Presented below is an overview of how our company has addressed the entry of the General Data Protection Regulation.
The focus of your marketing activities, digital and otherwise, must be centered on your consumers.
With Blendee's evolved segmentation, you will be able to use demographic, past and present behavior characteristics and understand the stage users are in within the Customer Lifecycle, tracking their behavior both online and offline.
These dynamic segments, updated in real time, will allow you to get to know your users better, building dedicated experiences for them.
The GDPR gives users ("data subjects") whose data are processed a new set of possibilities. One of the most important is that of the "right to be forgotten," or the possibility for data subjects to have their data processed on the Blendee platform, although collected with their consent, completely deleted.
The law applies to data stored in both digital and paper form, as well as to all backups of such data.To make this right effective, Blendee has confirmed the forget button(Opt Out), while also adjusting the standard durations of data storage
The GDPR also introduces the right to data portability, allowing our customers and their users to request in a structured, commonly used and electronically readable format personal data about them and also to request its transfer, for example to another company should their contracts be transferred. The right to data portability applies to processing:- based on consent marketing- carried out in an automated manner. The right to request the transmission of data to another controller exists only if the operation is technologically feasible, it being therefore necessary that, for example, the two systems involved, transmitter and receiver, are compatible.Our Blendee platform is already compliant in this respect as well, and therefore our clients will be able to easily transfer all contacts to external systems in the form that will be most convenient for them: in the form of files or via API.
If the tracking of users is based on anonymous data, which does not allow them to be identified, even indirectly, GDPR does not apply and the customer does not have to worry about obtaining any consent from users.
It is not necessary to modify the contact collection forms. It will not be necessary to include any request for additional consent, compared to those used so far, as long as the customer is able to prove that he has provided the information to those concerned.
The Blendee platform will enable, aligning with the obligations imposed by the GDPR, the identification and disclosure of where the data was acquired from ("data source").
We do as we have always done, addressing our customers with the utmost clarity and transparency.
In order to use Blendee, it is necessary to sign the license agreement and authorize the processing of data by Ad Spray Srl, in accordance with the provisions of our General Terms of Service (GCS ), which we have updated for everything implied by the implementation of the GDPR.
Even for our current customers, the obligations under the GDPR will become effective as of May 25, 2018.
The law is not retroactive, i.e. it means that the use of all behavioural profiles collected legally before the entry into force of the GDPR will continue to be possible.
Further elaboration and profiling of stakeholder profiles should - from now on - be allowed on the basis of new information in accordance with the GDPR.
Deletion of data will only be necessary if requested by the data subject.
The consent is valid if it is "explicit", i.e.: expressed. GDPR has excluded that it can detect any form of implicit or tacit consent (i.e. silence is not equivalent to consent), or obtained by proposing a number of pre-selected options.
It must be free (i.e. not forced or conditioned), formulated in a specific form (and therefore not expressed with reference to a generically identified treatment, while the different consents will have to be separated from each other), informed (i.e. preceded by relevant information).
Explicitation Data Storage
Blendee cares about user privacy and has chosen to locate its servers and data storage activities in EU territory.
Thevarious servers used by Blendee are in Italy and geographically redundant within the European Union. In addition, our vendors are ISO-27001 (Data Storage) compliant, and even if there are integrations with third-party platforms residing outside the European community, we have verified that they guarantee an adequate level of protection of personal data, according to the "Standard Contractual Clauses" (Art. 46(2)(c) and (d).
Documentation available to the customer
Blendee has implemented a data security policy and IT systems management procedures, all of which are documented and available to the customer.
Here are the most important changes introduced by the GDPR
Your personal data (and your customers' data) will have to be stored on European territory. If the data is stored outside the EU territory, in accordance with the GDPR, Blendee will take care to verify that the countries to which the data is transferred ensure an adequate level of protection of personal data (adequacy decision of the European Commission), or appropriate safeguards are in place through contractual instruments (model clauses; binding corporate rules).
Your users have the right to be forgotten and, at their request, you must be able to delete their data from your database.
Your customers have the right to request that their data be returned to them or transferred to another company in a structured, commonly used and electronically readable format.
The consent to process personal data must in any case be requested in the manner provided for and with respect to a correctly formulated statement.
You will have to apply data protection right from the design (privacy by design) of your IT solutions and systems.
The administrative penalties for violation of the regulations increase - up to 20mln Euro and 4% of the turnover, if higher.
The new accountability rules are designed to ensure that the data controller has adopted the appropriate organizational and technological security measures and is able to demonstrate that its processing is carried out in accordance with the GDPR.
You must keep track of the processed data
You are obliged to notify the Data Protection Authority of any incident involving a data breach in terms of loss of confidentiality, integrity and availability and you have a short period to do so: 72 hours!
You'll need to prepare the necessary documentation, which includes:
Some Articles That Might Interest You