General Data Protection Regulation Compliance

The General Data Protection Regulation (GDPR) governs the way how data on individuals is collected and processed online. It contains specific guidelines designed to strengthen sensitive data protection and make transparent all elements of data collection, storage and processing. The legislation will come into effect on May 25, 2018.

    Who does the GDPR affect?

    All businesses established in the European Economic Area (EEA) and Switzerland must comply with the GDPR when it comes to handling data of EEA citizens. Companies from countries outside the EEA that collect data of EEA citizens must also comply or face stringent fines. There are steps that companies themselves can take to become compliant, but compliance with the GDPR significantly depends on how your own resources operate.

    Does Yandex.Direct fall under the scope of the GDPR?

    In general, Yandex.Direct represents the interface allowing you to manage your advertising campaigns in the Internet without any transmission of data falling under the scope of the GDPR. However, certain types of advertising campaigns available for you in the interface of Yandex.Direct (e.g. mobile advertising campaigns), could lead to the actions which could be described as processing of user data as described in the GDPR. In particular, these actions involve your use of third parties’ ads tracking counters.

    What I can do to comply with the requirements of the GDPR?

    In order to ensure that you use Yandex.Direct in the manner compliant with the GDPR we kindly ask you to review the following information:

    1. As a first step we would like you to review and accept the Data Processing Agreement incorporated by reference to the “Yandex.Direct Service Offer” applicable to your use of Yandex.Direct. We will make sure that all Yandex.Direct clients who can be affected by the GDPR are informed in time that the Data Processing Agreement is available to be accepted.

    2. Make sure your cooperation with third parties involved in your use of Yandex.Direct is also GDPR-compliant. In particular, it seems to be a reasonable step to enter into a data processing agreement with each third party having access to your data. It is also advised to publish and maintain transparent and easy-to-access privacy policy of your website or mobile app to let your users know how you process their data and what are the purposes of such processing.

    3. Acting as a processor in respect of your data, we will execute your instructions subject to the Data Processing Agreement accepted by you in the interface of Yandex.Direct.

    4. We adhere to the best practices of making your data secure by implementing all technical and organizational measures as required by GDPR. Only reliable employees who committed themselves to secure confidentiality of your data will be entrusted with its processing. Also, we will let you know if we develop any instrument convenient for you and facilitating your GDPR-compliant use of Yandex.Direct.

    5. If you need any assistance or help from Yandex – feel free to ask. Any request which could be filed by using our feedback form.

    Have any questions?

    If you are unsure what steps your company has to take about using Yandex.Direct in compliance with GDPR, you can contact us to learn more.