Published on September 03, 2018/Last edited on September 03, 2018/4 min read
It’s been a long time coming. From those early discussions about updating European Union privacy laws to the passage of the General Data Protection Regulation (GDPR) in 2016 to this Friday, when GDPR is going to begin to be enforced.
As the days ticked down, some companies panicked. Others buried their heads in the sand. But at Braze (formerly Appboy), we got to work—taking the steps necessary to ensure material compliance for ourselves and to ensure that our Services enable our customers to comply with GDPR in their use of our Services. It was a big job, but an important one: data privacy and security are essential parts of customer engagement, and organizations that fail to comply with GDPR can face fines of up to 20 million euros or 4% of global revenue, whichever is higher. This isn’t something you want to leave to the last minute.
At Braze, getting ready took months of preparation, major investments of time and effort, and support from one of the EU’s leading privacy and compliance firms. Let’s dig into that three-pronged effort, and what it means for our clients, partners, and more:
As a global brand, Braze has clients, employees, vendors, and partners based in Europe—and under GDPR, all EU data subjects are covered by the expanded privacy rights set forth in the Regulation. To ensure that personal data that is processed by Braze is done so in accordance with GDPR, Braze made a series of updates, including:
These changes don’t just allow us to comply with GDPR—they provide real value to our clients and web visitors, making it easier to understand and take ownership over how their data is collected and used, as well as the messages they receive.
While these preparations are important, our focus on GDPR compliance doesn’t stop there. Under GDPR, companies like Braze that help other brands manage and act on the customer data they collect are known as data processors and are required to take steps to help their clients comply with GDPR. At Braze, we take that obligation seriously and have made a number of proactive changes to our platform to make it easier for our clients to respond quickly and effectively to GDPR-related requests from their customers.
In particular, we’ve taken steps to allow clients to leverage the Braze platform’s REST APIs and SDKs to carry out more nuanced actions related to personal data. With Braze, it’s now possible to:
No company is an island in today’s highly networked, data-powered technology landscape. To fully comply with GDPR, brands need to know that all the technology vendors and partners they work with are just as serious about compliance as they are.
Braze recently partnered with Amplitude, Appsflyer, and mParticle to launch OpenGDPR, a new, open compliance framework designed to help brands to be in compliance with GDPR-mandated data deletion rights. Additionally, Braze partner Segment recently announced a suite of new product features designed to streamline their clients’ compliance with GDPR rights requests. These features include the ability for brands to forward user deletion requests to many of Segment’s integrated partners, including Braze.
To learn more about GDPR and what it means for your business, check out 17 Things You Need to Know about GDPR. If you want to take a deeper dive into Braze and our GDPR compliance efforts, take a look at: