GDPR Compliance for Leading Private Weather Enterprise
Our client is the world's largest private weather enterprise, helping people make informed decisions – and take action – in the face of weather. The company offers the most accurate, personalized, and actionable weather data and insights to millions of consumers and thousands of businesses via its API, its business solutions division, and its own digital products.
The company delivers up to 26 billion forecasts daily. Its products include a top weather app on all major mobile platforms globally, the world’s largest network of personal weather stations, a top-20 U.S. website, the seventh most data-rich site in the world, one of the world’s largest IoT data platforms, and industry-leading business solutions.
Our client’s services are influenced by GDPR policy and existing functionality had to be reviewed due to the new regulation. The impact is primarily to the components that use personally identifiable information (PII) or other sensitive data. The main challenge was to remain compliant within these new GDPR regulations while still supporting advertisements as a main source of revenue for the website.
SoftServe’s goal was to control the fields and information sent to vendors to honor policy restrictions. While non PII fields could be used, others should be suppressed if the user does not approve usage.
We applied users’ consents to service functionality. Based on a user’s decision, some functionality can be suspended or completely blocked. TrustArc, as consent manager, is responsible for making the changes on vendors site. SoftServe created three possible regimes: gdpr, exempt, and privacyByDefault.
Regime "gdpr" is for countries from the European Union. Regime "exempt" is for other countries that are not the part of the EU. The property regime has two properties: current and previous. If, for example, a country becomes a part of EU, then previous "exempt“ will change to "gdpr". Regime "privacyByDefault" is a backup value in case our client’s privacy cookie does not come through. Ideally, the regime should never be ‘privacyByDefault’.
SoftServe delivered to the client the ability to effectively manage personally identifiable information (PII) based on a user’s preference, enabling them to stay GDPR compliant in the face of new data regulations.