Blue Triangle & GDPR
The General Data Protection Regulation (GDPR) addresses the privacy of personal data between individuals in the European Union (EU) and companies that control and process that data. It was approved in April 2016 and goes into effect in the EU on May 25, 2018.
The GDPR legislation defines the following data subject rights for EU citizens:
Right of access
The right to know if personal data is being processed and the right to receive a copy of such data.
Right to rectification
The right to update inaccurate personal data.
Right to erasure (‘right to be forgotten’)
Right to withdraw consent from personal data processing.
Right to restriction of processing
Right to have personal data be stored but not processed while personal data is being verified.
Right to data portability
Right to obtain and reuse personal data for their own purposes across different environment.
Right to object
Right to object to data processing when the data is processed under legitimate grounds.
Who is impacted?
GDPR impacts every company that conducts business with, or processes and holds personal data, of individuals in the EU.
Blue Triangle’s GDPR compliance
Blue Triangle captures business and technical performance data of web and mobile applications with GDPR-compliant Real User Monitoring (RUM) and Synthetic Monitoring. The data is then processed for analysis.
Blue Triangle acts as the data processor, and their customers are the data controller.
Synthetic Monitoring captures and processes data from an emulated web browser in a controlled environment to monitor site performance and availability. No personal data is involved and is by default GDPR-compliant.
Real User Monitoring (RUM)
Real User Monitoring (RUM) captures and processes metrics from inside a user’s browser to help companies resolve issues, block malicious traffic and improve the overall digital experience.
It serves as the measurement engine behind Blue Triangle’s Digital Experience Optimization Platform.
Blue Triangle and Blue Triangle’s RUM is, and will continue to be GDPR compliant for the following reasons:
- Blue Triangle does not capture or process personal information like names, addresses, phone numbers, credit card numbers, social security numbers, pictures, and social preferences.
- To provide malicious bot detection and geolocation information, as required for digital experience optimization, Blue Triangle captures IP addresses however the information is pseudonymized immediately at collection. The IP addresses captured are not tied to any personal information, are not shared with any third parties, and are not accessible by Blue Triangle customers who select GDPR compliance. Due to these steps there is no possibility of re-identification.
What information does Blue Triangle collect?
Blue Triangle collects and processes the following information:
- Performance metrics, like page load time, DOM Interactive, and DOM Complete.
- User experience metrics, like bounces, exits, and click paths.
- Financial metrics, like revenue, orders, and conversions.
- IP addresses, which are pseudonymized at collection and thus GDPR compliant.
Blue Triangle does not collect personal information like names, addresses, phone numbers, credit card numbers, social security numbers, pictures, and social preferences.
How does GDPR impact Blue Triangle’s customers?
As the data controller, every customer must ensure that their personal data is collected and used in accordance with GDPR regulations.