Mirabel Technologies GDPR Compliance
It’s been about 30 seconds since you got your last GDPR compliance notice, so we don’t want that trend to stop. In our privacy addendum, we explained what we did and what you need to do in legal terms, but let’s talk “plain speak” here for a moment and summarize what Mirabel has done and what your requirements are.
What is GDPR?
The EU has launched its new sweeping data protection regulation known as GDPR (General Data Protection Regulation). This is one of the most comprehensive pieces of legislation covering data collection, storing, and analysis ever enacted and it especially has a direct and profound impact on The Marketing Manager and its use within the EU.
What does GDPR cover?
GDPR provides a dense and complex regulatory framework for member states of the EU to adopt and is intended to make a uniform approach to data rights across the union. Among many other aspects, the bill provides a set of data rights for EU residents including: the right to know what data points a company is collecting, the right to request data to be changed or corrected, and the right to ask for their data to be exported and or erased.
The regulation also dictates that consent must be received for every data piece collected with a clear understanding of how this data will be used, and it must be conveyed at the time of collection in clear and plain language. Any personal, identifying information (including emails, phone number, IP address, and other personal identifiers) must be collected with consent or risk violation. Also, children under 16 cannot give consent. There are many other aspects to the regulation regarding data security and more complex and dry topics. If you are concerned, we recommend you read the regulations closely and hire a competent international lawyer to remain in compliance to avoid the potentially exorbitant fines.
What has Mirabel done?
Is Mirabel Compliant?
In short, yes. But, that in and of itself does not mean that you (the end user) are necessarily compliant. At Mirabel, we have taken extensive steps to ensure our compliance as a data processor, but you as a client are a data controller and have separate responsibilities to ensure compliance. Therefore, the best bet is to err heavily on the side of caution when it comes to EU prospects and clients. This entails explicitly asking for permission to collect data and letting them know what you will do with it in plain English. Also, please make sure you have systems in place to track their consent and be ready to alter, export, and or delete files on EU residents when asked. We are here to help and have systems in place to make sure that you can stay compliant. However, it is your responsibility to follow the rules in the same way we do.
Should I be worried?
The targets of GDPR (and likely enforcement targets) are major social media platforms and ad tech companies - not niche, regional, and mid-size publishers. Nevertheless, everyone who collects data from advertising prospects, subscribers, or website readers residing in the EU still falls under this regulation.
Therefore, if you take common sense measures to comply with GDPR, you should not be worried, but we don't recommend ignoring it either. That’s why we suggest following general best practices and erring on the side of caution. This includes making sure you always have express and clear permission when compiling data and communicating via media channels.
If you are unsure of compliance, we advise you seek legal consultation to be absolutely sure you are ready for these changes as most law firms are becoming very familiar with the rules. We expect that the law will evolve and maybe even expand to other countries so this will be a moving target but we’ll do our best as always to help educate our clients.
If have questions, please be sure to contact us. We are here to help you.