For most businesses, May 25 is quickly approaching as a day of unknowns. It’s the day the European Union’s new regulation, the General Data Protection Regulation (GDPR), kicks in. It’s a new set of laws that are aimed at enhancing the protection of EU citizens’ personal data. It increases the obligations organizations have to deal with data in a secure and transparent way. The GDPR applies to all businesses that control or process EU citizens’ data, which means it likely affects you, our Sideqik customers.
[Under the GDPR] companies must be clear and concise about their collection and use of personal data like full name, home address, location data, IP address, or the identifier that tracks web and app use on smartphones. Companies have to spell out why the data is being collected and whether it will be used to create profiles of people’s actions and habits. Moreover, consumers will gain the right to access data companies store about them, the right to correct inaccurate information, and the right to limit the use of decisions made by algorithms, among others.
The law protects individuals in the 28 member countries of the European Union, even if the data is processed elsewhere. That means GDPR will apply to publishers like WIRED; banks; universities; much of the Fortune 500; the alphabet soup of ad-tech companies that track you across the web, devices, and apps; and Silicon Valley tech giants.
At Sideqik, we’re committed to not only making sure we are compliant with the new regulations, but that our customers are as well. Sideqik, by nature, is a consent-based platform. Users specifically give consent to enter promotions or apply to an influencer program. The personal data they provide is only ever shared with the owner of the account. This means Sideqik acts as a data processor on behalf of our customers.
A user needs to be given notice that you are using cookies to track them and needs to consent to those cookies. This most likely applies if you are using analytical tracking pixels like Google AdWords, Facebook Pixel, or Sideqik’s Conversion Tracking. More regulations surrounding this topic are pending. Facebook has thorough guidelines here. For now, any questions can be directed to email@example.com.
To help our customers meet GDPR verification Sideqik has announced a Data Processing Addendum (DPA). The DPA is an easy-to-execute document that, once signed, can show auditors that customers use Sideqik in a way that lets them demonstrate their data is being processed in a way that is compliant with the GDPR. To obtain a DPA, please email firstname.lastname@example.org.
If you’ve discovered a vulnerability in the Sideqik application, please don’t share it publicly. Instead, please submit a report to us email at email@example.com in the below format. We review all security concerns brought to our attention, and we take a proactive approach to emerging security issues.
Subject: VDP –
Your_name (or pseudonym):
Impact to confidentiality? Y/N
Impact to integrity? Y/N
Impact to availability? Y/NSteps to replicate:Step one
Proof of concept screenshot – scrubbed of any PII or sensitive information, if applicable.
If you believe your account has been compromised or you are seeing suspicious activity on your account please email firstname.lastname@example.org.