Chute Plan for GDPR Compliance

May 18, 2018 12:14:36 PM / by Jonathan Schreiber

What is GDPR?

If you’re a marketer, you can’t have escaped hearing about the EU General Data Protection Regulation (GDPR) which comes into force on May 25, 2018. GDPR is a framework around data privacy and requirements for companies that process personal data of people in the EU, or do business in the EU. The intention of GDPR is to replace the 1995 Regulation: Directive 95/46/EC, to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy, and to reshape the way organizations across the region approach data privacy. Personal data under GDPR is defined as anything directly or indirectly identifying an individual including username, name, email, social media username, IP address, etc.

How does GDPR affect me?

GDPR applies to organizations located both within the EU and to organizations located outside of the EU if they offer goods or services to, or monitor the behavior of individuals located in the EU. GDPR also now directly applies to companies that simply provide services to other companies that may involve such personal data processing (these are called processors) as well as the data controller client company..

We support improvements in data privacy and transparency that will benefit consumers, and ultimately build trust that companies are acting responsibly with personal data. For more information of the GDPR, refer to this education portal: HTTPS://WWW.EUGDPR.ORG/ .

What should I do as a marketer?

As a marketer, you should make sure that the vendors and services you use are compliant with GDPR. This comprises various activities including making sure vendors are under appropriate contracts, making sure you have records of processing in place to demonstrate how you comply, updating your privacy policy and ensuring it is communicated to customers (for example it should be on your website and linked at the bottom of marketing emails you send). You may also need to review the basis upon which you are holding your marketing database and considering whether there is a need to get or update consents for direct marketing.

In addition, you should review and understand what data you are collecting and your data retention and security strategies.

Chute and GDPR

As a provider of services and solutions that may enable marketers to collect and use personal data, the Chute team has been preparing for GDPR and we have designed our systems to help customers demonstrate compliance with GDPR. Data privacy and security are at the core of the design and operation of our platform.

As such, Chute, as a data processor for our customers, will be fully compliant with GDPR by the May 25, 2018 deadline.

Reach out to HELLO@GETCHUTE.COM with questions.

Disclaimer: This post does not constitute legal advice for you you or your company in regards to EU data privacy or the GDPR. Rather, it serves as a resource to better understand how Chute is approaching data privacy and operating under the new regulation. It is our express recommendation that professional legal advice be sought as it pertains to your organization.

Jonathan Schreiber

Written by Jonathan Schreiber