How can ACTITO help you get GDPR-compliant?
by Benoît de Nayer
There is no need to remind marketers about the importance of personal data protection two months before the GDPR becomes effective. Nor do we think that an exhaustive review of the provisions of the General Data Protection Regulation is useful. Instead, we refer you to the many excellent online resources on this topic, such as the site of the French National Commission on Informatics and Liberty (CNIL).
Instead we are more interested in showing how ACTITO can make life much easier for marketers that wish to be GDPR-compliant. ACTITO can significantly reduce stress for certain marketing managers thanks to the functionality of its platform and a set of tools it will soon be launching.
A. ACTITO’S SOLUTIONS
For purposes of simplicity, we will discuss the functionality of our platform based on the 7 main principles set out in the GDPR.
1. Lawfulness and loyalty
Personal data must be collected lawfully and fairly. This data collection must therefore be based on one of the reasons set out in the regulation. Most marketers will generally choose the consent of the data subject.
This consent must be obtained fairly, i.e., without “tricking” the data subject. What do we mean by this? By trying to coerce the data subject into giving his/her consent with mechanisms such as pre-checked boxes for example. Marketers must also prove that this consent was obtained in compliance with the regulation.
ACTITO makes this process much easier as you can use the platform to easily create GDPR-compliant data collection forms and store proof of this consent and of the context in which it was given. See our previous article for further details about how to obtain valid consent.
The principle of transparency, which is inextricably linked to the first principle, stipulates that the data subject whose data is collected is informed about the purposes of the data processing, the contact details of the controller and how to assert his/her rights.
It will also make it easier for you to prove that the data subject had access to all this information when he or she consented to the use of his/her personal data.
Likewise, the data subject can immediately withdraw his/her consent in the “Preference Center”.
ACTITO consequently makes it easier for data subjects to assert their right to erasure (“right to be forgotten”) and facilitates data portability. Marketers can keep a central overview over all the data in the Datamart Studio. They can thus easily delete this data with just a few clicks or export it to a more common format.
ACTITO always keeps an audit trail of all the changes made, for purposes of proof.
3. Purpose limitation
Generally, the purpose of data collection using ACTITO is always the same: enabling brands to communicate with their customers and consumers.
We never use our customers’ data for other purposes.
This is called “first party” data. Using “first party” data allows you to limit the risks of having a data subject attack your data processing methods because they are not consistent with the scope that was initially set out.
Let’s take the example of a social media campaign. In this case, the brand runs the risk that its campaign is not consistent with the purpose of social media, which the consumer initially accepted (namely to communicate with friends).
4. Data minimization
The law starts from the idea that you run a higher risk, the more data you collect. This is called the principle of accountability.
ACTITO is very efficient when it comes to collecting data. Preferring to concentrate on Smart Data instead of Big Data, ACTITO only collects and processes those data that are needed for the purposes to which the consumer consented. So ACTITO doesn’t use multiple trackers that collect all kinds of data when the data subject visits a site. When possible, the data is also aggregated to limit the amount of processed data.
The GDPR insists that you should only process qualitative data. ACTITO has a set of tools that allow you to do this.
ACTITO’s forms allow you to make sure that the data are correctly formatted at the time of encoding.
An email address that is encoded in ACTITO will immediately be analyzed to check whether its Top Level Domain (TLD) is known.
Likewise, when data is imported into ACTITO, the platform will conduct checks to ensure they are correctly formatted.
And ACTITO also offers the optional functionality to connect to external repositories to check whether certain data such as the physical address is correct.
Thanks to ACTITO’s enrichment functionality, all the data in the database can immediately be updated when the data subject provides new data.
6. Limiting data storage
The GDPR requires companies to only store data as long as they are needed for the purpose of data processing. If a data subject did not click on an email over a three-year period, then this inactive data subject must be deleted from the database.
ACTITO does however store interaction data for 12 months (which can optionally be extended to 24 or 36 months) by default and can also automatically archive the data of inactive data subjects.
7. Integrity and confidentiality
Companies must collect and process this data in a secure environment to prevent access to, deletion of or alterations of this data by third parties.
Companies must take a series of technical and organizational measures to ensure the data is secure.
ACTITO has always considered data security one of the cornerstones of marketing technology. That is why we have taken a series of measures to guarantee your data security.
From the outset, we have decided to use high-quality storage solutions (our data centers are all in Europe and have ISO 270001 certification).
As far as the development of our solutions is concerned, we use methods that focus on data security.
All our data processing is conducted according to procedures that are regularly updated to assure the highest possible quality in all our daily operations.
We dedicate a very large share of our training budget to data security.
In the next few months, we will take a set of supplementary measures, that extend well beyond the GDPR requirements to increase ACTITO’s security level even more. We will keep you informed about this.
B. Our contract of confidence
ACTITO commits to helping marketers to comply with GDPR requirements with the functionality and services it provides to them.
ACTITO’s commitments are clearly set out in the latest version of the ACTITO licensing agreement, which you will receive the next few weeks.
It is vital that you sign and return this new agreement to us, so you comply with the Regulation.
C. A GDPR roadmap
We have launched a set of new functionalities which will make compliance even easier and allow you to map your marketing data.