Are you aware of what all personal information of your app users is being shared on the open web?
Do you realize what happens when a user shares his or her personal information via your app? It might be possible that without user consent, their data is shared across service providers.
If your app users are in EU, they can sigh with relief because GDPR is coming on 25th May 2018. GDPR (General Data Protection Regulation) is a strong effort to update data protection for the 21st century. This gives control to citizens of EU to grant permissions to use their personally identifiable information (PII) in exchange for ‘free’ services. GDPR will penalize the organizations that fail to comply with the rules.
What does GDPR mean to mobile app owners?
GDPR is a major change in data privacy and it will have a significant impact on mobile app usage & development process. It is high time for app owners to start working on a plan to meet GDPR requirements.
Here are few major steps that mobile app owners need to take in order to be compliant with the directive:
- Determine if your app really needs all the requested user’s PII or not – developers and management should define exactly which data is absolutely necessary
- If you are using any SDK, follow IAB’s GDPR Transparency & Consent Framework. You can read more about it here
- Encrypt all personal data and inform users about it – If an app needs to save personal data, it should be encrypted with proper and strong encryption algorithms, including hashing
- Ensure that the sessions and cookies expire and are destroyed after logout – users must be informed that the app is using cookies. The app should have the option for users to accept or deny cookies, and cookies must be properly destroyed after inactivity or logout
- Store logs in a safe place in an encrypted manner
- With the ‘Right to be forgotten’, it becomes extremely important for app owners to delete data of users who cancel their services
- In case your database is breached, you must notify users as well as authorities within 72 hours of becoming aware of the leak
What is Chocolate doing towards GDPR readiness?
Chocolate is fully committed to GDPR compliance across every aspect of our business.
Chocolate has always been dedicated to trust and transparency. Additionally, we are proactively reaching out our partners and advertisers to help them understand the significant impact of GDPR on their business and working together for the compliance readiness. We see GDPR as an incredible opportunity for new innovations in the industry which will ultimately improve the customer experience while generating value for our publisher partners and creating a safe and transparent marketplace for advertisers. Chocolate is one of the main authors of IAB’s GDPR In-app ad Mediation spec. You can further read about ad mediation would work with GDPR HERE.
It is recommended to all app developers, publishers and partners using ad mediation SDKs, Ad network SDKs, and any other third-party SDKs to follow IAB spec to acquire, store, and retrieve GDPR parameters.
Why the strong ask now?
We are aware of recent breaches in the security of many popular and prominent services, which has resulted in PII being leaked onto the web.
The main point about GDPR is how it’s forcing publishers and advertisers to rethink what information they are requesting from their customers, re-assess what they do with that information and how that information is stored. There’s also the question of all the data that is collected about users, possibly without them realizing it.
Much of this can be for the benefit and overall improvement of the user’s experience on app/website, but it’s only fair they understand what is happening in the background and why, as they surf around the internet.
What does this mean for the companies?
‘Controllers’ and ‘processors’ of data need to abide by the GDPR.
∙ A data controller is a party that ensures why and how personal data is processed, while a processor actually does processing of the data.
∙ If you are a company owner who does any of it for EU citizens or citizens of the Norway, Iceland, and Liechtenstein, GDPR applies to you (even if your company is registered outside of these territories and doesn’t have physical operations in Europe).
Fines can be high for non-compliance with GDPR: Serious infringements can result in fines of up to €20m, or 4% of your company’s global annual revenue, whichever is higher. Furthermore, mobile apps which are found to be non-compliant can have the risk of being banned from app stores.
To Download Chocolate Ad Mediation SDK, Click Here.