With rapid advances in technology, data protection laws around the world have struggled to keep pace. The General Data Protection Regulation (GDPR), which came into force on 25 May 2018, aims to update and strengthen these laws and create a unified system across the European Union.
In the event of a breach, data protection authorities can impose fines of up to €20 million or 4% of a company’s global turnover, whichever is greater. The GDPR also provides more control for individuals by creating eight distinct rights in relation to their personal data.
The GDPR applies to the processing of personal data by organizations based both within and outside of the EU if they offer goods and services to individuals in the EU, even if these goods or services are free. Personal data is any information that allows a person to be directly or indirectly identified. A data subject is an individual to whom the personal data relates. Processing includes collecting, recording, storing, using, analyzing, combining, disclosing or deleting personal data.
As a global company with publishers, brand partners, and users around the world, Ogury is subject to the GDPR and applies this same high standard of transparency to all end users. Ogury is a controller of personal data. This is because we decide which consented signals we collect and how we use the mobile user journey data that we generate.
In order to comply with the GDPR, Ogury needs a lawful basis to process personal data. There are six different bases, one of which is consent of the data subject. Unlike some other companies that may rely on ‘legitimate interests’, Ogury relies on consent as its lawful basis of processing personal data and has done so since it was founded in 2014, long before GDPR came into force. As well as the fairest and most transparent approach for end-users, we believe this is the most compliant with the requirements of the GDPR.
The GDPR has changed the rules around consent, which must be freely given, specific, informed, unambiguous, and involve clear affirmative action. Ogury’s current user consent notice gives clear information and real choice to end-users.
Ogury’s consent notice is separate to publishers’ terms and conditions. If an end-user does not give their consent, Ogury does not collect their data signals. We also give all users the right to withdraw their consent at any time, either by using the opt-out form on our website ( https://consent.ogury.co/ which is linked to from all our campaigns) or by emailing email@example.com. Once they withdraw consent, they no longer receive any personalized marketing managed by Ogury. End-users can also exercise their other rights by contacting the Ogury privacy office.
To mark GDPR’s arrival, Ogury launched a quick-fire interactive experience to help organizations brush up on the new data handling standards. Introducing, The GDPR Grandmaster Challenge.
Are you a GDPR blackbelt? Or is your knowledge still a bit rough around the edges? Give us five minutes of your time and you’ll come out more informed.
To help organizations manage the complexity of GDPR compliance and user consent, Ogury has launched Consent Manager. Ogury is a registered CMP Vendor with the IAB and its CMP is compliant with the IAB Transparency and Consent Framework.
With one simple integration you can:
• Combine all opt-in notices from every partner, in one convenient place.
• Make giving or withdrawing consent clear, easy and non-disruptive.
• Give users the choice to share mobile journey signals for a specific usage, or pay for access to content.