GDPR ESSENTIALS AND IMPLEMENTATION FOR YOUR ORGANISATION
by
on March 26th,2019

Background

GDPR – General Data Protection Regulation defined by European Union (EU) Law for the Data Protection and Privacy Protection related to all individuals within EU. GDPR was being introduced to give control to individuals over their personal information to be used by businesses and commercials. This regulation entered into force on 25th May 2018; therefore, every single profit-making organisation within EU must have to take consent before accessing user’s data.

GDPR Parties

Before I dive in; let’s understand how GDPR works. There are 3 parties involved in GDPR and every organisation must have to register based on the organisation profile (like in the following)

Publishers

The organisation which runs a platform where they collect data from users are considered as Publishers. Publishers are given full control over which third-party companies they work with, which third-parties they disclose to their users and for what purpose they obtain consent. Publishers needs to show the purposes and vendors category on the website and ask user for the consent of each purpose and category.

Vendors

The organisation like Sell-Side Platforms, Exchanges, Demand Side Platforms, Ad Servers, Data Management Platforms which supposed to use user’s data commercially called Vendors. Vendor needs to be registered as Global Vendor with EU and must be listed in CMP. Publisher can then use the list to show on their platforms. Vendors are being assigned a category based on information they required from consent which are as below;

  • Information storage and access
  • Personalisation
  • Ad selection, delivery, reporting
  • Content selection, delivery, reporting
  • Measurement

CMPs

Consent Management Providers or CMP is the companies which can read and/or set user’s consent status for the vendors chosen by Publisher though a cookie and make them available to third party vendors that publishers choose to work with. CMP manages consent, user’s data, user’s privacy and share the data for which user has given consent.

GDPR Framework and Implementation

IAB Tech Lab has announced a new Transparency & Consent Framework to help publishers, advertisers, and technology companies comply with key elements of GDPR. The technical working group members has developed framework and continue to provide contributions to this repository.

Process of Implementation

We must have to follow GDPR guideline during the implementation process. Main difficulty we faced is lake of information provided about implementation and there are no steps written. So, we must find the steps by our own which resultant breaks our progress and rework of some tasks. With the best efforts of our team we solved all problems and learnt many things even during the implementation. We implemented GDPR as a publisher and CMP which we followed process as below;

Register as a Publisher and CMP

After 5 to 7 days efforts we successfully become verified member of GDPR EU. Now as we became CMP, we must have to register our subdomain with EU and hosted the same on our end. This process again takes some days and requires much technical knowledge about domain and hosting.

Setup Framework on Subdomain

We learnt GDPR framework very deeply to understand data encryption, store data, accessing data etc. Then, we apply all functionality, custom functions and framework on our subdomain registered with EU. As we could not find much information about implementation and flow on EU portal, we need to develop everything by learning ourselves which requires deeply technical knowledge, server knowledge and framework knowledge. We need to be sure that framework node will always keep in running mode on server so users can save or get information anytime. We handle this challenge very well too.

Take Consent and Collect Information

After completing registration process, the main part begins. This is almost the main part of implementation and if we fail at one place, it may create a huge problem to publisher. So, we have taken extra care during this process. We must have to give proper and full information to platform user where they can select category of information and give consent. Once user gives consent, we implement feature, so it collects information based on user’s consent and vendors’ requirement.

Processing the Data

Processing the data is very important part of process. We need to learn hash function of GDPR framework and encrypt all the data accordingly. We are not allowed to make any single mistake in that otherwise it may be stolen.

Saving Data on CMP Subdomain

Main difficulties we faced is to send data on EU subdomain in very specific format. This step must be handled very carefully otherwise data won’t store on CMP subdomain and won’t be accessible too. It takes many days for us to make it fully functional.

Global Function for Vendors on CMP Subdomain

As we are CMP so we must write one global function for vendors so they can access stored data and use according to their requirement. Framework provides high level information only. So, we studied everything in depth and prepare function which tested by third party vendors successfully and received response with proper data. Huge success for us!

Challenges in Implementation

Our GDPR development cycle was amazing with full of challenges;

  • Very less information given about GDPR.
  • Missing step by step information about development flow.
  • There is no open source sample code available to implement.
  • Consent string parameters information is not given, very hard to understand everything.
  • Requires much knowledge of JavaScript to implement all process of GDPR.

Solutions We Applied

  • We did research in depth and gathered as much information as we can.
  • Prepare development and implementation steps by our own.
  • We found some codes on GIT, studied that as well.
  • Merge codes which we found from GIT, apply our logic in that to make it work.
  • Resolve all errors and do customization as required.

In Conclusion

Finally, there was a great and exiting journey for us to implement GDPR. We stuck at many places, faced challenges and at the last we overcome from everything. GDPR is applied properly but they are still required to work in technical side to make it smooth.

Connect to us

We, at Minddeft, bring constant technological innovation to your business by leveraging the potential of Blockchain technology.Our expertise lies in Ethereum, Hyperledger, Quorum, Python, React and most popular platforms related Blockchain.

Drop us a line to discuss how can we help you.