GDPR compliance is our top priority and we encourage you to read through the FAQs below.

Data protection and ensuring overall clients’ trust is at the core of Performance Bay’s business principles. Accordingly, GDPR compliance is our top priority and we encourage you to read through the FAQs below.

Q: What is GDPR?

The General Data Protection Regulation (“GDPR”) is a new, European-wide law which will become fully enforceable on May 25, 2018. This legislation lays out requirements for data collection, storage and usage practice.

Q: Who does the GDPR affect?

GDPR may be limited to the personal data of consumers residing in the EU, but applies to any company handling, transmitting or storing that data, whether it has a physical location in the EU or not. Organizations in breach of GDPR can be imposed potentially devastating fines up to 4% of annual global turnover or €20 Million (whichever is greater).

Q: What constitutes personal data?

Any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.

Q:Am I a data controller or a data processor?

A controller is the entity that determines the purposes, conditions and means of the processing of personal data, while the processor is an entity which processes personal data on behalf of the controller. Performance Bay is a processor and relies on its advertisers and publishers to assist in protecting and monitoring ‘’chain-of-custody’’ in processing such data.

Q:What do I have to do for GDPR?

To comply with the GDPR you must meet a number of requirements. These include but without limitation to:
• Only collect information that you need for a specific purpose.
• Seek consent to store the information you hold.
• Keep it secure.
• Allow the subject access to the information on request.
• Comply with a subject’s ‘right to be forgotten’ and erase personal data upon request.

Q: How does a consent work under GDPR?
The request for consent must be given in an intelligible and easily accessible form, with the purpose for data processing attached to that consent – meaning it must be unambiguous. Consent must be clear and distinguishable from other matters and provided in an intelligible and easily accessible form, using clear and plain language. It must be as easy to withdraw consent as it is to give it.
Q: How can Performance Bay Partner prepare for GDPR enforcement?
Performance Bay recommend Partner to begin preparing for the GDPR by reviewing their privacy policy and data security policies to ensure compliance by May 25, 2018.

Should you have further queries, please visit the EU GDPR website at: https://www.eugdpr.org/eugdpr.org.html.