Supporting GDPR with Lytics
The European Union General Data Protection Regulation (GDPR), first approved by the EU Parliament in April 2016, goes into effect May 25, 2018. GDPR aims to standardize and strengthen data protection policies for residents of EU member nations from privacy and data breaches in an increasingly data-driven world. Any company processing personal data related to the offering of goods and services to people in the EU are affected, and the fines for breaching GDPR are significant - up to 4% of annual company revenue or €20 Million (whichever is greater).
There are three main players outlined in the GDPR policy, the Data Subject, the Data Controller and the Data Processor. Your organization, acts as a Data Controller for your customers and is required to determine the purpose(s), conditions, and means of the processing of their personal data, the Data Subject being the “real person” whose personal data is being processed. Lytics acts as the Data Processor and processes data on behalf of your organization.
This use case explains how you can use the Lytics Platform to support your GDPR compliance efforts.
NOTE: Lytics cannot offer legal advice regarding GDPR compliance or answer specific questions related to the interpretation of the GDPR. We recommend you consult your organization’s legal counsel and/or privacy experts to determine what is required for your specific organization.
Right of Access and Data Portability
Right to Erasure
The GDPR also grants the Data Subject, your Customer, the right to erasure of personal data without undue delay. Lytics, as Data Processor, fully supports your organization’s ability to comply with this regulation providing a Delete user option in the Lytics UI. This will send a deletion request to the Lytics platform and the Lytics platform will process the request for the customer identifier provided. This deletion request will be fulfilled within 14 days.