ReachEffect LTD & the EU’s GDPR Regulations
What is GDPR?
The General Data Protection Regulation (“GDPR”) is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). It also addresses the export of personal data outside the EU and EEA areas. The GDPR aims primarily to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. Superseding the Data Protection Directive, the regulation contains provisions and requirements pertaining to the processing of personal data of individuals (formally called data subjects in the GDPR) inside the EEA, and applies to an enterprise established in the EEA or—regardless of its location and the data subjects’ citizenship—that is processing the personal information of data subjects inside the EEA.
ReachEffect’s commitment to privacy compliance across every aspect of its business is of utmost importance to us. We are dedicated to creating a safe and transparent environment for both our advertisers and publishers, as well as their users.
Does GDPR Pretrain to You?
GDPR applies to any way data is stored or processed, related to EU residents. All databases associated with a particular business entity; marketing, sales, HR, accounting, fall under the new regulation. Data subjects (customers/partners/employees/users) must be asked in language that is “concise, transparent, and intelligible” whether or not they would like to opt into marketing activities and data-sharing. GDPR removes the option of blanketed or bundled consent, consent by default or consent as a condition of sale, service or general terms and conditions. It also means no more pre-filled check boxes or consent “below the fold.”
While this has been standard operating procedures from many marketers, a more particular new concern for marketers and consumers in regard to GDPR is the “use of data for 3rd parties” checkbox, of which now must list the third parties that may have access to their data specifically. All of the above will impact the marketing industry, especially when it comes to personalization , profiling and any marketing activities that involve big data processing.
Another major GDPR change is the right “to be forgotten.” Individuals must be told they have the ability to be able to easily withdraw their consent for data processing if there is there is “no overriding legitimate interest” for a business to hold onto it. The right “to be forgotten” also means the individual has the right to have its data “erased” when processing is no longer necessary in relation to the purpose for which it was originally collected.
Make Sure Your Business is GDPR-Compliant
GDPR applies to processing carried out by organizations operating within the EU. It also applies to organizations outside the EU that offer goods or services to individuals in the EU.
Failure to comply with GDPR can result in strict penalties for non-compliant companies. ReachEffect is fully committed to compliance and could not stress enough the need to seek out legal advice, to review your own data-collection practices.
While GDPR does require major changes in the way network, publishers and advertisers conduct their business, it is also a great opportunity for the Advertising Industry to review its business practices, improve transparency to all players involved and emphasize a greater respect to users’ privacy and the right to control their own personal information.
Essential Steps for Compliance
To ensure ReachEffect’s readiness for GDPR compliance, we have reviewed our own business practices and have taken serious measure to address both data storage and its ongoing security.
ReachEffect only stores personal user data for a period allowed by GDPR guidelines, while personally identifiable data will be concealed, to ensure user privacy.
We are also committed to safely storing user data, while providing our partners with an immediate notification when a data breach does occur.e