GDPR Compliance Tool – FAQ

By May 25, 2018

You can access the ShareThis consent management platform (CMP) here: ShareThis GDPR Compliance Tool

 

What is GDPR?

GDPR (General Data Protection Regulation) is a European regulation to provide EU citizens and residents with greater control of their personal data and to streamline the rules for international businesses working in Europe.

When does GDPR take effect and who has to comply with GDPR?

GDPR goes into effect May 25, 2018. GDPR affects all companies based in the EU as well as companies anywhere in the world that handle data related to EU residents.

What is “Personal Data” as it relates to GDPR?

Under GDPR personal data refers to any information that can directly or indirectly identify an individual. Personal information ShareThis collects includes cookies and IP addresses. We do not collect emails, addresses, phone numbers, or national ID numbers which is also considered personal information.  

What is a Data Protection Officer (DPO)?

A DPO is required for companies that handle large scale processing of data. The DPO’s role is to monitor the company’s compliance under GDPR and to communicate with the data protection authorities. ShareThis is working with a DPO.

What is a CMP?

A consent management platform (CMP) is a tool that collects and stores consented data as well as communicates the consent status of users and their cookies to other vendors within the CMP’s framework. It is customizable by the publisher and editable by the consumer.

How do I work with the IAB Framework?

The IAB Framework, put together by IAB Europe, is one consent mechanism solution for publishers to gain consent on data collection. ShareThis is working within the IAB Framework, which at this point is the industry standard and have built our own CMP, the ShareThis Compliance Tool, under their recommended guidelines. We are a member of the Global Vendor List which allows us to see the cookie consent status of other companies working under the IAB Framework.

Are you a member of any self-regulating programs or organizations? Have you any data-related certification?

ShareThis is a member of the IAB, NAI, and DAA in the North American markets and EDAA in Europe.

How do you manage requests from individuals regarding their data?

For consumers who wish not to have their data processed, or to request withdrawal of consent or deletion of data, our existing opt-out procedure can be found on our privacy page or emailed to privacy@sharethis.com.

How long can you keep personal data?

We believe Usage Data is relevant for up to 13 months so we retain that data for up to 14 months from the date of collection.  Our cookies expire 13 months after they are last updated.

What do I need to do to comply with GDPR?

Please review the ShareThis Terms of Use for what ShareThis expects of our publishers in order to be GDPR compliant and to continue using ShareThis tools. Included in our Terms of Use:

  • ShareThis expects that by maintaining our publisher tools on your website, you agree to these terms of service and will collect, process, and pass personal data on the basis of this consent.
  • To receive consented data, we expect our publishers to have a GDPR compliant consent mechanism of choice on their website.
  • ShareThis expects our publishers to collect, process, and transfer EU/EEA User Personal Data to ShareThis once they have solicited and obtained informed consent from each individual user.

How can I get the ShareThis Compliance Tool?

Adding the ShareThis GDPR Compliance Tool to your site is a simple process similar to installing other ShareThis publisher tools. Navigate to our GDPR Compliance Tool download page, register or login to your existing ShareThis account, copy your unique installation code, then paste that code into the <head> tag of your website. You can then configure appearance, language, and other options in your ShareThis platform dashboard.

Will the consent pop-up appear on every page of my website?

Yes, though you could exclude specific pages by not including the code in the header on any pages where you did not want the tool to appear.

Will users have to give consent every time they visit my website?

No, once a user makes their choice, their preferences are saved and they will not see the consent tool again. If they delete cookies, browse in private mode, or use a different browser, they will see the consent tool again.

If I choose to show the tool to people only in the EU, how can I check to make sure it’s working?

There are many free and paid VPN services that you can use to check the appearance of your site in other geographic regions. ShareThis has used https://www.personalvpn.com/.

Can you tell me more about the “Consent Scope” option?

The “Consent Scope” option will allow you to establish either one of two modes:
  1. Global: in which Publisher Consent will be a first party cookie and Vendor Consent will be a third party cookie.
  2. Service: in which both Publisher and Vendor Consent will be a first party cookie.

Does the consent form appear in both desktop and mobile mode?

Yes

When I click the SHOW PURPOSES and then SHOW FULL LIST buttons, a vendor list appears. Where is this list coming from? 

Those are all the vendors participating in the IAB Framework and we have included all of these vendors in our consent management tool. You can customize the list of vendors by setting up a pubvendors.json file. An upcoming release will allow you to manage the vendor list in your dashboard.

What will happen to the data the users provide?

The user’s consent choice is transmitted to the the Framework maintained by the IAB Europe. Registered vendors will then have access to these user choices to understand if they have opted in or out. You can read more about the IAB Framework here: http://advertisingconsent.eu/

Can the Compliance Tool be added to a WordPress website?

Yes, if you add the code to your website manually. We are currently developing a WordPress plugin tool, and will update our website and information once it is released.

If I use the Compliance Tool am I compliant with GDPR?

In order to be GDPR compliant with ShareThis, ShareThis expects a publisher to use a consumer management platform of their choosing, which can include the ShareThis GDPR Compliance Tool.  Our publishers must collect, process, and transfer EU/EEA User Personal Data to ShareThis only after it has been solicited with obtained informed consent from each individual user.  For general GDPR compliance, please seek legal counsel to understand how the law affects your publisher business in full.

Please reach out to gdpr@sharethis.com for further questions.

*Disclaimer: The information in this FAQ is not legal advice and only the perspective of ShareThis.*