GDPR and Customer Experience

GDPR is an excellent opportunity for us to improve our customer experiences

The European Union’s General Data Protection Regulation (GDPR) standardizes data protection laws across all 28 EU countries and imposes strict new rules on controlling and processing personally identifiable information. It will go into effect on May 25, 2018. GDPR replaces the 1995 EU Data Protection Directive, and supersedes the 1998 UK Data Protection Act. TA Digital believes this presents a great opportunity for brands to focus on consumer privacy while delivering exceptional experiences.

What is GDPR and how does it affect you?

GDPR is the European Union’s new privacy law that modernizes data protection requirements. The new rules have a broad definition of personal data and broad reach, affecting any company that collects personal information of individuals in the EU. As your trusted data processor, we’re committed to compliance and to help you on your GDPR compliance journey.

How TA Digital prepared for GDPR readiness

TA Digital has a strong foundation of certified security and privacy controls and will continue to make enhancements. Enterprise customers will have the responsibility to implement these enhancements, as well as update any necessary policies and procedures. We’ve implemented a set of certified security processes and controls to help protect the data entrusted to us. This helps us comply with several security and privacy certifications, standards, and regulations.

gdpr7

A strong foundation of security and privacy compliance

We’ve deployed security processes and controls to help protect the data entrusted to us. This helps us comply with many security and privacy certifications, standards, and regulations.

gdpr5

Contract terms

TA Digital’s Data Processing Agreement has been updated in consideration of the latest GDPR requirements.

gdpr6

Privacy by design

TA Digital is driven by the mission to help you responsibly unlock the power of data. We have a long-standing practice of incorporating a proactive product development effort, also known as “privacy by design.”  For example, many of our services can obfuscate IP addresses and allow individual-level opt-outs.

gdpr4

Records of processing

TA Digital has formally documented existing privacy practices to comply with the enhanced recordkeeping requirements.

gdpr3

Data protection team

TA Digital currently has a Data Privacy Officer and a dedicated privacy team, and will continue to evaluate the need for additional steps in light of the new GDPR requirements.

gdpr2

Product and process innovation

TA Digital constantly listens to customers and looks for ways to simplify and further automate product and service offerings to better support their GDPR needs.

GDPR readiness

TA Digital realizes that GDPR is a shared compliance journey, with the regulation setting out the obligations for the various parties. The descriptions below set out the roles for brands or “data controllers,” technology providers or “data processors,” and the places where the processor may need to help or partner with the controller either through tools, processes, or documentation to help the controller.

3x

Customers’ rights as data subjects

Allowing individuals to choose what happens to their personal data is key part of GDPR. Individuals can ask companies to:

  • Delete personal data
  • Object to its processing
  • Export it
  • Access and correct errors

Smiling young businesswoman working at her desk
Business team in front of computer at desk

The role of a data controller

If you are a data controller, it is your responsibility to determine the personal data we process and store on your behalf. Please note that TA Digital may process personal data for you depending on the products and solutions you use and the information you choose to send to your TA Digital account or service. As a controller, you will provide privacy notices to individuals who engage with your brands detailing how you collect and use information, and obtain consents, if needed. If those individuals want to know what data you maintain about them or decide they want to discontinue their relationship with you, you will respond to those requests.

The role of a data processor

When we provide software and services to an enterprise, we’re acting as a data processor for the personal data you ask us to process and store as part of providing the services to you. As a data processor, we only process personal data in accordance with your company’s permission and instructions — for example, as set out in your agreement with us. Where your data is in one of TA Digital’s cloud solutions and you need our assistance with any individual consumer requests, we will partner with you through processes, products, services, and tools to help you respond.
Two business person handshake

Get an assessment

GDPR puts increased emphasis on data collection best practices, data controller transparency, and consumer choice — all of which play a meaningful role in the customer experience. With an eye toward customer experience, you may want to think about how the following GDPR principles affect your business efforts.

Reduce unnecessary data collection
Take stock of the data you’re collecting. Gather only the data you need to be effective.
Obtain appropriate consent
When will consent be required and what form will it take? How will you provide delightful customer experiences with consent and without unwanted surprises? Consider the value proposition for consumer privacy, which can help drive conversion and loyalty.
Provide the required notice for data collection
Review and update your current privacy notices, policies, and any information provided at data collection points.
Remove unique identifiers
Consider when to make some data anonymous or pseudonymous (by replacing obviously personal details with another unique identifier, typically generated through hashing, encryption, or tokens) to help minimize compliance obligations and the risk of data and privacy breaches and claims.
Fulfill data access and delete requests
Understand how your customer will reach out to you to make data access or delete requests. Know how to define internal data retention and deletion policies and procedures.

5 steps to get started with your GDPR preparedness:

1

Take stock of your digital properties to assess which tags, cookies, or other data are necessary

2

Draft your customer journey and tell your privacy story through meaningful notices and choices

3

Create a consent management strategy with an eye towards customer experience

4

Evaluate about how you will authenticate user identity to address data subject access requests

5

Build on existing processes to help respond to data subject access requests

Have a long-term view on privacy

Privacy needs a long-term perspective. Think and design today with tomorrow’s privacy in mind. While GDPR will soon go into effect in Europe, GDPR-inspired privacy regulations are already cascading into other regions and countries. By putting in the work necessary to comply with GDPR, you will position yourself well for future privacy compliance efforts in other parts of the world.