With the General Data Protection Regulation (GDPR), effective from May 25, 2018, EU residents will have bigger say over what, how, why, where, and when their personal data is used. Any organization that works with personal data of EU residents has obligations to protect and properly process said data.
In this article we describe how this affects your publications, directly and indirectly and how you can make them compliant with the GDPR, if applicable to you.
The short version of what you have to do to make your publications GDPR compliant
Technically, you don't have to do anything, but you have to make sure that you process information, that you gathered with lead capture form, embedded video or individual links in accordance with the GDPR.
The long version: how does the GDPR affect your publications on FlippingBook Online?
At FlippingBook, we have always respected our users’ right to data privacy and protection. We do not rely on advertising as a revenue stream. We have never served ads in publications to our users, and never will. There is no hidden code or script that gathers your users’ personal data.
So when you create your publications in FlippingBook Online, there are several ways in which they can gather personal data, and this is directly under your control: lead capture form, videos and individual links.
If you don’t use any of these options, you don’t have to worry about your FlippingBook publications. They don’t gather any personal data at all.
What should I do if I use the lead capture form?
For your convenience, we repeat the relevant part here.
As a User, you should know that your usage of Collected Personal Information is limited to:
- Promoting the use of your services;
- sending informational messages;
- providing customer support;
- providing, supporting, and improving the services you offer.
As a User, you may not use the Collected Personal Information for sending information that is not consistent with this policy, also sending messages in bulk and/or that are unauthorized, unexpected by recipients, including spamming. In case of transferring Collected Personal Information to third parties you as a User are responsible for making sure that their manner of use of Personal Information is consistent with this policy.
If one of your viewers contacts you in relation to one of his GDPR-rights (such as the ‘right to rectification’ or the ‘right to be forgotten’), then please contact us at firstname.lastname@example.org. We will be happy to help.
What if I use embedded video?
If you embed Youtube, Vimeo or Wistia videos in your publications, then you make use of services that are completely beyond our control. Unfortunately, that means that we cannot guarantee that such services don’t gather personal information from your viewers. We can only advise you to:
- Make sure that you collect and handle personal data in a GDPR compliant manner.
- Alternatively, you can remove the video or replace it with a direct link to the video on the provider’s site
Please also refer to the following links to learn more:
What if I generate individual links to my publications?
If you create individual links to your publications and send to a group of people (consisting of more than one person), it technically still cannot be considered the collection of personal data.
However, if an individual link to a publication was sent to a single person, analytics gathered via this link can be considered personal data. Therefore you are obliged to:
- handle their data in a GDPR-compliant manner;
- receive their consent to process their personal data;
- delete the individual link as soon as recipient revokes said consent.
But what if I use Google Analytics?
The GDPR only applies to personal data (Personally Identifiable Information). In FlippingBook Online, we have implemented Google Analytics in a way that the personal data is not gathered. Instead of using the standard implementation (where a unique ID is stored in a cookie, which could be regarded as personally identifiable), we instead use a random identifier which is created by our scripts and stored in the browser’s local storage. Unlike cookies, these cannot be read by servers.
And while this identifier is generated by our scripts, it is done without our knowledge. It is almost certainly unique (there is a miniscule chance that two different visitors get the same one, which is the nature of working with random numbers). We don’t gather or store any other data, so neither we nor Google can have any knowledge of which person is associated with which identifier. This means that it cannot be used to make data personally identifiable as described in the GDPR.