Here’s an explanation of the steps we have taken and our suggestions so that you can be sure that your organization is compliant with the EU General Data Protection Regulation (GDPR).
As many of you know on 25th May 2018 a new European data protection law comes into force, known as the GDPR (General Data Protection Regulation).
This new law sees the introduction of several notable changes with respect to the processing and storage of personal data and furthermore, perhaps most importantly, what’s considered to be personal data. The range of personal data affected by the new regulations will increase as the GDPR covers data which, up until now has not come under regulations.
The most important change, brought about by the new legislation is, without a doubt, what is considered as the user´s consent. From 25th May onwards the implied consent for the use of personal information will no longer be permitted instead an explicit and informed consent will become a mandatory requirement. Pre-marked boxes and consent such as ”if you continue browsing“ which are so common at the moment, will become a thing of the past. As from May onwards, all users must give an explicit and informed consent for their personal data to be used.
The implementation of the GDPR will affect all businesses, all of whom must comply with the new regulation irrespective of their origin or activity; if they collect, keep, process, use or manage any type of data from any European citizen.
A few months ago, after seeking professional advice, AffiliRed revised both our data processing systems as well as the actual data which we collected, thus assuring ourselves that we comply with all the necessary requirements before the new legislation comes into force on the 25th May. Currently, we are making those changes and training all of our teams about the law concerning the collection and handling of Personal Data.
In addition to this In-house work, we have also been in contact with each one of our suppliers assuring ourselves beforehand that they are also taking the necessary steps and that their whole process of data handling is adhering to the new European regulations.
If you haven´t done already, then you need to look at what data you have on your clients and you must confirm with them that you are able to continue using their data. We would also suggest that you revise your processes and make an inventory of those which make use personal data so you can adapt them to meet the new law.
And don´t forget, that under the new GDPR, some data such as Device I. D´s and other technical identification could come under the definition of what is personal data (depending on context).
Unfortunately, as each advertiser is distinct, with characteristics and processes, we can´t give out general advice as it really depends on what services you have contracted with AffiliRed and how you use these services.
The good news is, whatever the case may be, we are able to give you all the information necessary about which services you have contracted with us and how the new GDPR will affect them, so this way you can be assured of having all the required information to make the correct changes.
Please do not hesitate to get in contact with AffiliRed with any questions or doubts you may have about the new GDPR