The European Union has taken an important step in protecting the right to privacy for EU citizens with the General Data Protection Regulation (GDPR), effective from May 25, 2018.
EU residents will now have greater control over how their personal data is used.
We have been working to guarantee MobiLoud's own compliance, and assessing how it will affect our own customers.
Does the GDPR affect me?
Most likely, yes!
It applies to all businesses with customers, users or website visitors who are from the EU. This means that any organization in the world that works with EU residents' personal data in any manner has obligations to protect their users' data and be GDPR compliant.
MobiLoud customers typically act as the "data controller" for any personal data their app collects directly or that they provide to Third Parties (who will generally be "data controllers") in connection with their mobile apps. This means that data is under the customer’s control. Controllers are responsible for obligations like fulfilling EU citizens' rights concerning their personal data. As a data controller, you should get familiar with the GDPR and prepare a plan to become compliant.
Since we will not collect or process any of your users' data, so we shouldn't qualify as a "data controller" nor a "data processor" for any data collection and processing originating from the apps we help you publish.
What should I be doing to ensure my mobile app is GDPR compliant?
- We strongly encourage you to address the issue of GDPR compliance for your mobile app with a lawyer and get familiar with the main concepts of the regulation. Here's a good summary and our own blog post with how GDPR affects mobile apps specifically.
- As a data controller, it's your responsibility to ensure the companies that may handle your users' data at any point in time are GDPR compliant. You'll want to have a written agreement in place with them that meets the GDPR standards.
- Depending on how you configure your app, it may connect to Third Party Services including advertising providers such as Google’s Admob or a push notifications provider, like Onesignal. Your use of Third Party Services is solely between you and the respective third party and will be governed by the Third Party’s terms and policies. It is your responsibility to review them before using their services.
- When we have entered into relationships with Third Party providers on our customers' behalf (for example Google for its Crashlytics service or Pushbots and Onesignal for push notifications) in order to provide a service to our customers, we are recommending customers to register their own third-party accounts and have their profiles transferred to them, so that they are in a direct contractual relationship with those providers and therefore able to meet the requirements of the GDPR. If you don't have your own push notifications account get in touch so we can assist you in this transition.
- Similarly, for customers that have their apps hosted on our Google Play or App Store accounts, we will recommend having their own accounts created and their apps transferred. If you don't have your app on your own App Store and Google Play accounts, get in touch so we can assist you in this transition.
How is MobiLoud preparing for GDPR?
Our policy is to respect all laws that apply to our business including GDPR. We also know that our customers have requirements under GDPR. We are committed to helping our customers stay in compliance with GDPR and their local requirements through our services.
- MobiLoud is committed to following appropriate security measures and precautions in accordance with GDPR. We're adding data encryption wherever we can.
- We’re reviewing all our providers, finding out about their GDPR plans and arranging data processing agreements with them.
- Where we are transferring data outside of the EU, we are committed to appropriate data transfer mechanisms as required by GDPR.
- MobiLoud will assist with notifying regulators of breaches and promptly communicating any breaches to our customers.
- We will hold any subprocessors that handle your personal data to the same data management, security, and privacy practices and standards to which we hold ourselves.
- We will ensure that employees and contractors authorized to process personal data have committed to confidentiality agreements.
- We are building the necessary features that will enable our customers to easily meet their GDPR obligations. This will include ways for users to give and remove their consent to data collection. Much of this functionality requires third-party services to provide an API for data removal, which not all provide at the moment.
- We are updating the Third Party SDKs included in the apps to GDPR compliant versions as soon as they are made available by Third Parties. We will update customer apps to include these updated SDKs at no additional cost for any active subscriber and Lifetime License holders within 12 months from purchase or with an active Service Package.
How does MobiLoud store my data?
Where can I learn more about GDPR?
Luckily, there are many different resources you can use to help you prepare for GDPR.
- Read the General Data Protection Regulation as published by the European Parliament.
- You can self-certify your business under the EU-US Privacy Shield Framework. This provides companies on both sides of the Atlantic with a mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States.
- Read our blog post on creating a GDPR compliant mobile app.
Third Party Services you may use in your app
Your app includes a number of SDKs to allow functionality from analytics to advertising, as well as crash logging and push notifications delivery. These services are linked to below. Some of these will not be active unless you're signed up with them specifically to use them in your app. Some, like Google Firebase, Pushbots or OneSignal are required for the app to be able to receive push notifications.
- Google DFP Policy & Terms and GDPR information (GDPR ready SDK not available yet). Certified with Privacy Shield.
- Fabric (Crashlytics, Answers) Policy & Terms and GDPR information
- Facebook Audience Network Policy. Certified with Privacy Shield.
Feel free to contact us us if you have any further questions about your MobiLoud app and GDPR compliance.