The EU General Data Protection Regulation will enter in force on May 25th 2018. For a matter of transparency, you will find bellow the roadmap Kwanko followed to comply.
The goal of this page is also to gather in a single place all relevant legal and informational documentation that came out of our work.
Kwanko gathered a group of stakeholders to audit all personal data processed for its activity.
The result of the work is a personal data mapping, with for each personal data, the following information :
As an example the mapping went through the followings: cookie tracking, event tracking, our PartnerTag technology, our email de-duplication tool, all our lead generation products…
Each time, we have paid a specific care to Kwanko’s role and the legal basis of the processing.
This mapping will help us to build our record of operations, that will be available in the documentation below.
Kwanko built some training courses via its internal dedicated tool to grow the awareness of its team on the topic. The training courses will be extended in time.
In addition, we reviewed some internal procedures to make sure all personal data is processed with the required confidentiality.
Finally, we reviewed our internal regulation.
Kwanko updated its publishers Terms & Conditions. They will be communicated and accessible through Kwanko’s platform as of May, 25th.
We designed a Data Protection Addendum (DPA) for our advertisers, in particular to bring their attention on their Data Controller role.
We will make available our Record of Operations as well as our Cookie Inventory.
Kwanko nominated a DPO, you can reach him on: firstname.lastname@example.org
Kwanko has been active in its french professional syndicate (CPA) where we have been working closely with our peers. CPA will be publishing the results of our work in April 2018.
Kwanko will be waiting for the final version of the ePrivacy regulation (especially for all which concerns web navigation data).
As part of our publisher’s network, we consider you first and foremost as a partner. This is why we think that together, GDPR can become more an opportunity rather than an obstacle.
First, lets not forget that GDPR’s goal is to offer a better experience and build more trust to our users, who, at the end of the day, allow you like us to grow our business. We believe that if users have more trust in publishers and advertisers, the regulation will have an overall positive impact.
By being relevant and transparent, we will be, together, on our way to compliance.
3 concrete examples:
|GDPR impact||What it means||What does Kwanko do about it|
|Definition of roles||Publishers are Data Controller for all data collected and transferred to Kwanko or its advertisers. That means that publishers are responsible of the legal basis of the processing of all personal data, whatsoever its form (argsite, email, phone number…). Kwanko is the Data Processor, as a supplier of technical means.||Kwanko has updated its Terms & Conditions and brings its help to publishers, for instance with this web page.
|Consent||Publishers, as Data Controllers, have the obligation to collect the consent of users for each given processing, and according to GDPR guidelines.
||Kwanko has updated its Terms & Conditions and brings its help to publishers, for instance with this web page.
|Minimization||Together, the publisher and Kwanko, commit in collecting, storing and processing only the personal data necessary for the final purpose, as well as storing personal data only the time necessary for the given purpose.||While mapping its personal data, Kwanko went through all of them to define the maximum storing time.
Technical actions to automatically delete data are under process.
|User Rights||Together, the publisher and Kwanko commit themselves in offering the right “to access” and “to be forbidden” to all users who would make the demand. Also, we commit in facilitating the fulfillment of the demand.||Kwanko is simplifying the process of demand for access, transfer, modification or deletion of a user personal data.
|Safety||Together, the publisher and Kwanko commit in offering a secured environment for the collection, transmission and storage of all personal data they process.
Example : pseudonymization by an MD5 hash will support the security of a personal data (ex : email) transmission.
|Kwanko has set up internal process to make sure all its team is aware of the confidentiality required by processing personal data.
Kwanko designed a Security Policy.