The General Data Protection Regulation or the Data Protection Act 2018 (UK)
Lead Intuition is a British company and as as such, compliance with GDPR is as important to us as it is to our customers and partners. The GDPR is retained in domestic law as the UK GDPR, but the UK has the independence to keep the framework under review. The ‘UK GDPR’ sits alongside an amended version of the DPA 2018.
Set out below is general information about GDPR and what we Lead Intuition and our marketing automation partner ActiveDEMAND has done to achieve and maintain compliance.
The GDPR (General Data Protection Regulation) is a European privacy law approved by the European Commission in 2016 and otherwise known in the United Kingdom as the Data Protection Act 2018.
A regulation such as the GDPR is a binding act, which must be followed in its entirety throughout the EU including the United Kingdom, irrespective of Brexit. The GDPR is an attempt to strengthen, harmonise, and modernise EU data protection law and enhance individual rights and freedoms, consistent with the European understanding of privacy as a fundamental human right. The GDPR regulates, among other things, how individuals and organisations may obtain, use, store, and eliminate personal data.
The GDPR was adopted in April 2016 and was officially enforced beginning on May 25, 2018.
The GDPR applies to any organisation processing personal data of EU citizens—regardless of where it is established, and regardless of where its processing activities take place. This means the GDPR could apply to any organisation anywhere in the world, and all organisations should perform an analysis to determine whether or not they are processing the personal data of EU citizens. The GDPR also applies to all industries and sectors.
As per the GDPR, personal data is any information relating to an identified or identifiable individual; meaning, information that could be used, on its own or in conjunction with other data, to identify an individual. Personal data will now include not only National Insurance data, names, physical addresses, email addresses, but also data such as IP addresses, behavioural data, location data, bio-metric data, financial information, and much more.
In the context of GDPR, processing is “any operation or set of operations which is performed on personal data or on sets of personal data, whether by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Basically, if you are collecting, managing, using or storing any personal data of EU/UK citizens, you are processing personal data within the meaning prescribed by the GDPR.
Individuals have the right to receive “fair and transparent” information about the processing of their personal data, including:
Yes, the GDPR contains provisions that address the transfer of personal data from EU member states to third-party countries, such as the United States. The GDPR’s provisions regarding cross-border data transfers, however, do not radically differ from the provisions in place under the Directive. The GDPR, like the Directive, does not contain any specific requirement that the personal data of EU citizens be stored only in EU member states. Rather, the GDPR requires that certain conditions be met before personal data is transferred outside the EU, identifying a number of different legal grounds that organisations can rely on to perform cross-border data transfers. One legal ground for transferring personal data set out in the GDPR is an “adequacy decision.” An adequacy decision is a decision by the European Commission that an adequate level of protection exists for the personal data in the country, territory, or organisation where it is being transferred. The Privacy Shield framework constitutes one such example of an adequacy decision.
ActiveDEMAND is excited about the GDPR and the strong data privacy and security principles that it emphasises, many of which ActiveDEMAND has instituted long before the GDPR was enacted. ActiveDEMAND, as a Canadian company, has had to help marketers comply with some of the toughest privacy legislation in the world. ActiveDEMAND believes that the GDPR is an important milestone for the EU and the rest of the world in the data privacy landscape.
For GDPR, ActiveDEMAND reviewed and updated where necessary all of their internal processes, procedures, data systems, and documentation. This included, among other things:
ActiveDEMAND is a personalisation platform. The core use of ActiveDEMAND is the collection of and interpreting of behavioural data for the purpose of shortening buyer journeys. As such this entails the processing of personal data under the GDPR. It is important that users of ActiveDEMAND use the many tools provided by ActiveDEMAND to help your audience understand what you are doing, why you are doing it, and how they can opt-in, opt-out, be forgotten, and see what data you have collected. This article (below) will give you some guidance on what is available in ActiveDEMAND to help you comply with GDPR.
It is important to note, you should never collect sensitive personal data, such as health information or information that reveals a person’s racial or ethnic origin using any marketing platform including ActiveDEMAND.
ActiveDEMAND is a marketing automation and reporting platform, which may include associated consulting and technical support services. Use of the platform by subscribers in the European Economic Area (EEA) entails the processing of personal data under the GDPR.
ActiveDEMAND is provided by the Canadian company, JumpDEMAND, Inc. In the United Kingdom, Lead Intuition Ltd is the official reseller of ActiveDEMAND.
JumpDEMAND, Inc. offers its subscribers in the EEA two agreements to cover GDPR compliance, in addition to their existing agreement:
What does this mean? In broad terms, it means that if you are subscriber in an EU member state, Norway, Iceland or Liechtenstein, you can continue to transfer your lawfully processed personal data to JumpDEMAND, Inc. under the GDPR, who will process those data on your behalf.
ActiveDEMAND has always given marketers the tools to help with privacy and data handling. Here are a few examples
ActiveDEMAND has a simple process for obtaining and recording (and tracking) consent. ActiveDEMAND has Opt-In form elements, dynamic opt-in email fields, dynamic opt-in landing pages that give the marketer the ability to easily provide the opportunity to Opt-In to marketing communications. All Opt-Ins are captured, recorded, and managed on a the ActiveDEMAND prospect timeline thus it is easy to report on when a prospect has opted in and how. ActiveDEMAND as well provides a simple one-click guard for enforcing the Opt-In communications (i.e. globally locking outbound communication to only those who have opted in).
ActiveDEMAND has always had a simple system for tracking opt-outs. With ActiveDEMAND it is technically impossible to send an email to someone who has opted out. As well, ActiveDEMAND does not allow outbound communications to people without providing the ability to opt-out (unsubscribe).
With ActiveDEMAND, deleting a contact will permanently delete all data related to that individual. As well, ActiveDEMAND provides a simple ‘Forget Me’ form element that can be presented to a prospect.
All of the data collected on a contact is easily accessible within the platform. ActiveDEMAND provides a simple form element that makes it easy for marketers to automate or semi-automate the process of complying with a ‘right of access’ request. ActiveDEMAND has an extensive privacy policy that describes what data ActiveDEMAND collects.
All of ActiveDEMAND’s data can be exported. This includes contact lists, metadata, and the conversions captured within the database.
In accordance with GDPR, it is important that marketers communicate with their audience what is being tracked, and what options they have to avoid the tracking. With ActiveDEMAND being a powerful marketing system with a lot of tracking systems, educating your audience is a critical step. Having a privacy and cookie policy is the first step. To help you draft a solid tracking and cookie policy, ActiveDEMAND has drafted a list of what is being tracked and the prospect’s options to avoid the tracking. If you are a UK business and would like to know more about Tracking or our compliance to GDPR, please contact Lead Intuition.
UK Based Support and Service
Lead Intuition offers UK based Integration, Consulting, Training and Support for ActiveDEMAND's awesome marketing platform. Hands on support when you need it and telephone, online page and video tutorials to get you started - all there to help you maximise your marketing impact
Copyright 2017-2020 Lead Intuition all rights reserved | Registered in England Company No 10861904