The DMP provides you with the tools to be GDPR compliant by allowing you to anonymize contract records upon request. Distribion has found that the best method to be compliant is to change specific records, rather than to delete the contact, the personal data must be stored using pseudonymization or full anonymization. A process in which the personal identifiable information is removed and the original contact record is retained. Anonymisation of the data can address the concern that eliminating all traces of a contact record negates the ability to prove or disprove the historical accuracy of a contact’s claim: Removing the contact’s requested personal data (meaning they can no longer be marketed to) while at the same time leaving the historical footprints, all related to that contact record. Since the system record ID for the contact is retained, Administrators can validate what actions were taken for GDPR compliance. Please see suggested actions to help with compliance obligations.

Review and Update Consent and Privacy
  1. It is the responsibility of the organization managing the platform and its contacts to review the consent given for exiting contacts (unnecessary if consent was originally obtained in a manner that is in line with the GDPR).
  2. Review your consent forms (signup forms) to ensure any new information obtained about an individual is in compliance with GDPR regulations.
  3. Review public-facing policies around data collection (e.g. your online Privacy Policy) to ensure that all aspects of data collection, usage and sharing are covered and transparent. Also consider the availability of these privacy policies to current and prospective contacts.

Responses to Contact Requests
  1. The process for the contact to exercise their rights as a data subject should be clear. Make sure instructions for the process are where they’re expected to be and that the mechanism to make the request is easy to use and does not require special knowledge beyond that needed to verify the request.
  2. Requests for information may not always be legitimate. As the administrators of the platform, confirmation of the identity of the requester may be required so that personal data is not distributed to an invalid entity.
  3. Responses should be on time and accurate.
  4. There may be lawful grounds that prevent an organization from modifying or deleting, in part or whole, the record. Consider these actions carefully and fully document the reasoning behind each action.
  5. Keep responses to data subjects clear and unambiguous.
  6.  Data that is requested by the contact, should be in a common readable and portable file format external to the organization’s host systems.
  7. Generally, an organization will have one month, or 30 days, to fulfill a request (though there are allowances for additional time under certain circumstances).

Steps on how anonymize in the Distribion Platform
There will be two options to remove identifying data (anonymize) either by the API if applicable or by manual input. If done by API the same anonymizing data can be used in the manner in which manual updates of the information are committed. 
To manually anonymize the contact record in the Distributed Marketing Platform follow the process below:
  1. Log into the Distributed Marketing System
  2. Click on Menu > then Contact Management
  3. Search for the contact in need of GDPR compliance
  4. Update the appropriate contact fields with the internally agreed GDPR nomenclature Consider the Notes field and input any internal documentation required 



            

 

  1. Once edits to the contact record are are complete click on Save.

Using this method of anonymization, the contact record can always be referenced in the future, but remain GDPR compliant. This may not be possible if the entire record is removed from the system.
It is suggested that records are kept of your signup forms, data collection mechanisms, and processing activities. These records may be composed of the underlying code, a screenshot, PDF, and/or use-case description of any data collection mechanism that is currently being used. This archive can be used to help prove the nature of consent between the organization and its contacts.


Steps on how to export contact data in the Distribion Platform
  1. Log into the Distributed Marketing System
  2. Menu > Contact Management > select Search Group in the drop-down box for a specific contact group OR check the boxes for all applicable groups and select Search in the drop-down box below the table as shown below.



 

  1. Click on the Visibility button >  add the appropriate fields by checking each item desired > click on Save Changes > click on the Export button




 

  1. Depending on the Internet browser in use, a prompt to download the file will be presented. Once the file is saved, this export can be utilized to organize, search and sort specific data.

 

  • This material is provided for your general information and is not intended to provide legal advice. To understand the full impact of the GDPR on any of your data processing activities please consult with an independent legal and/or privacy professional.