GDPR, or the General Data Protection Regulation, is a set of rules and regulations that established certain new protections for the personal data of EU residents and new responsibilities for keepers of such data.
Even if your audience is not primarily from the EU, GDPR is a good future-proofing protocol. Here is the process to follow in order to achieve data regulation compliance while using Feathr.
- Data Protection Addendum: sign a standard Data Protection Addendum (DPA) that establishes a legal basis and requirement for Feathr's compliance as a Data Processor under GDPR. Feathr's DPA is available to view, download, and sign here.
- Ensure consent management: GDPR requires that you make sincere effort to gather explicit consent for the data you collect and each enumerated use of those data. For web-tracking this is now done with the use of a Consent Management Platform. Once installed, Feathr has a Consent Management offering which can automatically ask each new website visitor for such permissions. You are free to use a separate Consent Management Platform with Feathr as long as it is compliant with the IAB Technical Specifications for GDPR Transparency and Consent Frameworks.
- GDPR Individual Data Rights: GDPR requires that you provide your data subjects (website visitors, users, etc.) the ability to view and manage the data that you store for them. See https://www.feathr.co/privacy-policy for information about how your data subjects access their GDPR data rights in collaboration with Feathr.
For more information about the technical and organizational security measures that Feathr employs to protect the data that our clients entrust to us, click here.