How do I ensure my use of Platinum is compliant with data protection regulations?

Summary

The European General Data Protection Regulation becomes enforceable on the 25th May 2018, superseding and strengthening legislation from the 1995 Data Protection Directive. This legislation controls how a company or organisation can collect, store and use personal data.

This article contains what we consider best practice for using Platinum compliantly with the GDPR but is given on a strictly advisory basis. We strongly advise that you study the regulation yourself and consider how it might affect your organisation.

Identifying Yourself

An organisation is required to identify themselves, give an address and a means of reply when contacting a person.

What is Personal Data?

The legislation applies to personal data. Personal data is defined as any information that relates to an identifiable person who can be identified by an identifier.

The legislation does not apply to information relating to organisations; although an organisation is still required to identify itself and supply an address when contacting other organisations.

What is an Identifier?

The definition of what counts as an identifier is wide ranging, from obvious information like name and email, to data like an online identifier or location data that could potentially be combined with other external databases to build a profile of that identifiable person.

What Purposes Can I Use Personal Data for?

The legislation states that personal data can only be used for the specific purposes for which it was collected. In order to satisfy this statement, an organisation must inform a customer of exactly how their data is going to be used when it is collected.

Legal Obligation

An organisation is allowed to use personal data if they have a legal obligation to do so.

Legitimate Interests

An organisation is able to use personal data if they can successfully argue that the use of the data is in that person's best interest. It is up to your organisation to decide when and if this might apply.

Consent

Most of the time, your organisation will probably be using the person's consent as the basis for using their data. If your organisation plans to use customer data for purposes other than the initial sale or contract, then you must inform and gain the consent of the customer at the point of collection.

The recommended way to do this is to amend your organisation's documents so that the user is informed and given the option to give your organisation consent to use their data for those purposes. You must satisfy the following criteria:

• The text must be clearly visible.
• The text must be written in clear language that is easy to understand.
• The customer must actively choose to opt in to giving consent. There must be no pre-ticked boxes.

Similar Services

There is an exception to having to gain opt-in consent for further marketing which only applies to email and only applies when your organisation is marketing services similar to those of the initial sale or contract. Your organisation must still inform the customer and there must be an easy way to opt-out. This is sometimes known as soft opt-in.

Withdrawing Consent

The customer has the right to withdraw their consent for an organisation to use their personal data at any time and it is the organisation's responsibility to make that process simple and obvious.

Managing Consent in Platinum

There are tools within Platinum to help your organisation record and manage consent to use personal data.

Email Unsubscribe Text

Your organisation can set up standard text that appears at the end of all emails sent from Platinum. This is useful to inform the user of their right to withdraw consent and provide a way for them to achieve this.

Customer Attributes

Customer's consent is recorded in Platinum by the use of special attributes that can be found on the "Attributes" tab of "Customer Properties". From here, you can record that a customer has opted in or excluded themselves from receiving further communication.

Prospect Attributes

If your organisation has the Sales Prospecting module installed then there is a mirroring set of "Prospect Properties""Interests". Where an identifiable person has both a customer record and a prospect record, changes in one are reflected in the other.

Use of Consent in Platinum

Bulk Messaging

• When sending a bulk email or SMS, your organisation can choose whether they want to send the messages to customers or prospects that have 'opted in' to direct marketing or have 'not excluded' themselves from receiving information about similar services.

Retention Centre

The retention centre will not send any messages to customers that have the excluded attribute set.

Useful references

• The Information Commissioner's Office guide to the General Data Protection Regulation.
• The Information Commissioner's Office guide to Marketing.
• The homepage of the EU GDPR.

See also

• How do I Opt Customers in to Direct Marketing?
• How do I opt prospects into direct marketing?
• How do I exclude customers from bulk mailing?
• Can customers unsubscribe from Platinum marketing?
• How do I stop the Retention Centre sending messages?
• How do I send bulk email messages?
• How do I send bulk SMS messages?