On May 25th the General Data Protection Regulation (GDPR) will go into effect. GDPR is a new European Union (EU) regulation that will improve the protection of personal data of consumers in the European Economic Area (EEA) and increase the responsibility of companies that collect, store or process personal data.
We take privacy and data security seriously at Wyng and comply with current data protection laws. We have spent the last year preparing for GDPR by improving our platform, operations and processes in order to help our customers meet their obligations under the GDPR.
Below, we’ve pulled together information on the GDPR, requirements under the GDPR, and what we are doing at Wyng to help our customers prepare.
Disclaimer: The information provided here is not legal advice and should not be used to interpret the GDPR regulation or determine its applicability to your business specifically. Companies should assess their own data collection, storage and processing practices (including their use of Wyng), and seek their own legal advice to prepare for, and ensure compliance with, GDPR.
What is the GDPR
In an effort to enhance consumer privacy and the protection of personal data, the EU developed the GDPR, which is an EU privacy law that will regulate how personal data belonging to consumers in the EEA is collected, managed and used by businesses. The GDPR will replace the Data Protection Directive (DPD) which has been in effect in the EU since 1995. The full text of the GDPR is here and key terms are defined here.
Who is Affected by the GDPR?
The territorial scope of the GDPR is defined in Article 3(2). The GDPR provides the same protections to all consumers in EU member states and European Economic Area (EEA) countries. With respect to Wyng campaigns, GDPR applies to any data collected from consumers in any EEA country, including the UK.
What Data Does the GDPR Cover?
The GDPR protects personal data, which includes any information relating to an individual that can be directly or indirectly identified. Examples include:
As a User of the Wyng Platform, What Are My Obligations under GDPR?
GDPR regulations apply to brands and agencies using Wyng to collect consumer data -- e.g. consumers submitting a form as part of a campaign landing page, or consumers sharing photos or videos with a brand as part of a social media #hashtag campaign. Brands and agencies that use Wyng in this way are considered “Data Controllers” under GDPR. (As a technology provider, Wyng is considered a “Data Processor” under GDPR. We discuss the obligations of Data Processors later in this article.)
As a Data Controller under GDPR, when you collect personal data from consumers located in the EEA, you are obligated to:
More details about Data Controller’s burden of proof and requirements for consent can be found here.
Here are examples of how Wyng can be used to obtain consent in campaigns:
As a Data Controller, you also need to have a data processing addendum agreement in place with any third party that you share data with, where that third party is a Data Processor as defined under GDPR. As a Data Processor, Wyng provides a Data Processing Addendum (DPA) that you can request and sign -- click here to request a copy of our DPA.
Another obligation under GDPR is providing consumers with the power to choose what happens with their personal data. Businesses must be capable of responding to requests from consumers regarding:
What Is Wyng Doing to Help My Business Comply with GDPR?
We are committed to helping our customers comply with the GDPR.
As a “Data Processor” under GDPR, the Wyng support and customer success teams are staffed and equipped to handle requests from consumers and our customers related to personal data.
Consumers can contact firstname.lastname@example.org to inquire what personal data of theirs is stored, correct their personal data, or delete their personal data from our systems. Likewise, Wyng customers can forward requests they receive from consumers to email@example.com.
Wyng customers can also contact firstname.lastname@example.org with requests related to personal data processed by Wyng on behalf of the customer -- for example, to delete all data from one or more campaigns.
In addition, Wyng provides several features and capabilities to help you keep your campaigns compliant:
Finally, as a Data Processor under GDPR, Wyng can only store personal data on behalf of a customer as long as there is an ongoing business relationship between Wyng and its customer. Wyng is obligated to delete personal data stored on behalf of a customer following termination of a business relationship.
Are There any Benefits of the GDPR for my Business?
Yes, GDPR presents real opportunities for businesses and marketers -- here are a few:
What do I do now?
GDPR goes into effect on May 25th, so there is still more than enough time for you and your teams to get ready. Be sure to follow our blog and keep tabs on our What’s New page to stay up to date with our progress. We are excited about the opportunities that GDPR has for us all to become better partners with our consumers.
Be sure to check out our full Security and Privacy Hub for more information HERE.