GDPR: Your Community Questions Answered

Questions
, - May 09 2018
GDPR: Your Community Questions Answered

The upcoming General Data Protection Regulation (GDPR) will affect user data privacy handling for a huge number of businesses in a variety of different ways. Given the scope of this shift in the legal landscape, compliance with the new laws can be something of a headache for any company that deals with the data of EU customers.

With this front of mind, we decided to turn to our Ogury community of publishers, clients and marketers to get a read on which specific GDPR-related queries are puzzling you the most. The below quick reference Q&A is the product of a short survey designed to highlight the most pressing community questions ahead of GDPR coming into force on May 25th. Did your inquiry not make the list? Feel free to drop us a line via gdpr@ogury.com.

What is GDPR and what do I need to do to comply?

GDPR is a new regulation specifically designed to protect EU citizens from organizations using their data irresponsibly. In short, it puts users in charge of what, where, and how their personal data is shared. From May 25th 2018, companies will only be able to collect user data of EU citizens with clear, explicit consent, and must offer an equally accessible method to opt-out of data collection. The law applies to any companies around the world that deal with the data of EU citizens, regardless of where those businesses are based.

For more detail about GDPR, its consequences, how to comply, and how Ogury is compliant by design, read our blog post here.

How does GDPR affect non-EU countries, specifically the US?

Even if your business handles the data of just one EU citizen, your business will have to comply with GDPR or face hefty fines and penalties. It doesn’t matter if your company is not based geographically in Europe; the law concerns the rights of users. As a result, a majority of middle to large sized companies will be affected. However, even if your business is one of the few to fall outside of the scope of GDPR, it might well be worth investigating. To find out more, read our blog about how GDPR, despite its EU roots, affects businesses globally here.

Does Ogury comply with GDPR and how did it achieve this?

As a pioneer of user-consented data collection, Ogury is GDPR compliant by design. Since starting the company in 2014, we have championed user rights by asking for explicit opt-in consent. If a user decides not to give us this consent, we simply do not collect their data, and no targeted ads are served. For more on Ogury’s GDPR compliance, read our dedicated blog post.

What consent needs to be obtained and how will it affect database size/revenue?

From May 25th, companies need to obtain explicit user consent from every one of their users, both current and new. Users will now need to opt-in in order for any of their data to be legally collected, processed, and stored by businesses. This will likely have knock-on effects for both databases sizes and revenues, in the short term at least. At this stage, it is difficult to predict with any degree of certainty the direct consequences that GDPR will have on revenue, but they will likely vary depending on product and existing data compliance practices.

Consent notices must be clear, written in plain language, and cannot be bundled together with other terms and conditions. They must state your company’s name, why you need to collect a user’s data, and what it is going to be used for. Popular pre-GDPR practices such as pre-ticked boxes can no longer be employed, as they assume consent. Companies must also remind users that they can withdraw their consent at any time and make the process easy for them to do so. It’s also considered best practice to keep records which can serve as evidence of consent.

How does GDPR specifically affect gaming apps?

As with all other apps, games publishers will have to obtain explicit user consent in order to collect or use any form of user data. Many gaming apps will be affected in particular due to their wide-ranging audience. Children under 13 cannot legally give consent to having their data collected, so games that are aimed specifically at younger audiences will not only have to ensure the protection of their users’ data but also gain parental consent. Gaming app publishers must make all reasonable efforts to verify that an underage child has not opted-in.

I'm using multiple SDKs. Do I therefore need to show multiple consent popups at the start of my app/game?

Before the end of the May 2018, Ogury will launch the world’s first open source consent manager, which will allow publishers to manage all of their user-data-collection-consents in one platform. As a benefit of this, users will only see one consent form, streamlining their experience and simultaneously giving publishers the ability to manage compliance from every single user on every single ad network, in one opt-in. We will share more details on this launch very soon. Email publisher@ogury.com if you would like to receive early bird notification.

Do I need to update Ogury’s SDK?

Yes, but don’t worry, we’ll be sending out an updated version of the Ogury SDK on May 21st. Keep an eye out for that, and should you have any questions about its implementation feel free to contact us via publisher@ogury.com.