GDPR Readiness for Software Usage Analytics
Download as PPTX, PDF3 likes258 views
The document discusses GDPR readiness for software usage analytics, detailing key privacy concepts and how Revulytics products align with GDPR principles. It outlines best practices for compliance, including transparency, legal bases, and data minimization, and emphasizes the importance of a clear privacy notice. Additionally, it highlights Revulytics' solutions that enable customers to analyze software usage while addressing GDPR requirements effectively.
![Is IP Address Personal Information
• Court of Justice of the European Union opinion
– Breyer v Bundesrepublik Deutschland, Case C-582/14, 12 May 2016
– IP address combined with ISP records would constitute personal data in
the hands of the website provider
• Broader applicability: even if you’re not an ISP, it may be applicable
– “could keep [the IP address] indefinitely and could request at any time
from the Internet access service provider additional data to combine with
the IP address in order identify the user”
• Revulytics customer impact
– Usage Intelligence: IP address only collected for location and is then
deleted from system
– Compliance Intelligence: A key piece of information to track compliance
8](https://image.slidesharecdn.com/gdprreadinessforsoftwareusageanalytics-slideshare-171129183929/85/GDPR-Readiness-for-Software-Usage-Analytics-8-320.jpg)
GDPR Readiness for Software Usage Analytics
- 1. GDPR Readiness for Software Usage Analytics November 7, 2017 Vic DeMarines VP, Products & Strategy Revulytics Bob Siegel President Privacy Ref
- 2. Topics • What is Software Usage Analytics? • What is GDPR? • Privacy Concepts, Personal Information Defined • Data Controllers and Processors • GDPR and Protecting and Improving Your Software • How Revulytics Customers are Addressing These Issues 2
- 3. About Revulytics Compliance Analytics • Identify and quantify software use and misuse • Create actionable intelligence • Turn intelligence into direct revenue Usage Analytics • Anonymous feature tracking and analysis of product usage • Increase customer acquisition and retention • Generate revenue with better products 3 • Recognized as 2017 Gartner Cool Vendor • More than 100 customers including Fortune 500 companies • Technology deployed to over 50M machines in more than 200 countries • Our data has supported more than $1.8 billion in new license revenue since 2010
- 4. Software Usage Intelligence Solution Architecture 4 Cloud Service Usage Intelligence Reporting Dashboard Data Analytics Engine Integrated Applications Configured to focus on feature adoption ReachOut In Application messaging
- 5. Compliance Intelligence Solution Architecture 5 Cloud Service Compliance Dashboard on Force.com Integrated Applications Configured to identify organizations and true location Gateway Servers Revulytics Data Optimizer and Analysts Revulytics Recovery Services
- 6. What is GDPR? • General Data Privacy Regulation – Replaces the EU Privacy Directive (Directive 95/46/EC) – A pan-EU law – Becomes effective on May 25, 2018 • Five Principles – Lawfulness, fairness, and transparency – Purpose limitation – Data minimization and proportionality – Storage limitation – Accountability • Privacy Shield 6
- 7. Privacy Concepts, Personal Information Defined • Data subject • Legal basis for processing • Data transfer 7 Personal Information… any information related to an identified or identifiable data subject • Privacy Policy • Privacy Notice Other Key Concepts • Name • Age/Birthdate • Gender • Employer • User-id • Email address • User name • Machine name • IP Address Revulytics Applicable
- 8. Is IP Address Personal Information • Court of Justice of the European Union opinion – Breyer v Bundesrepublik Deutschland, Case C-582/14, 12 May 2016 – IP address combined with ISP records would constitute personal data in the hands of the website provider • Broader applicability: even if you’re not an ISP, it may be applicable – “could keep [the IP address] indefinitely and could request at any time from the Internet access service provider additional data to combine with the IP address in order identify the user” • Revulytics customer impact – Usage Intelligence: IP address only collected for location and is then deleted from system – Compliance Intelligence: A key piece of information to track compliance 8
- 9. Data Controllers and Processors 9 Data Protection Authority / Supervisory Authority Data Subject Data Controller Data Processor End-user Your Company Revulytics
- 10. GDPR and Protecting and Improving Your Software Lawfulness, fairness, and transparency • Lawfully processing information – Consent (Article 7) – Legitimate interest of the controller or a third party (Article 6) • Fairness and transparency – Include legal basis in your privacy notice – State that it will be shared with a third party (Revulytics) – State that processing may occur in the United States 10
- 11. GDPR and Protecting and Improving Your Software Other principles • Purpose limitation • Data minimization and proportionality • Storage limitation • Accountability 11
- 12. GDPR and Protecting and Improving Your Software Best practices and Revulytics products • Revulytics Compliance Intelligence – Use legitimate interests as a legal basis • Consent not required – Be transparent in your privacy notice – Define a reasonable retention period with Compliance Intelligence 12
- 13. GDPR and Protecting and Improving Your Software Best practices and Revulytics products • Revulytics Usage Intelligence – Legitimate interests as a legal basis is an option • Consent not required: use of data to improve products – However, sensitivity of the environment may guide you towards consent • Example: Microsoft and Windows 10 • Consent requirements • Separate screen (not buried in a EULA) • Mechanism to change preference (opt-in or opt-out) at a later time – Collecting additional information • Avoid or limit collecting personal information • Usage Intelligence does not retain personal information by default – Be transparent in your privacy notice – Define a reasonable retention period with Usage Intelligence if collecting personal information 13
- 14. GDPR and Protecting and Improving Your Software Best practices and Revulytics products • ReachOut functionality – You may send messages and surveys to the end-users • You have an existing business relationship • Contents must be related to the software being used – An opt-out mechanism must be supplied and respected • Allow end users to opt-in at a later time as well 14
- 15. GDPR and Protecting and Improving Your Software Best practices for your privacy notice • Privacy notice requirements will vary based on your software • Be transparent about the information being collected • Link to the privacy notice where end users will expect to find it 15
- 16. How Revulytics Customers Address These Issues Data Needed for Compliance 16 Consumer piracy Lower product ASP Piracy Response In-Application Messaging Direct Compliance Audit Specialize software Enterprise organizations Higher product ASP SMB Compliance Approach Data Collection Meter
- 17. How Revulytics Customers Address These Issues • Wi-Fi SSID adds to the Domain Data and provides location intelligence 17
- 18. Best Practices • Compliance Intelligence – Transparency and Privacy Policy key • Include extent of data collected, include description of data being collected • Note sharing of data with third party for your compliance program • 100% focused on compliance – Have a FAQ or whitepaper available that positions the deployment • Usage Intelligence – Implement opt-out functionality within the application, available to the user post- installation – Product related in-application messaging – Consider custom data being collected • Best practices - not a legal opinion – Include your usage and compliance data collection in your own GDPR assessment – Revulytics assessing its business and platform for GDPR compliance 18
- 19. Conclusion • To view the full webinar recording and slides, check out the link in the comments. • Also , read the white paper, “Privacy, Piracy, and Product Usage GDPR Readiness for Software Usage Analytics” 19 Vic DeMarines VP, Products & Strategy Revulytics vdemarines@revulytics.com Bob Siegel President Privacy Ref bob.siegel@privacyref.com