CAPTIFY S GDPR READY POSITION: + + EU REGULATION 25TH MAY 2018 UPDATE TO DPD PERSONAL DATA CONSENT

Transcription

1 CAPTIFY ON GDPR

2 POSITION: + + EU REGULATION 25TH MAY 2018 UPDATE TO DPD PERSONAL DATA CONSENT + + The GDPR (General Data Protection Regulation) is going into effect on 25th May By providing enhanced rights to European residents and nationals within the territory of the European Union and the EEA, the GDPR will radically change the way the industry collects and processes data. Captify believes the transformative nature of GDPR should be embraced. It will change the entire digital ecosystem and will lead to better practices across the industry. The industry has been crying out for more transparency, more accountability, better control and traceability on the origin of data. GDPR will go a long way to help this. It will contribute to sanitising the ecosystem, make it more accountable, lead to the emergence of new actors and increase the value of quality data. Captify believes in the utmost importance of consumer privacy and in collecting and processing data in a responsible and transparent way. Captify has been working with agencies, publishers and other ad tech companies to make sure the industry will be compliant by 25th May and that GDPR is a success. The following document is a transparent view into Captify s GDPR preparations; it answers the questions that we are most often asked about our preparations to become GDPR Ready for May 25th.

3 What is Captify doing to prepare for the GDPR? Captify has appointed a dedicated multidepartmental team to administer and oversee GDPR compliance. This team have completed our data inventory, data mapping and contract audit to ensure a clear view of Captify s data workflow and to amend all our partner terms to be GDPR compliant. We have implemented tech security policies, HR and data handling policies, internal access policies and external privacy and disclaimer policies to comply with GDPR. Captify s international offices have received dedicated training in GDPR and the changes it brings to our industry. Our new DPO will be overseeing the continuous administration behind our privacy by design approach from May 25th. What is Captify s lawful basis for processing data? Captify believes that in order to process personal data in a way which maintains a positive relationship with the consumer the digital advertising industry will mostly have to rely on consent. Captify s targeting and analytics shall rely on consent as a legal basis, while its day to day activities of conversion tracking and measurement shall fall under Legitimate Interest. How will Captify ensure they receive a data subject s unambiguous consent? Captify receives all search data from direct 1st party publisher relationships. We have worked hard with these publishers in order to prepare for GDPR. All our agreements stipulate that data must be consented for publishers to work with Captify and we are offering support, tools and education for all publishers to help them gain this full consent from the end user.

4 How will Captify comply with a user s rights of access, erasure etc. under GDPR? An individual user may privacy@captify.co.uk or visit Captify s website privacy policy at any time in order to exercise their rights under GDPR by following the process set out by Captify. All rights will be complied with within the 30 day window required by GDPR. Where we do not have the ability to identify individuals, we will be unable to address individual requests for erasure. Under GDPR we would not be obligated to collect more data about the data subject for the sole purpose of responding to a request for erasure in order to comply with the law. How will GDPR affect Captify s non-eu relationships? We have ensured all data processing partners which Captify works with who are outside of the EU are covered by initiatives such as Privacy Shield, or governed by data processing agreements governing EU and GDPR compliant handling and processing of data. Our non-eu data partners in the US and beyond understand they have to comply with GDPR as their European business is important to them. What targeting that we offer today will not be available from 25th May? We have been working with our partners for over a year to make sure there would be no disruption post 25th May. We will offer the same kind of targeting and insights powered by Search Intelligence after 25th May.

5 What campaigns will Captify not run from 25th May? All companies operating within Europe are bound by GDPR and must gain explicit consent for the processing of special categories of data. Captify technology by design is able to find proper context of searches and where we see a keyword which may violate a user s sensitive data rights, we block this from being targetable. We have spent much time refining our dictionaries to make sure that we do not exclude research based terms that do not reveal someone s sensitive data, but only indicate interest. You should speak with your account manager to understand Captify s policy on ethical campaigns under GDPR. What is Captify doing to ensure tech security, privacy by design and data minimisation? Captify data is stored in Ireland to meet all European regulations and is physically secured by trained and audited Security staff around the clock, 365 days a year. We maintain a security incident response procedure to recognize and fix any security incident (of any kind) relating to or potentially relating to Data, including a data security breach as soon as possible. All policies follow privacy by design principles in development and testing. All personal data is stored for a maximum of 13 months in order to maintain year on year analysis for our partners. Data shall be automatically deleted after 13 months. Our Privacy Policy and Tech Security policies are available on request for more detail. What do we anticipate the data drop off to be post 25th May? We believe the drop-off will be minimal and that it will have zero impact on the performance of the campaigns. Why? Captify has been engaging with its publisher partners for nearly a year, has built a consent mechanism which is getting considerable traction and will thrive in a post-gdpr world thanks to its unique first party network which gives it a major competitive advantage.

6 What are you going to do with your pre-25th May data? We are looking at different options, all GDPR-compliant of course. We will decide which one before the date. What is Captify doing to support the industry? Captify has held extensive roadshows with all of our agency and publisher partners across Europe in order to educate them on Captify s GDPR preparatory work. We have worked with our publishers in offering tools to help them gain consent from end users and we are a participating member of the IAB Europe s GDPR Implementation Group (GIG), working towards an industry standard transparency and consent framework.

7 QUESTIONS NOT ANSWERED? PLEASE GET IN TOUCH WITH YOUR CAPTIFY ACCOUNT MANAGER