Net-Results and the GDPR

Net-Results and the GDPR

What is the GDPR?

The GDPR (General Data Protection Regulation) is a European Union (EU) Regulation which replaced the 1995 EU Data Protection Directive (DPD) to significantly enhance the protection of the personal data of EU citizens. The GDPR sets higher standards for organizations who collect or process personal data.

The GDPR went into effect on May 25, 2018. The regulation builds on many of the 1995 Directive’s requirements for data privacy and security, but includes several new provisions to bolster the rights of EU citizens and add harsher penalties for violations.

The full text of the GDPR can be found here.

 

Does the GDPR apply to my organization?

The GDPR is designed to protect the privacy of EU citizens. If you market to EU citizens, monitor their online behavior, or “process the data” of EU citizens, then the GDPR applies to your organization. Even if you’re based outside of the EU but you control or process the data of EU citizens, you must comply with the GDPR.

 

DISCLAIMER: This web page does not constitute legal advice and should not be construed as such. Failure to comply with the GDPR has the potential to result in substantial consequences. We recommend that you seek legal advice from a qualified attorney to ensure your understanding of and compliance with the GDPR, as well as to verify the accuracy of any information provided on this web page.

GDPR Compliance with the Net-Results Marketing Platform

Many additions and changes have been implemented in the Net-Results platform to make it easier for you to comply with the GDPR.

The GDPR requires that you gain affirmative consent from “data subjects” (EU citizens) in order to gather and process their personal data.

You must also maintain records that indicate when and how consent was granted or revoked.

  • A “standard” field exists on each Contact in Net-Results called “GDPR Consent Granted”. This field appears as a checkbox on the “Contact Details” page.
  • You have the ability to set the new “GDPR Consent Granted” field value via .csv file upload
  • You have the ability to set the new “GDPR Consent Granted” via API call
  • The “GDPR Consent Granted” field is included in files generated by .csv export
  • Changes in the value of the “GDPR Consent Granted” field are recorded, time/date stamped, and surfaced in the Activity Stream
  • You have the ability to leverage the value of the “GDPR Consent Granted” field in Segments
  • Net-Results Forms have features specifically for acquiring GDPR consent. You may add these features to your forms at will

The granting of Consent requires that you disclose, likely via your privacy policy, in plain language, what data will be gathered, and how that data will be used. This information should be easily accessible at the point where you are asking for consent.

You may add copy/html to any Net-Results Form in which you may link to your privacy policy or otherwise provide the required information in a compliant manner.

Right to Deletion of Personal Data

The GDPR requires that EU citizens may request that their personal data be completely and permanently deleted.

The process of deleting Contacts in Net-Results is fully GDPR compliant. All identifiable traces of each deleted Contact are irrevocably destroyed (you’ll be reminded of this before you actually delete Contacts).

Access to / Portability of Personal Data

The GDPR requires that EU citizens may request a copy of the personal data that has been collected about them in a machine readable format.

The Contact Details page provides a simple button to export customer data, including standard fields, custom fields, and activity stream, in JSON format. JSON is an internationally recognized standard format for data portability.

Right to Modification of Personal Data

The GDPR requires that EU citizens may request that their personal data be corrected or modified.

You may of course modify personal data for any given Contact at your convenience via the Contact Details page within the Net-Results platform.

Ability to Consent to Being Tracked by Cookies

The GDPR requires that EU citizens be given notice, in plain language, that your website intends to use cookies to track onsite behavior. Consent must be granted in order to track EU citizens with cookies.

The Net-Results beacon provides the ability to opt-out of tracking at will.

Net-Results Data Processing Addendum

Ensure Your Organization is Covered – Execute the DPA

The Net-Results Data Processing Addendum amends your organization’s agreement with Net-Results. The DPA describes the terms under which Net-Results will process data of EU Subjects on your behalf.

Review and execute the DPA here.

 

Questions or concerns?