GDPR Questions:

Who must comply with the GDPR?

Any organization that stores or processes personal information of EU residents is obliged to comply with the GDPR, even if the organization is located outside the EU. The GDPR currently protects personal data of residents in the following countries:

List of countries covered by the GDPR

Austria	Estonia	Italy	Portugal
Belgium	Finland	Latvia	Romania
Bulgaria	France	Lithuania	Slovakia
Croatia	Germany	Luxembourg	Slovenia
Cyprus	Greece	Malta	Spain
Czech Republic	Hungary	Netherlands	Sweden
Denmark	Ireland	Poland	United Kingdom

Austria	Estonia
Italy	Portugal
Belgium	Finland
Latvia	Romania
Bulgaria	France
Lithuania	Slovakia
Croatia	Germany
Luxembourg	Slovenia
Cyprus	Greece
Malta	Spain
Czech Republic	Hungary
Netherlands	Sweden
Denmark	Ireland
Poland	United Kingdom

Note: The GDPR still applies to UK residents after Brexit, as the United Kingdom has retained identical requirements in its own UK-GDPR.

There are some exceptions, however. Organizations with fewer than 250 employees are free from the majority of record-keeping obligations (see Article 30.5) unless their processing of personal data:

is likely to result in a risk to the rights and freedoms of data subjects
is not occasional
includes special categories of data described in Article 9
includes personal data relating to criminal convictions and offenses described in Article 10

Who must comply with the GDPR?

Any organization that stores or processes personal information of EU residents is obliged to comply with the GDPR, even if the organization is located outside the EU.

The GDPR currently protects personal data of residents in the following countries:

Why should you comply with the GDPR?

Meeting GDPR requirements can help your organization to:

Protect customer and employee data

The GDPR sets high standards for personal data security, obliging data controllers and processors to protect sensitive personal data. Ensuring secure data processing is a reliable way to minimize the risk of security incidents.

Maintain your reputation

Neglecting data privacy regulations may harm your reputation. For example, experiencing a data breach will lead to investigations, fines, and potential lawsuits. Staying compliant with GDPR requirements can help you avoid data breaches and maintain the status of a trustworthy and professional organization in the public eye.

Ensure customer loyalty

People want to know that their data is safe and they have control over it. Customers and businesses are more likely to choose a GDPR-compliant service provider or subcontractor than a non-compliant one.

Avoid fines and lawsuits

Non-compliance with the GDPR may lead to investigations, penalties, and even data breaches. Up to 110,000 personal data breaches have been reported to GDPR regulators between 2022 and 2023, resulting in a total of nearly €1.64 billion (≈ $1.74 billion) in fines.

Fines for non-compliance may reach up to 4% of annual global turnover or €20 million (whichever is greater). The largest GDPR fine so far paid by a single company was €746 million (≈ $790 million). The size of a fine depends on multiple factors, including:

The duration and severity of the violation
The degree of cooperation with the supervisory authority
The categories of personal data affected

The GDPR compliance process requires a deep understanding of the regulation. So before proceeding to the GDPR data protection checklist, let’s take a quick look at the fundamental principles behind the GDPR.

What data is exactly processed and for what purpose in Netmera?

Netmera processes user profile information (installation date, weekly visits, monthly visits), device information (platform, model, OS version, app version, SDK version, registration status, installation status, advertising permission), event information (app events, updates, push clicks, disable push, dismiss push, enable push, first app open, app opens, app reinstalls, popup shown, time in app, app uninstall, web view action, mobile widget action, mobile widget shown, received transactional push, and custom events created by the customer), previously sent push campaign message information, and SMS and email communication permission information. The purpose of processing this data is to facilitate marketing activities for customers in a reliable manner. Netmera identifies users through hashed tokens. Netmera does not collect any data specifically for user identification purposes.

The custom events and custom profile attributes intended to be gathered on Netmera are defined and standardized according to customer requests and needs during the integration phase. Thanks to this standardization, custom events and profile attribute data can be analyzed and reported in detail in analytical modules.

Netmera’s analytical features enable trend analysis, data comparison, and segmentation based on these data, allowing targeting of users. The purpose of this standardization is to facilitate data analysis for the customer. Customers can mark these custom events and profile attributes as private information. Private data is processed in an encrypted format. The transmission of this data via SDK and REST API is also performed in an encrypted manner.

Where exactly are the Netmera servers located?

Netmera can perform server installations on any location through AWS.

Who would have access to the data?

Only authorized personnel authorized by the customer can access the data. The activities of these individuals on the data are logged in detail. Netmera’s operations team has access to the data based on specific permissions. They can only access the data with permission from the customer in case of technical issues.

Netmera operates on a multi-tenant architecture. Netmera customers can only use the features assigned to them through their own panels. They have no access to Netmera’s database or code in any way.