GDPR Questions:
Who must comply with the GDPR?
List of countries covered by the GDPR
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
Note: The GDPR still applies to UK residents after Brexit, as the United Kingdom has retained identical requirements in its own UK-GDPR.
There are some exceptions, however. Organizations with fewer than 250 employees are free from the majority of record-keeping obligations (see Article 30.5) unless their processing of personal data:
- is likely to result in a risk to the rights and freedoms of data subjects
- is not occasional
- includes special categories of data described in Article 9
- includes personal data relating to criminal convictions and offenses described in Article 10
Who must comply with the GDPR?
Any organization that stores or processes personal information of EU residents is obliged to comply with the GDPR, even if the organization is located outside the EU.
The GDPR currently protects personal data of residents in the following countries:
Why should you comply with the GDPR?
Protect customer and employee data
Maintain your reputation
Ensure customer loyalty
Avoid fines and lawsuits
Non-compliance with the GDPR may lead to investigations, penalties, and even data breaches. Up to 110,000 personal data breaches have been reported to GDPR regulators between 2022 and 2023, resulting in a total of nearly €1.64 billion (≈ $1.74 billion) in fines.
Fines for non-compliance may reach up to 4% of annual global turnover or €20 million (whichever is greater). The largest GDPR fine so far paid by a single company was €746 million (≈ $790 million). The size of a fine depends on multiple factors, including:
- The duration and severity of the violation
- The degree of cooperation with the supervisory authority
- The categories of personal data affected
The GDPR compliance process requires a deep understanding of the regulation. So before proceeding to the GDPR data protection checklist, let’s take a quick look at the fundamental principles behind the GDPR.
What data is exactly processed and for what purpose in Netmera?
Netmera processes user profile information (installation date, weekly visits, monthly visits), device information (platform, model, OS version, app version, SDK version, registration status, installation status, advertising permission), event information (app events, updates, push clicks, disable push, dismiss push, enable push, first app open, app opens, app reinstalls, popup shown, time in app, app uninstall, web view action, mobile widget action, mobile widget shown, received transactional push, and custom events created by the customer), previously sent push campaign message information, and SMS and email communication permission information. The purpose of processing this data is to facilitate marketing activities for customers in a reliable manner. Netmera identifies users through hashed tokens. Netmera does not collect any data specifically for user identification purposes.
The custom events and custom profile attributes intended to be gathered on Netmera are defined and standardized according to customer requests and needs during the integration phase. Thanks to this standardization, custom events and profile attribute data can be analyzed and reported in detail in analytical modules.
Netmera’s analytical features enable trend analysis, data comparison, and segmentation based on these data, allowing targeting of users. The purpose of this standardization is to facilitate data analysis for the customer. Customers can mark these custom events and profile attributes as private information. Private data is processed in an encrypted format. The transmission of this data via SDK and REST API is also performed in an encrypted manner.
Where exactly are the Netmera servers located?
Who would have access to the data?
Only authorized personnel authorized by the customer can access the data. The activities of these individuals on the data are logged in detail. Netmera’s operations team has access to the data based on specific permissions. They can only access the data with permission from the customer in case of technical issues.
Netmera operates on a multi-tenant architecture. Netmera customers can only use the features assigned to them through their own panels. They have no access to Netmera’s database or code in any way.