance can be found here.

There are major consequences to violating these new rules. Administrative fines can reach 20 million Euros or four percent of annual global revenue, whichever is higher. We would like to make sure that you are aware and are doing what needs to be done to be GDPR compliant.

Listed below is a brief overview of the changes we have applied, how we support them and what you would need to review for compliance:

Redefining “Personal Data”:

Under GDPR, the definition of “personal data” changes from simply being personally identifiable information to identifiers that may, without or with other data, identify an individual.  For instance, personal data could be name, identification number, or it could also be a combination of two or more user attributes such as demographic or behavioral information.

ShepHertz does not require any sensitive data to process and deliver services; however, the analytics systems do use random unique identifiers to provide precise and effective data. Since this information could fall under the category of “personal data,” we are implementing a few changes to handle these data points appropriately. We are also updating our systems to better support GDPR requirements such as a data subject’s request for their personal data to be deleted.

Defining “Data Controller”:

Since every ShepHertz customer would be a data controller, the new regulations would require you (our customer) to announce the effects of GDPR and receive consent from them for the collection and processing of their data through our services. This is a mandatory process that is required by the regulations coming into effect.
The updated App42 SDKs support an opt-out method that can be configured along with any policy and consent request mechanism to support your GDPR compliance requirements in this area. Moreover, ShepHertz customers have complete control over what information is collected and the capability to export it as a part of the GDPR compliance.

With GDPR coming into effect in two days, do check out all our GDPR resources to ensure you are being compliant for your customers. Should you have any query, suggestion, or issue, please reach out to our Data Security Officer at compliance@shephertz.com