How Uberflip is Preparing for GDPR
While some companies fear regulations, we say, “challenge accepted." We see the General Data Protection Regulation (GDPR) as an opportunity to reinforce Uberflip’s mission to fuel engaging, personalized content experiences. This is the most significant data protection regulation to emerge from the EU in more than 20 years. Here's how we're getting ready and thinking about the new law as a strategic marketing advantage.
What is GDPR?
GDPR was approved by EU Parliament in April 2016. It mandates higher standards for how marketers can use personal data. The new law requires companies to set up more rigorous systems for data usage.
Why Does It Matter?
GDPR strengthens the rights that individuals have over their information. It gives European citizens higher transparency, control, and safety.
How Should You Prepare?
Organizations need to create a data policy that makes it easy for ‘Data Subjects’ to retain control over the information that they choose to share. Talk to legal counsel, martech providers, and integration partners to ensure compliance.
Our Team's Approach to GDPR
Refining Internal Processes
We’re refining our own internal processes for protecting data privacy and auditing information flows.
Clarifying Data Usage
We’re making it easier for our customers to understand how we collect and store data.
Making Compliance Straightforward
We’re building and refining tools within the Uberflip platform that make it easy for marketers to stay GDPR compliant.
How Our Platform Is Changing to Become GDPR Compliant
As a company that touches personal data, we see GDPR as an opportunity to better personalize your marketing. We’re building the following features to make compliance more natural to your user flows.
- Conditional CTA fields
With this feature, audiences can self-identify as being an EU citizen. Uberflip users can better organize their database.
- A templated privacy page
This feature gives Uberflip customers the ability to add a privacy page to their hub that includes custom consent groups to clarify data usage.
- More customization for the privacy page and terms of service
Your lawyer will tell you what your company needs to do and say on these key pages. We give you the tools to do it.
- Easy to deploy privacy banner
This feature enables Uberflip customers to display a privacy banner at the bottom of a Content Hub to accept consent and link visitors to a privacy page.
Stay tuned! We’ll be launching these new compliance-enabling features well in time for the May 25, 2018 deadline.
We’ve appointed a Data Protection Officer for organizational oversight. We’re making GDPR an all-hands effort across product, marketing, success, and sales. We’re committed to sharing our own best practices for reviewing partners, communicating with EU citizens and sharing our flow steps for removing or coordinating the removal of data from our systems.
Colin CollerVP of Engineering
The GDPR Backstory
GDPR changes how companies can and will interact with personal data. In the EU and many other parts of the world, data is owned by the subject—the person who chooses to share that data. It protects information as a fundamental human right that an individual owns, controls, and licenses to businesses. GDPR enforces that the person who owns the data retains control of the data.
GDPR for Marketers at a Glance
Rules and Regulations
Increased Territorial Scope
If you are marketing to customers in the EU, you need to comply regardless of where you’re based.
If you misuse personal data, your organization can be fined up to 4% of annual revenue or €20 Million (whichever is greater).
Clear and Obvious Consent
You can’t do whatever you want with the data that you have. You need to be clear about your data usage and policies.
Fundamental Human Rights
These include the right to be forgotten, to receive the personal data concerning the individual (data portability), to privacy inherent by design, and to data protection officers.
Frequently Asked Questions
We see the GDPR as an opportunity for companies to build more transparent customer relationships. The GDPR introduces new complexities to marketing, but Uberflip enjoys figuring them out.
What type of data are you collecting?
Uberflip is considered a Data Processor in the eyes of GDPR. We allow marketing teams to add any and all fields from their Marketing Automation Platform (MAP) including fields that would collect PHI or PCI information. However, no matter the amount or type of field the Uberflip Client uses in our platform, Uberflip does NOT collect that data for internal usage. Any PII/PHI/PCI is passed through the API of the MAP and is not stored in any way by Uberflip.
How do you transfer the data?
Uberflip transfers the data to the MAP through the MAP’s APIs. This is set up by the Client. Data is encrypted in transit using TLS.
Can Data Subjects withdraw their consent?
Yes. Uberflip will act in two ways when a Data Subject asks to withdraw his or her consent:
- Processor – Through the front end of the application, a Data Subject will have a privacy page that will outline details on the Uberflip Client policies and procedures. From that page, a Data Subject will have the ability to disable consent for any and all of the privacy groups and contact the Client directly to ask to have their data removed or inspected.
- Controller – Uberflip as a business collects PII data from our prospects and clients, and will have the same page outlined above in our application. However, internally we will also have policies and procedures including a dedicated Data Protection Officer (DPO) and team to make sure once a Data Subject asks for any information related to that Data Subject, we are able to comply through email correspondence with that Data Subject and grant their request.
Does Uberflip inform the Data Subject on the identity of the Data Controller?
Yes. The Data Subject will know who the Controller is on the application front end, and be able to coordinate the requests through that Controller.
As part of our ongoing GDPR initiative, this will be an option provided to visitors and customers. However, it is the MAP’s cookie that will be removed. The opt-out will be available on the Uberflip platform to remove the cookie.
How do you store personal data?
We do NOT store personally identifiable information about visitors. We may temporarily queue form (call-to-action) data submitted by visitors, but only for as long as it takes to submit this data to your MAP. We may also temporarily cache this data during the visitor session for progressive profiling. However, we do NOT store this data long-term or maintain a visitor database.
All of the information above is not to be understood as legal advice. Every company and marketing technology stack is different. A lawyer can help you better understand your risks and build a strategy unique to your business. Learn about GDPR directly from European regulators, here.