When you’re using Fabric, Fabric (and Google) are a data processor and processes personal data on behalf of you and your apps. One specific area that apps may be focused on is the EU General Data Protection Regulation (GDPR) that takes effect on 25 May, 2018.
The GDPR imposes obligations on data controllers and data processors. Teams using Fabric typically act as the “data controller” for any personal data they provide to Google in connection with their use of Fabric, and Google is, generally, a “data processor.”
This means that data is under your control, and Google only uses the data in accordance with your instructions. You, as a data controller, are responsible for obligations like fulfilling an individual’s rights with respect to their personal data. We recommend you familiarize yourself with the provisions the provisions of the GDPR, and check on your compliance plans.
Q: Is Fabric ready for the GDPR?
We are planning on it. We are working to make sure we and our customers can be in compliance with the GDPR by May 25th 2018, when it comes into effect.
Q: Does Fabric offer a Data Processing Agreement (DPA)?
While we can’t sign DPA’s yet, we intend to offer one that will be effective when GDPR comes into effect.
Q: Does Fabric let me host in the EU? I need to for GDPR compliance:
We don’t offer custom hosting locations, but are certified under the Privacy Shield Framework to allow safe data transfer outside of the EU.
Q: What user consent should I get in order to use Fabric?
Q: How do I show to my compliance team that Fabric is following GDPR standards?
We’re working to make sure that both Fabric and app teams using Fabric can be compliant with GDPR. One thing to note is that the GDPR has various requirements, and your compliance needs will depend on your precise circumstances. If you have specific questions or needs, please ping the Fabric team via the support link in your dashboard.