Responsible Platform Initiatives

Data Protection Assessment - Best Practices

Before you complete your Data Protection Assessment, review the following best practices.

Before You Start

To prepare for the Data Protection Assessment, we recommend that you:

  • Update your contact information in Developer Notification Settings.
  • Ensure your list of app admins is up to date under Roles in the app dashboard. Consider adding your legal and data security team members as admins so they can also answer questions.
  • Remove any apps or permissions that you no longer need. Carefully assess whether or not you need the app or permission as this action may be difficult to reverse.
    • To remove an app, go to App Dashboard > Settings > Advanced (scroll down).
    • To remove a permission, go to App Dashboard > App Review > Permissions and Features and select the trash icon to the right of the permission you want to remove.
  • Review our Platform Terms.
  • Review our Data Security Best Practices.
  • Review the Data Protection Assessment Content and engage with your teams on how best to answer these questions.

If you are an app admin and you are required to complete the Data Protection Assessment, you will receive email communication and a message in your app’s Alert Inbox.

Filling out the Data Protection Assessment

  • You do not have to complete the assessment in one sitting. You can leave and return as often as you need. Everything that you enter is auto-saved for you.
  • As you answer the questions, additional questions may be added for you to provide more details or evidence. Therefore the list of questions that you reviewed in the “Before you Start” section above may be longer than what you will need to submit for your assessment.

Data Protection Assessment - Tutorial

How to Start the Data Protection Assessment

Step 1. Navigate to the Form

In the app dashboard, navigate to the app's card and click Data Assessment.

Step 2. Start the Assessment

Click Start Assessment.

Step 3. Add Your Information

Provide information about the data you access. Depending on the responses to the Data Protection Assessment, you may be asked to provide additional documentation.

If you use service providers, you must provide sample contractual language that you use with those service providers that states that:

  • They can only use data at your direction.
  • They can only use data to provide the service you requested.
  • You require service providers to meet the requirements of the Platform Terms.
  • Service providers delete the data they received from you when you cease using their service.

If you share data to provide a person/business with a service:

  • Example contractual language that you use to prohibit people/businesses to use Platform Data in a way that violates the Platform Terms.

If you’re a tech provider:

  • A description of the steps you take to ensure that your clients' Platform Data is maintained separately from the data of other clients or data that you use for your own purposes.

If you share data to comply with legal regulations:

  • An explanation of the circumstances in which you share Platform Data to comply with a legal or regulatory requirement.

If you share data with a third party because users tell you to:

  • Description of how users direct you to share Platform Data with another person or business.
  • Include screenshots if applicable.

If you delete Platform Data when it is no longer needed to provide an app experience or service to users:

  • Description of how you determine when Platform Data is no longer necessary to provide an app experience or service to users.

If you delete data when users request it:

  • Description of how users can request that their data be deleted.
  • Include screenshots if applicable.

If you have a publicly available privacy policy:

  • Link to your privacy policy.

If you have an information security framework:

  • Description of your Information Security Framework. (Learn more.)

If you have a data security certification:

  • Copy of that data security certification.

If you do not have a data security certification, but you do take steps to protect the security of Platform Data:

  • Policy or procedure documents, software configurations, screenshots, or screen recordings that illustrate the steps you take to protect the security of Platform Data.

If you have a way for people to report security vulnerabilities in your app

Step 4. Submit Your Information

Click Submit.

Check the Status of an Assessment

Step 1: In the app dashboard, scroll down to the Required Actions section.

Step 2: Click View Status. Click View if you’d like to access the assessment form.