General Data Protection Regulation Compliance

The General Data Protection Regulation (GDPR) governs the way that data on individuals is collected and processed online. It contains specific guidelines designed to strengthen sensitive data protection and make transparent all elements of data collection, storage and processing. The legislation will come into effect on May 25, 2018.

Who does the GDPR affect?

All businesses established in the European Economic Area (EEA) and Switzerland must comply with the GDPR when it comes to handling data of EEA citizens. Companies from countries outside the EEA that collect data of EEA citizens must also comply or face stringent fines. There are steps that companies themselves can take to become compliant, but compliance with the GDPR significantly depends on how your resources operate.

Does the Yandex Advertising Network fall under the scope of the GDPR?

Yes, to the extent the resource participating in Yandex Advertising Network has EEA/Swiss users or in case the partner is established in the EEA or Switzerland.

What I can do to comply with the requirements of the GDPR?

GDPR implies that both Yandex and Yandex Advertising Partner shall take proactive actions to meet the high standards of protecting the rights of EEA/Swiss users. Therefore we are open for cooperation with each Yandex Advertising Network partner to provide our users with services in a manner compliant with GDPR requirements.

In order to do that we kindly ask you to review the following information:
  1. As a first step we would like you to make a thorough assessment of your resources to make sure that your users are treated as provided by GDPR. In particular it is advised to review your resource’s terms of use and privacy policy to check what information you have to share with your users about collection and processing of their data. Do not forget to let them know about us: your users must know that we would be able to collect and process their data. We advise you to use direct reference to our Privacy Policy in your own documents or privacy notifications.

  2. Your users prefer to be informed in advance: GDPR requires owners of the resources to obtain all necessary consents and provide notifications to EEA/Swiss users before collection and processing of their data. Let us know if you need assistance in developing all required consent and notification instruments.

  3. To enhance protection of your users’ data we need to enter into a Data Processing Agreement with you. You may find it here. We will do our best to make this agreement also available in the Partner interface so you can easily access it. Please review our Data Processing Agreement and let us know if you have questions. We are ready to help.

  4. We do not want you to feel alone in GDPR compliance: we adhere to the best industry practices to make participation in the Yandex Advertising Network convenient and safe for our partners. We aim to make the data of your users secure by implementing all technical and organizational measures as required by GDPR. Only reliable employees who committed themselves to secure confidentiality of your data will be entrusted with its processing. Also, in our Privacy Policy we disclose our data processing methods and practices to be transparent and honest with your users. And it is only a start: we are continuously working to implement new technologies allowing our partners to comply with the provisions of the GDPR.

Have questions?

If you are unsure what steps your company has to take about participating in the Yandex Advertising Network in compliance with GDPR, you can contact us to learn more.