GDPR is all the buzz, and for good reason. These regulations have a direct influence on how a major portion of the advertising world operates. Let’s take a look at how GDPR influences the way PushSpring does business.

What is GDPR?

The General Data Protection Regulation (GDPR) takes effect May 25, 2018, and is designed to give consumers in the European Union more control and transparency over their personal data. Moreover, the GDPR defines personal data broadly so as to include pseudonymous digital identifiers such as cookie ID’s, IP addresses and mobile advertising IDs.

As part of PushSpring's commitment to compliance, we are implementing some important updates to our approach to data collection in the EU.

Who is affected by the GDPR?

While PushSpring does not have a physical presence in the EU (i.e., an office), non-EU established companies are still required to adhere to the standards set by the GDPR in a specific instance. In cases where companies process personal data about EU data subjects in connection with “monitoring” the behavior of EU data subjects, GDPR should be applied. In other words, processing personal data of EU data subjects for marketing purposes would subject PushSpring to the GDPR.

How Has PushSpring Responded?

In response, PushSpring has implemented a variety of mechanisms that will effectively stop any collection of EU-based device data going forward. In particular, when any of our data collection technology is used on a device, our systems are able to detect whether or not the device is located in the EU. For EU-based devices, our data center immediately deletes that data prior to processing. As a result, the PushSpring platform will not process the data of EU data subjects and will not be subject to GDPR requirements.

PushSpring will continue to offer ethically sourced audience data at scale for digital marketers in non-GDPR countries such as the US and Canada, in full compliance with local laws as well as DAA guidelines governing data collection, use, and processing.