Corrie-Dee Whaite 25th May 2018
As your media partner in Digital Marketing, we believe that securing and protecting sensitive and confidential customer data is central to everything we do. Over the past 18-24 months, we have been working hard towards GDPR compliance refining internal data processes and procedures to ensure GDPR compliance. We believe Corrie D Marketing is in compliance with GDPR.
Below is a summary of additional questions you may have.
What is GDPR?
The General Data Protection Regulation (“GDPR”) is a new set of regulations that harmonize the data privacy laws across the European Union (“EU”). The GDPR sets out a number of rules to protect personal data processing, personal data movement, and other individual rights and freedoms.
When does GDPR come into effect?
May 25, 2018.
Who does GDPR apply to?
GDPR applies to all individuals (or “data subjects”) residing in the EU.
What organizations are subject to GDPR?
GDPR applies to any organization processing personal data that is: (i) established in the EU (regardless of where the personal data processing takes place); (ii) offering goods and services in the EU; or (iii) monitoring behaviour of EU individuals.
What data is subject to GDPR?
GDPR applies to personal data that is processed or profiled.
What is Personal Data?
Personal data is any data that relates to an identified or identifiable individual, including elements such as: (i) location data; (ii) online identifiers; (iii) identification numbers; and (iv) profiling data (e.g., cookie data). Personal data also includes personal characteristics such as physical, physiological, genetic, mental, economic, cultural, or the social identity of an individual.
What is Profiling?
GDPR applies to those circumstances where individuals are profiled, or where personal data is used to evaluate certain personal aspects of an individual. Using Internet preferences and cookie data to create individual profiles falls into this category. Profiled personal data includes information such as economic situation, personal preferences, interests, online behaviour, IP addresses, geo-location data, and movement data.
What is Data Processing?
Data Processing is defined quite broadly under GDPR and includes any action, whether automated or not, performed on personal data. Such actions may include viewing personal data on a computer screen (regardless of where the data is stored) and transforming or classifying information. Any personal data processing must be performed in compliance with GDPR.
What is a Data Controller?
A Data Controller is any organization that owns or controls the means of personal data. Corrie D Marketing are data controllers for our data and our clients data. But we are also data processors and data controllers of our clients data (dependant on marketing services).
What is a Data Processor?
A Data Processor is any third-party to whom a Data Controller provides personal data for processing. These may include consultants, agencies, tracking technology providers, ad tech analytics, marketing firms, CRM providers, marketing analytics tools, and outsourced email providers. Corrie D Marketing is a Data Processor under GDPR when providing services to our customers.
What actions has Corrie D Marketing taken in preparation for GDPR?
Corrie D Marketing has always maintained the highest standards with respect to protecting confidential information and complying with privacy rules and regulations around the globe. We have reviewed this status in the context of GDPR to ensure compliance.
Corrie D Marketing only processes the minimum amount of data necessary to provide our customers with meaningful analytics and management tools.
Please contact Corrie D Marketing at firstname.lastname@example.org
Additional GDPR Resources:
- European Commission — Seven Steps for Businesses to Get Ready for the General Data Protection Regulation. https://ec.europa.eu/commission/sites/beta-political/files/data-protection-factsheet-business-7-steps_en.pdf
- ICO – https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/
- Google’s Data Privacy Site. https://privacy.google.com/businesses/
- Interactive Advertising Bureau – Europe: Privacy & Data Protection Information. https://www.iabeurope.eu/category/policy/data-protection/
- Interactive Advertising Bureau – Europe: Transparency & Consent Framework. http://advertisingconsent.eu/
- Oath’s Privacy Center. https://policies.oath.com/us/en/oath/privacy/index.html
- International Association of Privacy Professionals – GDPR Checklist. https://iapp.org/resources/article/gdpr-checklist/
- Amazon Advertising: Advertising and the EU General Data Protection Regulation. https://advertising.amazon.com/ad-specs/en/policy/gdpr
- Digital Content Next “Ad Ops: the unlikely GDPR heroes. 10 Actionable Steps to Digital GDPR Compliance”. https://digitalcontentnext.org/blog/2018/02/06/ad-ops-unlikely-gdpr-heroes/