What is GDPR?
Effective and enforced as of May 25, 2018, the General Data Protection Regulation (GDPR) is a data protection framework that was enacted by the European Union to give its citizens more control over how their personal data is used. GDPR strengthens and consolidates existing data protection laws, including extending regulations to foreign companies that process data of EU residents.
To Whom Does GDPR Apply?
If your company isn’t in the European Union, you might think you’re off the hook. You’d be wrong. The regulation doesn’t just apply to EU-based data controllers (organizations that collect data from EU citizens) and data processors (organizations that process data for the data controllers). GDPR applies to any organization that processes or controls data of any EU citizen. So, if you’re a data processor or controller with an EU citizen in your marketing database, it applies to you.
Is Movable Ink Compliant?
Yes. Movable Ink has numerous technologies and processes in place to ensure compliance with GDPR. Movable Ink is considered a data processor, because when clients use our intelligent creative solutions, we take relevant data from data controllers and use it to create personalized messages. Since we process personal data only according to the instructions of our clients, we are subject to GDPR’s rules for data processors.
What Steps Has Movable Ink Taken to Be Compliant?
The GDPR framework outlines a number of requirements that data processors like Movable Ink must meet to protect personal data and respond to consumer requests to access or delete it. The following are just some of the ways that Movable Ink complies with GDPR:
Movable Ink has invested heavily in technologies and services to protect client data
- Movable Ink has a robust information security program that includes appropriate technical and organizational measures, including encryption, pseudoanonymization, two-factor authentication and limiting access to data.
- Movable Ink only processes data in ways allowed under the data processing agreements secured with data controllers.
- Movable Ink never shares client data with other clients.
- Movable Ink has established processes for responding to requests to delete end users’ data.
- Movable Ink and its sole sub-processor Amazon Web Services (AWS) are certified under the EU-US Privacy Shield Framework.
- Movable Ink has Data Processing Addendums in place with AWS that meets the requirements of the Data Protection Act 1988 and the May 2018 GDPR regulation.
Secure Processing of Personal Data
Movable Ink ensures any processing of personal data follows strict protocols for security
- Dynamic IP addresses collected to determine an email recipient’s approximate location are associated with the unique user identification number of the end user provided by client.
- Any time a client uses email address as the unique identifier to associate with information collected from a particular campaign, the address is cryptographically hashed using SHA1.
- Any website behavior we are instructed to collect by a client is associated with a unique user identification number of the website visitor as provided by the client.
How Does GDPR Impact a Brand’s Ability to Personalize Email?
One of the core pillars of GDPR is the need for organizations to get clear consent before processing personal data belonging to any EU citizen. You’ll want to check with an informed lawyer on what constitutes consent, but your organization needs it for every EU citizen who receives a personalized email from you that leverages their data.
So where does that leave email marketers? Any campaign that you are sending must now take into account whether or not you have consent from the recipient to personalize it using their data. This can be a serious uphill climb, but it also happens to be one area where Movable Ink’s Intelligent Creative Platform can offer some much needed help.
Embracing GDPR with Intelligent Creative
With intelligent creative, email marketers have the flexibility to create 1:1 email campaigns that can fall back automatically to different levels of personalization based on access to data or the ability to leverage it based on GDPR or other privacy laws.
With Movable Ink, marketers can ensure that each recipient receives the maximum amount of personalization possible, from true 1:1 personalization that pulls in CRM and contextual data when data consent is given, to other types of personalization that don’t rely on personal data, like real-time pricing and inventory information. Learn more on our products page.
Get Smart with GDPR Resources
For more information on GDPR and the impact it can have on your marketing, we invite you to explore the resources below. We also invite you to see what’s possible with Intelligent Creative by requesting a demo.