Legal Issues

GDPR (general data protection regulation).

There are a few issues to legitimise the processing of personal data. Below, are what we believe are the most relevant relating to legal under the GDPR.

Requirements Product Implications

Data processed must be necessary for the services, as defined, in the contract with the individual’s consent. That consent needs to be a freely given, specific, informed and unambiguous consent.

  • people have a right to withdraw consent.
  • this must be brought to their attention.
  • must be from a person over the age of consent.
  • as therefore specified in that member state.
  • otherwise, this must be given by or authorised by a parent/guardian.
  • explicit consent is required for some processing of certain aspects of data.
  • (categories of personal data).

Legitimate Interests

Third parties that have legitimate interests, will not be overridden, by individuals’ rights or interests.

  • any objections raised by an individual during or after processing.
  • therefore, any action must be paused via a data controller.
  • an identified data controller will decide the “purposes” and “means” processing of personal data.
  • compliance measures to cover how data is collected, and what it is being used for.
  • also, how long it is being retained for.
  • therefore to establish and ensure such persons have a right to access the data being held about them.

Data Processor

A data processor is identified;

  • if processing personal data on behalf of a data controller.
  • certain obligations now apply directly to data processors.
  • therefore, all controllers must bind them to certain contractual commitments.
  • again to ensure that data is processed as safely as possible
  • in addition, to being processed legally as well.

Custom Audiences

If we in any format match any CRM data;

  • therefore, we are maybe a user of the data in the database.
  • therefore, creating a custom audience.
  • any advertising campaigns, we are therefore a data processor.

Measurement Analytics

  • also, we process data in order to measure the performance.
  • to monitor and manage advertising campaigns.
  • therefore, we may from time to time provide insights, about the people using our services.

Transfers of Any Data

Any transfers of personal data outside of the EEA (European Economic Area)

  • this must meet certain legal requirements.

Certain Types of Data

  • we may appoint parties to act as a data processor on our behalf.
  • in such circumstances, we will comply with requirements under GDPR.
  • therefore, safeguarding all data as best practise as we can.
  • status as a data controller exist if;
  • we decide the “purposes” and “means” of any processing of personal data.

Data Processor

Being classed as a data processor is when you process personal data on behalf of a data controller.

  • certain obligations now apply directly to data processors.
  • as such all controllers, must bind them to certain contractual commitments.
  • therefore, to ensure that data continues, to be processed safely and legally.