General Data Protection Regulation (GDPR)


On May 25, 2018, the EU General Data Protection Regulation (GDPR) goes into effect across the European Union. GDPR replaces the 1995 EU Data Protection Directive. It is designed to standardize data privacy laws across Europe, to protect and empower all EU citizens’ data privacy and to reshape the way organizations across the region approach data privacy.

Rest assured, InMobi is fully committed to GDPR compliance across every aspect of our business. As a trusted partner of leading brands across the globe, InMobi is dedicated to protecting consumer privacy while generating value for our publisher partners and creating a safe and transparent marketplace for advertisers. As part of this promise to our customers, InMobi is dedicated to helping each and every one of our valued partners ensure they’ve taken the appropriate steps to ensure GDPR compliance.

piyush
"InMobi has always been dedicated to trust and transparency, and we see GDPR not as a challenge, but as an incredible opportunity for new innovations in the industry which will ultimately improve the customer experience while protecting personal privacy."
Piyush Shah
Chief Product Officer, InMobi

What is GDPR and how does it affect your business?


GDPR is the new regulatory framework that protects the personal data of individuals in the European Union (EU) and must be adhered to by all businesses that collect or process such data.

The GDPR expands the definition of ‘personal data’ to mean any information relating to an identifiable person who can be directly or indirectly identified by reference to an identifier. This definition provides for a wide range of personal identifiers to constitute personal data, including name, identification number, location data or online identifier, reflecting changes in technology and the way organizations collect information about people.

The key stakeholders in GDPR are defined as follows:

  • Subject

    the user whose data is being controlled or processed

  • Controller

    the entity that determines the purposes and means of processing the data

  • Processor

    the entity that processes personal data on behalf of the controller

The GDPR places legal obligations on both the controller and processor as follows:

Failure to comply with GDPR can result in strict penalties for non-compliant companies. As a trusted custodian of your data (either as a controller or a processor), InMobi is fully committed to compliance and to helping you on your GDPR compliance journey.

GDPR READINESS:

A shared responsibility between Advertisers, Publishers and Ad Ecosystem Partners


GDPR regulation will have a far-reaching impact on the digital advertising world as it prioritizes the security and protection of the personal data of all EU residents. While it puts new regulation on all the players in the ad tech ecosystem, it is also an opportunity for creating a direct and transparent relationship with the user that respects their rights and wishes to their own personal privacy.

GDPR places new compliance measures on both the data controller and the data processor, meaning the journey to achieving compliance will be a responsibility shared between advertisers, publishers, ad networks and others partners in the ecosystem.

What is InMobi doing towards GDPR readiness?


As a trusted partner of leading brands across the globe, InMobi is committed to data protection and protecting consumer privacy while creating a safe and transparent marketplace for advertisers and generating value for our publisher partners.

  • Data storage

    InMobi will only store user data for commercially reasonable periods. We will also ensure that, in accordance with GDPR requirements, all individually identifiable data transferred outside of the EEA will be subject to appropriate documentation as recommended by GDPR.

  • Data security

    InMobi will take every reasonable effort to safeguard user data and will provide you with timely notification of any data breaches as per the GDPR requirements.

WHAT CAN YOU DO?


PUBLISHERS

If your app currently monetizes or has plans to monetize in the European Economic Area (EEA) in the future, you must become GDPR-compliant by following these six compliance measures:

  • Obtain, maintain and communicate to InMobi a valid consent from your EEA end users to receive targeted ads. The consent can be obtained with users opting in for your application’s terms of consent or privacy policy. Also, notify InMobi of any opt-out or modification to the personal data from the end-user.
  • Update your InMobi (SDK, API or JS Ad Tag) connection. Detailed directions with regard to InMobi’s collection, transmission, processing and treatment of user data for ensuring sufficiency of consent will be released on our website.
  • Flag your application(s) or site(s) as a Child App, if your mobile app’s content is directed towards children below 16 years of age.
  • Do not share any unsolicited personal information with InMobi.
  • Notify InMobi in case of any data breach incidents. Also, assist InMobi in handling any data breach incidents including timely notifications to the DPO/ICO/data subjects, as mandated by GDPR.
  • Sign the terms of the InMobi GDPR Addendum. We will soon be sharing the addendum with contractual requirements to continue receiving ads from InMobi for your EEA end users.
ADVERTISERS

For advertisers to maintain GDPR compliance, the following steps must be taken. If you provide users’ personal data to InMobi for campaign optimization:

  • Ensure that the necessary measures have been taken to securely obtain, transmit and retain data.
  • Acknowledge in writing that consent has been sought from users on, behalf of InMobi, to use their personal data.
  • Communicate all measures InMobi must conduct as a data processor such as specific use case, parameters for data retention and disposal, disclosure to third parties, etc.
  • In cases where InMobi has agreed to share data provided by you with mobile measurement and data partners, a data protection agreement will need to be executed between your company and InMobi as well as between your company and the mobile measurement and data partners.
  • Agree to the terms of the InMobi GDPR Advertiser Data Protection Rider to continue advertising to EEA end-users.

CONTACT US

To learn more about GDPR and let InMobi help in your journey to achieve compliance, please email gdprcompliance-group@inmobi.com

Click here to read the frequently asked questions (FAQs) regarding GDPR.

This page is indicative of InMobi's GDPR readiness exercise and does not provide for an exhaustive guidance with regard to GDPR compliance requirements.