On May 25, 2018, the General Data Protection Regulation (GDPR) takes effect in the European Union (EU). And CleverTap is pleased to announce that we are fully compliant with GDPR as of today.
In addition, we are also constantly working with our customers to help them easily understand and manage compliance related features and capabilities.
Compliance with the GDPR requires ongoing changes to ensure that your processing of personal data of EU individuals is within scope. The enhancements to our product functionality including updates to our dashboard, SDK, API, and documentation will help you better handle the GDPR requirements and support you in offering data privacy to your application’s end users.
If you are just starting to think of the GDPR and have questions about what it entails and what you should do to prepare, check out our blog post.
Among the key changes in the GDPR are the data subject rights for EU individuals, added security measures, contractual obligations, and operational enforcements such as data breach notifications and updates to privacy policies to address the new regulation.
The GDPR is an extensive regulation and while CleverTap cannot offer legal advice on the regulation, our goal is to make it easy for you to understand and apply the GDPR’s principles for your users. We have outlined common questions to help accelerate your path to GDPR readiness with CleverTap.
We provide this feature to you (i.e. the App Publisher) through a detailed report on end user profiles that you can generate on the dashboard and easily share with your end users should they request it.
We will enable you to do this through both a dashboard deletion and an API deletion tool. If your end user revisits your app in the future, they will be treated as an anonymous user.
We will allow this through our new SDK, which will grant your end users the ability to immediately have their devices stop sending data to CleverTap systems from then on.
There will be no way to download that user profile or reach that specific end user on any of the messaging channels on the CleverTap dashboard. You will have to opt out that user from all marketing channels on your end.
Additionally, the delete will take place immediately and there is no way to get the information of that user back. It may impact your analysis on the dashboard as funnels, cohorts, pivots, and other analytics may not show the same result as before.
Detailed documentation of the modifications in the SDK and the steps to follow in order to make your applications GDPR compliant is available within our SDK integration guide for your action.
The new SDK conforms to Privacy by Design by disabling default settings for capabilities such as auto-collection of location (city, region, and country) as well as network information (wifi, radio, bluetooth, etc.) for end users that do not opt in. Additionally, following the GDPR guidelines, the CleverTap SDK will not automatically collect Google Ad ID or Apple IDFA. You can refer to the user docs to learn more.
Thus, the GDPR applies to all companies in the US, India, or elsewhere with data processing outside of the EU and end users in the EU. In such a scenario, the data controller should ensure that they ask for consent of the EU individual before collecting personal data that will be processed in locations outside of the EU.
For most of our customers, we make sure that your data is stored and processed securely in the EU and never leaves the EU.
We also offer India data centers for those customers that might have a legal or governance requirement of having their data storage within the Indian borders. As in the above scenario, our customers are required to communicate the same to their end users (who might be in the EU) when their data is collected to ensure that they have end user consent for storing and processing their data in India.
Consistent with our commitment to security and data privacy, we have appointed a data protection officer at CleverTap to ensure our continued support to you, our customers, and your end users.
It is mandatory for all CleverTap customers to sign the DPA in order to confirm their continued usage of CleverTap.
Data privacy and security is an ongoing process. We will continue to work closely with our customers to prepare for new regulations as they are introduced, ensuring that we remain the custodians of our customers’ data. Refer to our user docs and developer docs, or contact email@example.com for more information.
Unraveling the GDPR Compliance with CleverTap