Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

What GDPR Means for App Analytics and Mobile Engagement


Published on

You’ll learn the key changes that are part of GDPR, how Localytics is supporting the new privacy requirements, and what you need to know to start auditing your data collection processes.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

What GDPR Means for App Analytics and Mobile Engagement

  1. 1. GDPR What it means for app analytics and mobile engagement
  2. 2. Introductions Your Hosts Charlie Case Localytics Security Program Manager Naike Romain Localytics Product Marketing Manager
  3. 3. This Webinar What this Webinar Is ● It is an overview of how you can use our suite of services in a compliant manner. ● It is about how we support your GDPR compliance as a Data Processor What this Webinar Isn’t ● It is not a comprehensive overview of how you become GDPR Compliant ● It is not about how we are GDPR compliant as a Data Controller ● A replacement for working with your own legal counsel Goal: ● Provide clarity around how you can use Localytics in a GDPR compliant manner.
  4. 4. Agenda ● Overview of GDPR ● Our Role; Your Role ● How Localytics Supports Compliance ● Questions and Discussion
  5. 5. Poll How GDPR ready are you? Just getting started Assessment stage Audit/inventory stage Gap mitigation stage Compliant
  6. 6. What is your role in GDPR compliance? Poll Data Controller Data Processor Both a Controller and Processor Not quite sure
  7. 7. GDPR Overview
  8. 8. The General Data Protection Regulation
  9. 9. Linked VS Linkable Traditional definition of PII: Identifying information such as names, addresses, or government issued identification numbers New definition of PII (PD): Includes as any identifiers that, when combined with other data, may identify an individual. Information like Advertiser ID’s, random/unique Identifiers + behavioral data
  10. 10. Privacy Principles ● EU citizens have the right to dictate and control if and how their personal data is used ● Explicit consent must be granted, not assumed
  11. 11. This applies to you. Yes, you.
  12. 12. Our Role, Your Role
  13. 13. Same Roles, New Responsibilities Data Subject Data Controller Data Processor
  14. 14. You are the Data Controller Localytics is the Data Processor
  15. 15. Data Controller Responsibilities ● Ensuring transparency ● Obtaining and respecting consent ● Collecting only the data necessary ● Protecting all data collected ● Acting on Right to be forgotten instructions ● Instructing the Processor Data Processor Responsibilities ● Process as instructed ● Transparency to you and your end-users ● Protect the data you send ● Provide access to your data ● Provide tools to respect consent ● Provide tools to act on requests to be forgotten How they work together
  16. 16. We Work Together As a controller it’s your job to instruct your processors on how to handle your data. In turn, we support your requirements by giving you the tools to be compliant
  17. 17. Why Should We Care About GDPR “With great power comes great responsibility” - Uncle Ben
  18. 18. How Localytics Supports Compliance
  19. 19. What Data Does Localytics Process? Required ● IP Addresses (not stored) ● Install_ID Configurable ● Advertiser_ID (GAID/IDFA) ● Events/Attributes; Dimensions ● Customer_ID ● First/Last/Full Name ● Email ● Profile Attributes
  20. 20. How Localytics Supports Compliance ● Updated Privacy Policies ● Updated DPA ● Consent ● Right-to-be-Forgotten Methods
  21. 21. - SDK Method setOptedOut - SDK Method setPrivacyOptedOut (new) - Server-Side Profile Attribute (new) - S3 Raw-Log support changes - Pushed to your S3, use your KMS Supporting Consent & Right-to-be-Forgotten
  22. 22. Delete Personal Data and Identifiers - 30 days - Profiles (First/Last/Full Name, Email) - Customer_ID - Advertiser_ID - Unique Identifiers Effectively Orphan the behavioral data How are we going to delete end-users?
  23. 23. Keep your Event and Profile Data Separate *Personal Data shouldn’t be tagged as events/attributes or Custom Dimensions
  24. 24. What’s Next? - New Methods and documentation to be released end of March - Account Managers, MEC’s and support are available to assist you.
  25. 25. Tasks to Consider - Audit/Assess data - Classify Personal Data - Implement latest SDK v5.1 - Implement Consent Solicitation using setOptedOut - Implement ‘Forget Me’ Setting using setPrivacyOptedOut / Privacy Delete Attribute - Sign DPA with your processors - Migrate S3 - If applicable
  26. 26. Questions & Discussion