Marketing with Lytics / GDPR

Supporting GDPR with Lytics

The European Union General Data Protection Regulation (GDPR), first approved by the EU Parliament in April 2016, goes into effect May 25, 2018. GDPR aims to standardize and strengthen data protection policies for residents of EU member nations from privacy and data breaches in an increasingly data-driven world. Any company processing personal data related to the offering of goods and services to people in the EU are affected, and the fines for breaching GDPR are significant - up to 4% of annual company revenue or €20 Million (whichever is greater).

There are three main players outlined in the GDPR policy, the Data Subject, the Data Controller and the Data Processor. Your organization, acts as a Data Controller for your customers and is required to determine the purpose(s), conditions, and means of the processing of their personal data, the Data Subject being the “real person” whose personal data is being processed. Lytics acts as the Data Processor and processes data on behalf of your organization.

This use case explains how you can use the Lytics Platform to support your GDPR compliance efforts.

NOTE: Lytics cannot offer legal advice regarding GDPR compliance or answer specific questions related to the interpretation of the GDPR. We recommend you consult your organization’s legal counsel and/or privacy experts to determine what is required for your specific organization.

Consent

The GDPR requires that consent must be “freely given, specific, informed, and unambiguous.” You must gain consent from your Customer before you can collect or process any data about them or their interaction. You can use a basic Lytics modal to prompt your customers for consent before enabling the Lytics JavaScript Tag.

Right of Access and Data Portability

The GDPR offers Data Subjects, your Customers, the right to know if their personal data is being processed, and if so, access to that data. Your customers also have the right to receive their personal data in a structured, commonly used and machine-readable format and have the right to transmit that personal data to another Data Controller. Your organization is responsible for managing the request for access and the verification of your Customer's identity. As Data Processor, Lytics fully supports your organization's ability to comply with these regulations by providing a Download profile option in the Lytics UI. Your customers' profile data from Lytics will be downloaded as a JavaScript Object Notation (JSON) file. JSON is a common, machine-readable file format that complies with the GDPR Right to Portability.

Right to Erasure

The GDPR also grants the Data Subject, your Customer, the right to erasure of personal data without undue delay. Lytics, as Data Processor, fully supports your organization’s ability to comply with this regulation providing a Delete user option in the Lytics UI. This will send a deletion request to the Lytics platform and the Lytics platform will process the request for the customer identifier provided. This deletion request will be fulfilled within 14 days.

Further information

Lytics has answered some frequently asked questions regarding using Lytics to support GDPR. You can also visit the official GDPR portal to learn more.