What is GDPR

The European Union (EU) introduced its previous data protection standard 20 years ago through the Data Protection Directive 95/46/EC. Since the EU requires each member state to implement a directive into national law, Europe ended up with a patchwork of different privacy laws across different countries. In addition, increasing security breaches, rapid technological developments, and globalization over the last 20 years saw new challenges for the protection of personal data come to the forefront. In an effort to address this situation, the EU developed the GDPR, which is directly applicable as law across all member states.

GDPR Data Security

Security and protection of the customer data are shared responsibilities between the customer and Fineteklabs. Likewise, privacy compliance is also a shared responsibility between Fineteklabs and the customer.

This shared responsibility in the context of the GDPR is defined by three key actors:

  • Data subject: An individual whose personal data is gathered and processed by the controller
  • Controller: An entity that determines the purposes and means by which the data is processed
  • Processor: An entity that only processes data at the controller’s command

Why GDPR Matters To Fineteklabs And Our Customers

GDPR applies broadly to companies that:

  • Are based both inside and outside the EU
  • Collect and handle personal data from EU-based individuals

Personal data, also known as personal information or personally identifiable information in other parts of the world, is defined as any information relating to an individual that can be directly or indirectly identified, for example, by reference to identifiers such as:

  • Names, identification numbers, and/or location data
  • Names, identification numbers, and/or location data

The world has changed for companies collecting and handling personal data in the EU, both offline and online (that is, involving ecommerce or online advertising activities), due to:

  • New and strengthened rights for individuals
  • Accountability requirements for companies
  • Increased scrutiny by regulators

Therefore, companies collecting and handling personal data in the EU will need to consider and manage their data handling practices and use cases more carefully than ever before.

What Are The Requirements For GDPR

The GDPR was built on established and widely accepted privacy principles, such as purpose limitation, lawfulness, transparency, integrity, and confidentiality. It strengthens existing privacy and security requirements, including requirements for notice and consent, technical and operational security measures, and cross-border data flow mechanisms.

To adapt to the new reality of a digital, global, and data-driven economy, the GDPR also formalizes new privacy principles, such as accountability and data minimization, which are reflected throughout the text, including in the following requirements:

  • Data security. Companies must implement an appropriate level of security, encompassing both technical and organizational security controls, to prevent data loss, information leaks, or other unauthorized data processing operations. The GDPR encourages companies to incorporate encryption, incident management, and network and system integrity, availability, and resilience requirements into their security program.
  • Extended rights of individuals. Individuals have greater control—and ultimately greater ownership of—their own data. They also have an extended set of data protection rights, including the right to data portability and the right to be forgotten.
  • Data breach notification. Companies have to inform their regulators and/or the impacted individuals without undue delay after becoming aware that their data has been subject to a data breach.
  • Security audits. Companies will be expected to document and maintain records of their security practices, to audit the effectiveness of their security program, and to take corrective measures where appropriate.

How Does GDPR Impact Fineteklabs' Services

Organizations around the world are continuing to focus on ensuring their systems, processes, and policies support GDPR guidelines. Marketing teams continue to be tasked with implementing changes in the way they manage processes, people, and technical controls in order to comply with the legislation. Fineteklabs welcomes the positive changes the GDPR has brought to our services and we remain committed to helping our customers address GDPR requirements that are relevant to our products and services, including any applicable processor accountability requirements. Many of our services already have built-in privacy and security features to put our customers in control and to help build consumer trust.

Fineteklabs Is Prepared To Suppport Your GDPR Requirements

TAs part of our commitment to help customers address GDPR requirements, Fineteklabs comes packaged with a robust set of built-in privacy and security features that put marketers in control of the personal data they handle and helps them build consumer trust. These native capabilities span the broader Fineteklabs portfolio and can be grouped into these categories:

Collecting Personal DataFineteklabs enables marketers to capture personal data across many different channels. As part of these data capture processes, marketers have the ability to incorporate mechanisms that enable their customers to make informed decisions about the use of their personal data. Whether someone is visiting your website, submitting a web form, or even sharing personal data across social media channels, Fineteklabs provides controls that can be configured to meet specific business requirements.
Managing Personal DataAs today’s businesses capture vast amounts of personal data, marketing teams require powerful tools that enable them to manage data at scale. Fineteklabs provides a comprehensive portfolio of features that makes it easy for marketers and customers to manage personal data. This includes the ability for marketers and customers to update personal data on request, as well as to securely transfer personal data at scale, leveraging modern APIs and SFTP mechanisms.
Protecting Personal DataBusinesses hold a responsibility to secure personal data to protect the integrity of their customers. Native to Fineteklabs’s core business, Fineteklabs provides state-of-the-art data security mechanisms and controls derived from privacy by design and privacy by default principles. These include capabilities like encryption, anonymization, and more to protect personal data at the highest possible standard as well granular access controls that enable organizations to distinguish which individuals or groups should have access to personal data.