At Audiense we treat our legal responsibilities with utmost importance. Since the announcement of the changes coming into place through the General Data Protection Regulation (GDPR) we have introduced a business-wide project, led by our privacy committee, Juan Sebastian Mesa (DPO and Head of Operations) and Javier Buron (CEO), to ensure Audiense is fully compliant. This has and will involve working with our partners, suppliers, and expert consultants to ensure our customers and suppliers can have absolute confidence in the service we provide.
What is GDPR?
The GDPR (General Data Protection Regulation) is due to replace the 1995 EU DPD (Data Protection Directive) in effort to enhance the protection of personal information for EU citizens.
When does the new regulation come into practice?
May 25, 2018
What is the Data Protection Office (DPO)?
A data protection officer (DPO) is an enterprise security leadership role required by the General Data Protection Regulation (GDPR). Data protection officers are responsible for overseeing data protection strategy and implementation to ensure compliance with GDPR requirements.
What are the tasks of the DPO?
The DPO’s minimum tasks are defined in Article 39:
- To inform and advise the organisation and its employees about their obligations to comply with the GDPR and other data protection laws.
- To monitor compliance with the GDPR and other data protection laws, including managing internal data protection activities, advise on data protection impact assessments; train staff and conduct internal audits.
- To be the first point of contact for supervisory authorities and for individuals whose data is processed (employees, customers etc).
What is Audiense doing about GDPR?
Audiense began to dedicate internal resources to the GDPR in June 2017, almost a full year before the deadline. We did this because we value our customers (and their customers) rights to privacy. Compliance with and to international law and regulations are very important to us.
Here’s a condensed version of our GDPR Roadmap and where we are on our journey:
- Thoroughly research the areas of our product and our business impacted by GDPR: Completed
- Appoint a Data Protection Officer: Completed
- Implement an Opt-in Strategy for DM Campaigns: Completed
- Your business has sought prior written authorisation from the data controller before engaging the services of a sub-processor: Completed
- Perform an information audit to map data flows: Completed
- Review current data protection policy: Completed
- Documentation about what personal data Audiense hold, where it came from what you do with it: Completed
- Audiense has implemented appropriate technical and organisational measures: Completed
- Create a process to respond to a data controllers request for information (following an individual’s’ request to access their personal data): Completed
- Audiense provides data protection and GDPR awareness training for all staff: Completed
- A process to respond to a data controllers request for information or suppression (following an individual’s’ request to access their personal data): Completed
- Audiense has created a process to routinely and securely dispose of personal data that is no longer required in line with agreed timescales as stated within your contract with the data controller: Completed
- Process completed and changes communicated to our users and customers. Completed
We took many steps across the entire company to ensure we will be ready for the GDPR. Part of these changes are our updated policies and term of services. Please have a read:
Based on the research conducted by both our internal and external counsels we are confident these changes will address the requirements of GDPR. We believe that your experience using Audiense won’t change except for:
- The change already communicated to all of our customers for DM Campaigns. To send DM Campaigns (now DM Broadcasts) the recipient needs to Opt-in for that content. For more info please visit our product page: https://audiense.com/products/experiences/
- Email matching functionality will change:
- You will need to sign a separate contract,
- Only allow hashed emails,
- We won’t store any emails, we will just process them. This will make not having any emails when you download the matched excel export.
We deployed all the changes the 24th of May and we communicated them with all of our users and customers.
Proof of the process we run is the following certificate given by an independent 3rd party: EUROPEAN DATA PROTECTION OFFICERS SL
List of Sub-processors
A sub-processor includes any third party that we share personally identifiable info with. Certain sub-processors only applies if you have used certain functionality.
Here is that list:
- Google: Google Analytics
- Google: Gsuite – Google Apps
- Amazon Web Services
- Mailchimp (Mandrill)
- Pendo (in exchange for Appcues)
- FullContact (if you use FullContact funcionality)
- Linkedin (website demographics)
- Twitter (if you are using Twitter Tailored Audiences via us)
- GetAmbassador (if you an Audiense Ambassador)
If you have any questions about how we use this sub-processors please send us an email to email@example.com.
Our privacy committee is more than happy to answer any questions you may have. For that, please send an email to firstname.lastname@example.org.