General Data Protection Regulation Compliance

The General Data Protection Regulation (GDPR) governs the way data on individuals is collected and processed online. It contains specific guidelines for making sensitive data more secure and increasing transparency in data collection, storage and processing. The legislation will come into effect on May 25, 2018.

    Who does the GDPR affect?

    All businesses established in the European Economic Area (EEA) and Switzerland must comply with the GDPR when it comes to handling data of EEA citizens. Companies from countries outside the EEA that collect data of EEA citizens must also comply or face stringent fines. There are steps that companies can take on their own to become compliant, but compliance with the GDPR depends mainly on how your own resources operate.

    Does Yandex.Direct fall under the scope of the GDPR?

    Yandex.Direct acts as an interface that allows you to manage your ad campaigns on the internet; any data transfers involved in this process do not fall under the scope of the GDPR. However, certain types of ad campaigns available to you in the Yandex.Direct interface (such as mobile ad campaigns) could involve the user-data processing actions described in the GDPR. In particular, these actions involve your use of third-party ad tracking tags.

    What can I do to comply with GDPR requirements?

    In order to ensure that you comply with GDPR when using Yandex.Direct, please review the following information:

    1. Read and accept the Data Processing Agreement found in the “Yandex.Direct Service Offer” that governs your use of Yandex.Direct. We will make sure that all Yandex.Direct clients who may be affected by the GDPR are informed that they must review and agree to the Data Processing Agreement.

    2. Make sure your cooperation with any third parties while using Yandex.Direct is also GDPR compliant. In particular, we suggest that you sign a data processing agreement with each third party that has access to your data. We also recommend that you publish and maintain a transparent and easy-to-access privacy policy for your website or mobile app to let your users know how you process their data and for what reasons.

    3. As processors of your data, we will execute your instructions as long as they correspond to the Data Processing Agreement that you accepted in the Yandex.Direct interface.

    4. We adhere to the best data security practices by implementing all technical and organizational measures as required by GDPR. Only reliable employees who are committed to ensuring the confidentiality of your data will be entrusted with processing it. We will also let you know if we develop any tool that makes it easy for you to use Yandex.Direct in a GDPR-compliant manner.

    5. If you need any assistance from Yandex, feel free to ask. Please use the feedback form to send us your requests.

    Any questions?

    If you are unsure what steps your company must take to ensure that your use of Yandex.Direct is in compliance with GDPR, you can contact us to learn more.