General Data Protection Regulation Compliance

The General Data Protection Regulation (GDPR) governs how data on individuals is collected and processed online. It contains specific guidelines designed to strengthen sensitive data protection and make transparent all elements of data collection, storage and processing. The legislation will come into effect on May 25, 2018.

    Who does the GDPR affect?

    All businesses established in the European Economic Area (EEA) and Switzerland must comply with the GDPR when it comes to handling data of EEA citizens. Companies from countries outside the EEA that collect data of EEA citizens must also comply or face stringent fines. There are steps that companies themselves can take to become compliant, but compliance with the GDPR significantly depends on how your own resources operate.

    How does Yandex.Audience comply with the GDPR?

    We are fully committed to provide Yandex.Audience in a manner compliant with the GDPR. The following is a list of steps we are in the process of taking to achieve GDPR compliance:

    1. Full control of your data uploaded to Yandex.Audience — done.

      The Yandex.Audience interface provides you with an opportunity to manage segments in a GDPR-compliant manner.

    2. All required assistance and cooperation — done.

      Acting as the processor in regards to your data, we will execute your instructions to delete or block usage of data uploaded to Yandex Audience, as well as cooperate in all GDPR-compliance matters that you can face when using Yandex.Audience.

    3. Data confidentiality — done.

      We adhere to the best practices of making your data secure by implementing all technical and organizational measures as required by the GDPR. Only trusted employees who have committed themselves to securing the confidentiality of your data will be entrusted with its processing.

    4. Simple one-click acceptance of Data Processing Agreement - in progress.

      In the coming weeks, we will introduce the option to digitally accept the Data Processing Agreement. We will make sure that all Yandex.Audience clients who can be affected by the GDPR are informed in time that the Data Processing Agreement is available to be accepted.

    What do our clients need to do?

    1. Ensure that your site’s Terms of Service or Privacy Policy (as well as your partners’) clearly state that user data will be used and processed for the purposes listed in the Audience: Terms of Service.

    2. Make sure your means of collecting user data (including in the form of segments capable of being uploaded to Yandex.Audience) are compliant with the GDPR. In particular, you have to provide users with a GDPR-compliant notification or obtain all the required consent from your users.

    3. Carefully study and accept the Data Processing Agreement with Yandex when you receive a notification or see the relevant box to check in the Yandex.Audience interface. If you have any questions about the Data Processing Agreement, we are here to help. You can contact us using our feedback form.

    Have any questions?

    If you are unsure what steps your company has to take regarding the use of Yandex.Audience in compliance with the GDPR, you can contact us to learn more.