# GDPR and other regulations
# How does Compass comply with GDPR?
Under EU GDPR, (General Data Protection Regulation) data protection does not apply to anonymised data (opens new window). The majority of the information that Compass uses is aggregated and anonymized. Anonymous data can’t be re-identified and is not considered to be personal data meaning that under all privacy regulations, this data can be collected and used without user notification or consent.
If information can be related to a particular user or is stored in a user-by-user schema, active user consent is required to collect this information.
Currently, the only information that relates to individual users are user recency, frequency, volume and user preferences. Consent to collect this information is covered in the data agreement that users opt-in to via your CMP.
If the user chooses to opt-out via the CMP, this information is not stored or calculated.
# Does Compass share user information with any third-parties?
Compass does not share any user data with any 3rd parties or other companies.
# If a publisher integrates Compass, what steps do they need to take to be GDPR/CCPA compliant?
It is in Compass’s DNA to be a plug&play solution. Publishers just have to add the Compass code and it will work with any IAB-registered CMP, out of the box.
Compass will also provide publishers with a pre-built Privacy Impact Assessment (PIA) that can be configured and added to their Register of Processing Activities and Operations (RAT). Compass also provides all publishers with a signed Data Processing Agreement.