Net-Results and the GDPR

Net-Results and the GDPR

What is the GDPR?

The GDPR (General Data Protection Regulation) is a new European Union (EU) Regulation which will replace the 1995 EU Data Protection Directive (DPD) to significantly enhance the protection of the personal data of EU citizens. The GDPR sets higher standards for organizations who collect or process personal data.

The GDPR goes into effect on May 25, 2018. The regulation builds on many of the 1995 Directive’s requirements for data privacy and security, but includes several new provisions to bolster the rights of EU citizens and add harsher penalties for violations.

The full text of the GDPR can be found here.


Does the GDPR apply to my organization?

The GDPR is designed to protect the privacy of EU citizens. If you market to EU citizens, monitor their online behavior, or “process the data” of EU citizens, then the GDPR applies to your organization. Even if you’re based outside of the EU but you control or process the data of EU citizens, you must comply with the GDPR.


DISCLAIMER: This web page does not constitute legal advice and should not be construed as such. Failure to comply with the GDPR has the potential to result in substantial consequences. We recommend that you seek legal advice from a qualified attorney to ensure your understanding of and compliance with the GDPR, as well as to verify the accuracy of any information provided on this web page.

Changes Coming to the Net-Results Platform

We are in the process of implementing several additions and changes in the Net-Results platform to make it easier for you to comply with the GDPR.

The GDPR requires that you gain affirmative consent from “data subjects” (EU citizens) in order to gather and process their personal data.

You must also maintain records that indicate when and how consent was granted or revoked.

What Net-Results is Doing:

  •  We are adding a new “standard” field to each Contact in Net-Results called “GDPR Consent Granted”. This field will appear as a checkbox on the “Contact Details” page.
  • Adding the ability to set the new “GDPR Consent Granted” field value via .csv file upload
  • Adding the ability to set the new “GDPR Consent Granted” via API call
  • Adding the new “GDPR Consent Granted” field to files generated by .csv export
  • Recording, with time stamp, changes in the value of the “GDPR Consent Granted” field in the Activity Stream
  • Adding the ability to leverage the value of the “GDPR Consent Granted” field in Segments
  • Adding a new field in Net-Results Forms specifically for acquiring GDPR consent. You’ll be able to add this field to your forms at will, but you will not be able to set it to be “checked” by default, and you will not be able to change which standard field it maps to
  • It will be permanently mapped to the “GDPR Consent Granted” field.

The granting of Consent requires that you disclose, likely via your privacy policy, in plain language, what data will be gathered, and how that data will be used. This information should be easily accessible at the point where you are asking for consent.

You currently have the ability to add copy/html to any Net-Results Form in which you may link to your privacy policy or otherwise provide the required information in a compliant manner.

Right to Deletion of Personal Data

The GDPR requires that EU citizens may request that their personal data be completely and permanently deleted.

What Net-Results is Doing: We are adding a “GDPR Delete” button on the Contact Details page that will perform a GDPR compliant deletion of the Contact.

Access to / Portability of Personal Data

The GDPR requires that EU citizens may request a copy of the personal data that has been collected about them in a machine readable format.

What Net-Results is Doing: We are adding an export option to the Contact Details page that will export customer data, including standard fields, custom fields, and activity stream, in JSON format. JSON is an internationally recognized standard format for data portability.

Right to Modification of Personal Data

The GDPR requires that EU citizens may request that their personal data be corrected or modified.

What Net-Results is Doing: There’s nothing we need to do here as you already have the capability of modifying any personal data for any given Contact at your convenience via the Contact Details page.

Ability to Consent to Being Tracked by Cookies

The GDPR requires that EU citizens be given notice, in plain language, that your website intends to use cookies to track onsite behavior. Consent must be granted in order to track EU citizens with cookies.

What Net-Results is Doing: We are providing the means to opt in/out of tracking via the Net-Results beacon.

Net-Results Data Processing Addendum

Ensure Your Organization is Covered – Execute the DPA

The Net-Results Data Processing Addendum amends your organization’s agreement with Net-Results. The DPA describes the terms under which Net-Results will process data of EU Subjects on your behalf.

Review and execute the DPA here.


Questions or concerns?