The EU Data Protection Regulation (GDPR) sets a new standard for how companies use and protect EU citizens' data. It goes into effect May 25, 2018.
At Yapp, we have always valued the privacy of our customers and end users. We have always worked hard to store your data in a secure manner, collect only what you would expect to run and improve the service, and be transparent about the use of your data on our platform.
This new regulation sets an even higher bar for data protection and privacy, and in the past months we have worked hard to prepare for GDPR. Below you'll find some more information on GDPR and Yapp's compliance with the new law.
What is GDPR?
The EU General Data Protection Regulation (“GDPR”) is a comprehensive data protection law that came into effect on May 25, 2018. The law strengthens the protection of “personal data” and the rights of the individual. It's a single set of rules which governs the processing and monitoring of EU data.
Does GDPR affect me?
If you are a Yapp user from the EU and/or are an app creator with users in the EU, then GDPR applies to you. As an EU citizen, under GDPR you have extended rights as it pertains to the portability and deletion of your personal and app usage data. As an app creator, you have that same responsibility towards users of your app which Yapp will help you fulfill.
How Yapp prepared for GDPR
Our team worked hard to ensure we complied with GDPR. Here are some things we did to ensure we set up ourselves and our users to meet GDPR obligations:
We reviewed current features for GDPR compliance
Yapp already allowed data portability for its customers. You can export your content from the app, data about who downloaded your app (if you chose to collect it), and your app analytics (if you chose to collect it).
We also implemented a process to delete user data upon request [link].
We updated our Terms of Service to better align with our current service offerings, to ensure that we continue to be transparent about our practices, and to better balance each party's responsibilities to each other.
We created a Data Processing Agreements (DPA):
Strong data protection commitments are a key part of GDPR’s requirements. Our Data Processing Agreement shares our privacy commitments and sets out the terms for Yapp and our customers to meet GDPR requirements. If you need a signed version of the DPA, please email us at firstname.lastname@example.org
We certified for International Data Transfers:
The EU-US Privacy Shield is a framework negotiated and agreed by the European Commission and U.S. Department of Commerce as a lawful way of transferring personal data.
To comply with EU data protection laws around international data transfer, we have filed our certification under the E.U.-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield framework.
We coordinated with our vendors
We’re reviewing all our vendors, finding out about their GDPR plans and arranging similar GDPR-ready data processing agreements with them.
We reviewed our security measures
Security is a priority for us. You can read our security white paper here
Feel free to reach out to us via chat or you can email email@example.com with GDPR related questions.