GDPR (General Data Protection Regulation) was introduced in Europe on May 25, 2018. The regulation is focused on to the collection of personal information, and brings strict penalties of up to 4% of gross annual worldwide revenue or €20M (whichever is greater) for each violation. The rules and penalties can apply to companies based in any country, and customers based in any country, if a company has any sustained business presence in Europe (such as a small sales or support office) or does business with any European subjects.
Arm Treasure Data helps you to comply with GDPR in the following ways:
- Data Retention Policy
- SDK Controls
- Sites and Endpoints
Data Retention Policy
Our data retention policy is described here.
Data Retention in Presto
Customer data that you collect using Treasure Data can be permanently deleted by using the Presto DELETE function.
GDPR-ready releases of our SDKs have been made available prior to the May 25 GDPR deadline, including:
- Release 2.1.0 (JS SDK) - https://github.com/treasure-data/td-js-sdk#data-privacy
- Release 0.1.9 (Unity SDK) - https://github.com/treasure-data/td-unity-sdk-package#gdpr-compliance
- Release 0.1.27 (iOS SDK) - https://github.com/treasure-data/td-ios-sdk#gdpr-compliance
- Release 0.1.18 (Android SDK) - https://github.com/treasure-data/td-android-sdk#opt-out
How do I ensure I am in compliance with GDPR when using the SDK?
Developers using the SDKs should upgrade to the latest SDK.
Consult with your Privacy officer and Legal team, before collecting or enabling collection of personal data using Treasure Data provided SDK’s. Then, after appropriate reviews by your company, you can explicitly enable collection of personal data for events if this is in line with your legal obligations and your company’s chosen data privacy posture.
The documentation for each SDK, hosted in GitHub, explains the new data privacy-related controls and how to re-enable data collection. If you have technical questions about the use of the SDKs, contact Treasure Data support or customer success for implementation guidance.
EU Site and Endpoints (aws)
Arm Treasure Data accounts can use a data site in Europe. Data that is assigned to the EU service physically resides in Germany, to comply with both GDPR and the German Privacy Act (Bundesdatenschutzgesetz). For details, see Sites and Endpoints.
Treasure Data and Segmentation for Marketing
You can read more information about Treasure Data as a customer data platform and GDPR here.