The General Data Protection Regulation, or GDPR for short, is a special regulation adopted by three main legislative bodies of the EU. They are the European Commission, the European Parliament, and the Council of the European Union. That document regulates the acquisition and processing of personal data within the European Union, and also applies to the foreign companies and individuals that acquire and process EU users’ personal data. The regulation was adopted on April 27, 2016 and entered into force on May 25, 2018.
Privacy and Electronic Communications Directive 2002, or ePrivacy for short, is a directive that also serves to protect users’ personal data. It is more applicable to advertising and marketing and focuses more on cookies, spam, confidentiality, etc. The primary goal of ePrivacy is to protect personal user data in the digital age.
The next revision of this legal act called the ePrivacy Regulation is currently pending. The Regulation, as compared to the Directive, will be mandatory and will elaborate on certain document provisions deeper.
Software vendors have to make a lot of changes in their existing technical solutions in order to comply with both GDPR and ePrivacy, or create their projects initially taking into account those legal acts. Having extensive development experience, we can assist you in either approach, so that you will be able to interact with EU users without any legal issues regarding GDPR and ePrivacy.
Those legal acts touch upon all the software development areas, though AdTech and MarTech are particularly at risk. Here is an approximate list of tools that our team can develop and implement in your product:
Tool to acquire user consent for activities whereby their data is disclosed to third-parties, tracked, or examined.
Utility to identify users who have expressed such consent in order to take appropriate actions, e.g. store their login information or display relevant ads.
System to anonymize, encrypt, and provide proper protection to the data thus obtained.
Mechanism to perform an operation called “data minimization”, which involves processing only those fragments of data that are vital to complete specific activity.
The system should process data only based on legal grounds, such as user consent, legal duty, terms of usage, etc.
Data provided to the subjects should be presented in a brief and accessible format.
Data should be collected only for a particular, univocal, lawful purpose.
The amount of data to be processed should not surpass the minimum requirement value regarding the purposes of a system.
Data should be veracious and correct.
Data should not be kept in a way that requires identity verification unless otherwise provided.
Data processing should be safe and protected against illegal actions, damage, or loss.
Data host is liable for compliance confirmation.
Fill out the form below and we’ll get in touch within 24 hours