GDPR

  • Updated

The EU issued the GDPR as a way of bringing the outdated Data Protection Directive up to speed with the current state of technology. It outlines a list of regulations governing the processing of personal data from European consumers, regardless of business location.

The law brings up new responsibilities for data processors and plainly states the accountability of the data owners.

Who does the GDPR impact?

Any company that stores or processes personal information (data) about EU citizens within EU states, regardless if they have a business presence within the EU. Specific criteria for companies include:

  • No presence in the EU, but it processes personal data of European residents.
  • More than 250 employees.
  • Fewer than 250 employees but its data-processing impacts the rights and freedoms of data subjects, is not occasional, or includes certain types of sensitive personal data.

For clarity, Mutiny would fall into the first category, and would be required to adhere to the GDPR framework, as we may process personal data of European residents.

What is the definition of data?

Any information that can directly or indirectly identify a data subject. For the scope of Mutiny, the most important aspects of data are: online identifiers such as IP addresses, cookies, geolocation, or radio frequency tags, device identifiers such as MAC addresses, personal identifying information (PII) such as name, employee number, email address emails, instant messages, photos, economic, or social data.

How is Mutiny GDPR compliant?

There are 99 articles that determine data protection, compliance, and enforcement rules. The most relevant aspects of GDPR compliance for website personalization are below:

  • Ask visitors if they want to opt-in or opt-out and systematically respect that decision
  • Only use the provided data for the specific purpose (of personalization)
  • Do not sell, market, or share individual’s personal data
  • Allow individuals to be able to delete their personal data
  • Notify our customers, appropriate supervisory authority, and users of a data breach within 72 hours
  • Implement technical and organizational measures to anonymize and encrypt personal data, maintain ongoing maintenance and validation of processing systems and services, and the ability to restore personal data in the event of a physical or technical security breach
  • Designated Security Officer

In addition, for our Enterprise customers we are able to execute a Data Protection Addendum along with the Mutiny Order Form to specify the rights, responsibilities, and processes for both parties.

Next steps

Learn more about implementing your consent rules for Mutiny here.

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.