It’s been a long time coming. From those early discussions about updating European Union privacy laws to the passage of the General Data Protection Regulation (GDPR) in 2016 to this Friday, when GDPR is going to begin to be enforced.
As the days ticked down, some companies panicked. Others buried their heads in the sand. But at Braze (formerly Appboy), we got to work—taking the steps necessary to ensure material compliance for ourselves and to ensure that our Services enable our customers to comply with GDPR in their use of our Services. It was a big job, but an important one: data privacy and security are essential parts of customer engagement, and organizations that fail to comply with GDPR can face fines of up to 20 million euros or 4% of global revenue, whichever is higher. This isn’t something you want to leave to the last minute.
At Braze, getting ready took months of preparation, major investments of time and effort, and support from one of the EU’s leading privacy and compliance firms. Let’s dig into that three-pronged effort, and what it means for our clients, partners, and more:
As a global brand, Braze has clients, employees, vendors, and partners based in Europe—and under GDPR, all EU data subjects are covered by the expanded privacy rights set forth in the Regulation. To ensure that personal data that is processed by Braze is done so in accordance with GDPR, Braze made a series of updates, including:
- Creation of a new preference center
- Creation of a data subject access request form
- Updates to our website’s forms
These changes don’t just allow us to comply with GDPR—they provide real value to our clients and web visitors, making it easier to understand and take ownership over how their data is collected and used, as well as the messages they receive.
While these preparations are important, our focus on GDPR compliance doesn’t stop there. Under GDPR, companies like Braze that help other brands manage and act on the customer data they collect are known as data processors and are required to take steps to help their clients comply with GDPR. At Braze, we take that obligation seriously and have made a number of proactive changes to our platform to make it easier for our clients to respond quickly and effectively to GDPR-related requests from their customers.
In particular, we’ve taken steps to allow clients to leverage the Braze platform’s REST APIs and SDKs to carry out more nuanced actions related to personal data. With Braze, it’s now possible to:
- Export an individual customer profile and its related personal data via API, allowing our clients to comply with GDPR’s Right of Access and Right to Data Portability
- Halt all processing of a given customer’s data via the Braze SDK and then delete that individual’s data via API, supporting compliance with GDPR’s Right to Erasure
- Adjust information contained in a given user’s customer profile via API or SDK, in accordance with GDPR’s Right to Rectification
- Mark individual profiles as unsubscribed from emails and push notifications via API or SDK, in order to comply with GDPR’s right to object
No company is an island in today’s highly networked, data-powered technology landscape. To fully comply with GDPR, brands need to know that all the technology vendors and partners they work with are just as serious about compliance as they are.
Braze recently partnered with Amplitude, Appsflyer, and mParticle to launch OpenGDPR, a new, open compliance framework designed to help brands to be in compliance with GDPR-mandated data deletion rights. Additionally, Braze partner Segment recently announced a suite of new product features designed to streamline their clients’ compliance with GDPR rights requests. These features include the ability for brands to forward user deletion requests to many of Segment’s integrated partners, including Braze.
To learn more about GDPR and what it means for your business, check out 17 Things You Need to Know about GDPR. If you want to take a deeper dive into Braze and our GDPR compliance efforts, take a look at:
- The Braze preference center
- The Braze platform’s GDPR compliance documentation
- The OpenGDPR framework announcement
- Segment’s GDPR compliance announcement