Maps and GDPR: privacy for your visitors

Published April 5th, 2018

QGPR compatible maps

As of 25th May 2018, new EU regulation harmonizing data protection across the member states will come into force. The General Data Protection Regulation, commonly abbreviated as GDPR, will enhance the digital rights of EU citizens at the cost of a strict data protection compliance regime. The GDPR applies to all companies and institutions, regardless of their size, inside and outside of the EU, who are working with personal data of EU citizens.

How to prepare your organization

The new set of digital rights for EU citizens guaranteed by GDPR means a preparation of companies and organizations handling any kind of personal data, which is any information related to the natural person or data subject that can be used to identify the person directly or indirectly. This doesn’t only mean full name, photo and home address, but also things like IP address, email or even cookie if it can be used to identify the person.

For companies which are already respecting privacy and handling data in compliant with current legislation, GDPR means just a minor modification of current processes. As the information systems are becoming more complex and the flow of information is increasing, you can miss some details, which are not core to your business. Such an example is a map included in your web page or integrated into your mobile app. However, you are still responsible for all the data being collected and processed according to the GDPR.

The penalty can get up to €20 million, or 4% annual global turnover — whichever is greater.

If you haven’t started yet, you should take an action. Prepare yourself by taking these steps:

  1. Collect, store and process only personal data you really need. Collecting data for advertising purposes is acceptable (if other conditions are fulfilled), saving individuals’ personal data “because maybe they can be useful somehow one day” is not.
  2. Make sure you have informed consent for all personal data you are working with. If not, try to obtain it additionally. To stay on the safe side, double opt-in is a best practice. Make also sure users have a chance to revoke the consent.
  3. Have a process for handing over the data to the client if you are requested, updating them if they are out-dated and you are asked to do and to delete all unnecessary personal data you hold or to stop processing them.
  4. Build new project with security by design. For current ones, make sure the personal data are secured to the highest level you can achieve as a company or organization.
  5. If your security fails and there is a security incident which involves your clients’ personal data, have a process to inform affected people within 72 hours.

While most of the changes within an organization need to be done in internal processes, you also should make a revision and modifications on the software side if needed.

If you take these steps seriously and not just as a box-ticking exercise, it can have a positive effect on your organization. Organizing your data doesn’t just give you tidiness feeling, but also increase efficiency whenever someone has to work with them. Reduction of data can also be a positive thing as according to the study 85% of data stored in companies is redundant. And if you take your users’ privacy really seriously and stop provide the information about them to third parties, your business privacy will increase as well, because along with it you will also send out information about your business.

Underestimating the preparation and ignoring the rules will not just have a negative effect on your business reputation, but your bank account as well: the penalty can get up to €20 million, or 4% annual global turnover — whichever is greater.

Self-hosted maps are the solution

While many seek cloud services as their salvation, in case of a security issue, both parties partake in a shared responsibility. Moreover, with even a small piece of code inserted in your web or product, which is tracking your users, you are exposing an information about your business. The flow, composition and other information are gold valued, especially in the tech business.

While self-hosting a world map can be seen as a high-tech task for a skilled technician, in fact with OpenMapTiles maps it is a 10 minutes clicking job. To guarantee the security, the source code is available for an inspection. Only with a self-hosted solution you have fully under the control who is coming, what personal data are being collected, what is happening with them and guarantee you are 100% GDPR compliant.

Our map hosting respects the end-users privacy

Those who don’t have enough resources or don’t want to bother with self-hosting a map should search for a safe digital partner. While there are providers which claim to have a free-of-charge service, the price you are paying is your clients’ and business’ data. The free in their case means collecting and processing a massive amount of data and selling it out, mainly by targeted advertisement.

With MapTiler Cloud map hosting service, you can be sure your clients’ data are not being misused, simply because we do not collect any personal information. Our map services have no geolocation tracking code and we are not making a telemetry. Our services respect privacy by design and are built and maintained by the highest security standard. All the traffic between our servers and end-users is encrypted by HTTPS. 

With the core data centers in the EU, secure infrastructure, transparent business model, you can trust MapTiler Cloud map hosting service as a safe digital GDPR compliant partner.