Net-Results and the GDPR
What is the GDPR?
The GDPR (General Data Protection Regulation) is a new European Union (EU) Regulation which will replace the 1995 EU Data Protection Directive (DPD) to significantly enhance the protection of the personal data of EU citizens. The GDPR sets higher standards for organizations who collect or process personal data.
The GDPR goes into effect on May 25, 2018. The regulation builds on many of the 1995 Directive’s requirements for data privacy and security, but includes several new provisions to bolster the rights of EU citizens and add harsher penalties for violations.
The full text of the GDPR can be found here.
Does the GDPR apply to my organization?
The GDPR is designed to protect the privacy of EU citizens. If you market to EU citizens, monitor their online behavior, or “process the data” of EU citizens, then the GDPR applies to your organization. Even if you’re based outside of the EU but you control or process the data of EU citizens, you must comply with the GDPR.
DISCLAIMER: This web page does not constitute legal advice and should not be construed as such. Failure to comply with the GDPR has the potential to result in substantial consequences. We recommend that you seek legal advice from a qualified attorney to ensure your understanding of and compliance with the GDPR, as well as to verify the accuracy of any information provided on this web page.
Changes Coming to the Net-Results Platform
We are in the process of implementing several additions and changes in the Net-Results platform to make it easier for you to comply with the GDPR.
The GDPR requires that you gain affirmative consent from “data subjects” (EU citizens) in order to gather and process their personal data.
You must also maintain records that indicate when and how consent was granted or revoked.
What Net-Results is Doing:
- We are adding a new “standard” field to each Contact in Net-Results called “GDPR Consent Granted”. This field will appear as a checkbox on the “Contact Details” page.
- Adding the ability to set the new “GDPR Consent Granted” field value via .csv file upload
- Adding the ability to set the new “GDPR Consent Granted” via API call
- Adding the new “GDPR Consent Granted” field to files generated by .csv export
- Recording, with time stamp, changes in the value of the “GDPR Consent Granted” field in the Activity Stream
- Adding the ability to leverage the value of the “GDPR Consent Granted” field in Segments
- Adding a new field in Net-Results Forms specifically for acquiring GDPR consent. You’ll be able to add this field to your forms at will, but you will not be able to set it to be “checked” by default, and you will not be able to change which standard field it maps to
- It will be permanently mapped to the “GDPR Consent Granted” field.
Right to Deletion of Personal Data
The GDPR requires that EU citizens may request that their personal data be completely and permanently deleted.
What Net-Results is Doing: We are adding a “GDPR Delete” button on the Contact Details page that will perform a GDPR compliant deletion of the Contact.
Access to / Portability of Personal Data
The GDPR requires that EU citizens may request a copy of the personal data that has been collected about them in a machine readable format.
What Net-Results is Doing: We are adding an export option to the Contact Details page that will export customer data, including standard fields, custom fields, and activity stream, in JSON format. JSON is an internationally recognized standard format for data portability.
Right to Modification of Personal Data
The GDPR requires that EU citizens may request that their personal data be corrected or modified.
What Net-Results is Doing: There’s nothing we need to do here as you already have the capability of modifying any personal data for any given Contact at your convenience via the Contact Details page.
Ability to Consent to Being Tracked by Cookies
What Net-Results is Doing: We are providing the means to opt in/out of tracking via the Net-Results beacon.
Net-Results Data Processing Addendum
Ensure Your Organization is Covered – Execute the DPA
The Net-Results Data Processing Addendum amends your organization’s agreement with Net-Results. The DPA describes the terms under which Net-Results will process data of EU Subjects on your behalf.