Recital 1 of the GDPR:
The protection of natural persons in relation to the processing of personal data is a fundamental right. Article 8(1) of the Charter of Fundamental Rights of the European Union (the ‘Charter’) and Article 16(1) of the Treaty on the Functioning of the European Union (TFEU) provide that everyone has the right to the protection of personal data concerning him or her.
eTrigue is committed to the GDPR so that our clients can use DemandCenter marketing automation with GDPR compliance in mind.
At eTrigue, we take data privacy seriously and meet or exceed data privacy regulations, and support organizations using DemandCenter while meeting data privacy obligations across the globe.
If you would like to revoke your consent for communications from eTrigue under GDPR, please submit the following information. By completing this form, we will confirm your details and remove you from further outreach.
eTrigue has self-certified under the EU-US Privacy Shield Framework and the Swiss – U.S. Privacy Shield Framework regarding collection, use and disclosure of personal information in a manner consistent with the laws of the countries in which it does business, and also has a tradition of upholding the highest ethical standards in its business practices.
Our certification may be verified at https://www.privacyshield.gov/list by searching for eTrigue.
GDPR, which is an acronym for General Data Protection Regulation, was enacted by the European Parliament (‘EP’) to further strengthen data protection for people inside of the European Union (‘EU’).
The European Union’s Regulation 2016/6791, the new General Data Protection Regulation, is in effect 25 May, 2018 in order to regulate the processing by an individual, a company or an organization of personal data relating to EU resident individuals in the EU.
GDPR replaces the previous individual EU member state regulations and guidance on privacy. The General Data Protection Regulation is in the form of regulation instead of a directive and is therefore enforceable in EU member states as law.
Organizations need to ensure they are compliant, or risk financial penalties.
eTrigue understands the importance of putting privacy and data protection in the hands of the data subject. eTrigue is in compliance with the General Data Protection Regulation.
GDPR compliance requires commitment from users of eTrigue DemandCenter and eTrigue, as it does with other data protection laws. We are tracking the recommendations and guidance issued by regulatory authorities to assist us to develop tools appropriate for use of eTrigue’s services.
The principle of accountability is a cornerstone of the GDPR. According to the GDPR, a business /organization is responsible for complying with all data protection principles and is also responsible for demonstrating compliance. The GDPR provides businesses/organizations with a set of tools to help demonstrate accountability, some of which have to be mandatorily put in place.
The legislation makes EU resident individuals’ privacy rights stronger by limiting processing of their personal data, significantly expanding their rights over their data, and giving them greater visibility into the nature, purpose, and use of their data.
GDPR is in force for every organization that tracks EU resident behavior inside of the EU and that processes or uses the personal data of EU residents.
It grants broad individual rights pertaining to personal data, some of which include:
In general, any organization that collects, processes or stores personal information about EU citizens within the EU states must conform to the GDPR, no matter if they have an EU business presence or not.
Organizations that fall under the General Data Protection Regulation legislation:
Article 3 GDPR
(Full list at https://gdpr-info.eu/art-4-gdpr/ )
‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
When collecting, processing or holding personal information organizations must make certain that the information:
Most marketing-related activities will rely on using “consent” as the appropriate reason for processing data. eTrigue customers should assess how consent is gained, how it is documented and how authorization is maintained for processing personal data.
Consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
Article 7 “Conditions for consent”
Where processing is based on consent, the controller shall be able to demonstrate that the data subject has consented to processing of his or her personal data.
…The request for consent shall be presented in a manner which is clearly distinguishable from the other matters, in an intelligible and easily accessible form, using clear and plain language.
The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Prior to giving consent, the data subject shall be informed thereof. It shall be as easy to withdraw as to give consent.
Accountability that processing is performed in accordance with the GDPR
Organizations must consider and be able to demonstrate how they comply with the principles of the GDPR.
Article 24 “Responsibility of the controller”
Taking into account the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, the controller shall implement appropriate technical and organisational measures to ensure and to be able to demonstrate that processing is performed in accordance with this Regulation. Those measures shall be reviewed and updated where necessary.
eTrigue DemandCenter users have the advantage of a powerful platform with capabilities to help prepare for and become GDPR compliant.
eTrigue customers are controllers under the GDPR and have the primary responsibility as they choose which subscriber and contact information is loaded into their DemandCenter instance, and who they choose to communicate to.
The eTrigue GDPR Data Processing Addendum is located here.
Multi-lingual compliance mechanisms such as opt-out capability have always been in place in DemandCenter.
eTrigue customers will continue to rely on eTrigue DemandCenter’s Privacy Shield certification for placing lawfully obtained personal data under the GDPR.
We are evaluating, and enhancing our features and processes to further assist users subject to the GDPR and will continue to support GDPR compliance requirements.
Here are some of the steps that can be accomplished within your organization. The list is not comprehensive in nature and your organization must determine individual steps that must be accomplished:
European Commission (EC) – Data protection in the EU: https://ec.europa.eu/info/law/law-topic/data-protection_en
European Commission – What does the General Data Protection Regulation (GDPR) govern? https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-does-general-data-protection-regulation-gdpr-govern_en
EUR-Lex (Official Journal of the European Union): http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=EN
UK Information Commissioner’s Office: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/
Third-party – Portal: https://www.eugdpr.org/
Third-party – FAQs: https://www.eugdpr.org/gdpr-faqs.html
Third-party – Overview: https://www.eugdpr.org/the-regulation.html
Third-party, searchable, indexed : https://gdpr-info.eu/
eTrigue has made this information available to assist organizations in understanding the GDPR. The information contained herein is not legal advice and shall not be construed as legal advice.
Any person who intends to rely upon or use the information contained herein in any way is solely responsible for independently verifying the information and obtaining independent expert advice if required. Organizations should consult their legal counsel to interpret and understand their obligations under the GDPR, and how their organization utilizes and processes personal data.