Net-Results and the GDPR
What is the GDPR?
The GDPR (General Data Protection Regulation) is a European Union (EU) Regulation which replaced the 1995 EU Data Protection Directive (DPD) to significantly enhance the protection of the personal data of EU citizens. The GDPR sets higher standards for organizations who collect or process personal data.
The GDPR went into effect on May 25, 2018. The regulation builds on many of the 1995 Directive’s requirements for data privacy and security, but includes several new provisions to bolster the rights of EU citizens and add harsher penalties for violations.
The full text of the GDPR can be found here.
Does the GDPR apply to my organization?
The GDPR is designed to protect the privacy of EU citizens. If you market to EU citizens, monitor their online behavior, or “process the data” of EU citizens, then the GDPR applies to your organization. Even if you’re based outside of the EU but you control or process the data of EU citizens, you must comply with the GDPR.
GDPR Compliance with the Net-Results Marketing Platform
You must also maintain records that indicate when and how consent was granted or revoked.
- A “standard” field exists on each Contact in Net-Results called “GDPR Consent Granted”. This field appears as a checkbox on the “Contact Details” page.
- You have the ability to set the “GDPR Consent Granted” field value via .csv file upload
- You have the ability to set the “GDPR Consent Granted” via API call
- The “GDPR Consent Granted” field is included in files generated by .csv export
- Changes in the value of the “GDPR Consent Granted” field are recorded, time/date stamped, and surfaced in the Activity Stream
- You have the ability to leverage the value of the “GDPR Consent Granted” field in Segments
- Net-Results Forms have features specifically for acquiring GDPR consent. You may add these features to your forms at will
The granting of Consent requires that you disclose, likely via your privacy policy, in plain language, what data will be gathered, and how that data will be used. This information should be easily accessible at the point where you are asking for consent.
You may add copy/html to any Net-Results Form in which you may link to your privacy policy or otherwise provide the required information in a compliant manner.
The GDPR requires that EU citizens may request that their personal data be completely and permanently deleted.
The GDPR requires that EU citizens may request a copy of the personal data that has been collected about them in a machine readable format.
The GDPR requires that EU citizens may request that their personal data be corrected or modified.
The GDPR requires that EU citizens be given notice, in plain language, that your website intends to use cookies to track onsite behavior. Consent must be granted in order to track EU citizens with cookies.
Net-Results Data Processing Addendum
Ensure Your Organization is Covered – Execute the DPA
The Net-Results Data Processing Addendum amends your organization’s agreement with Net-Results. The DPA describes the terms under which Net-Results will process data of EU Subjects on your behalf.