Global Data Protection Rights

GDPR Overview

WHAT IS THE GDPR?

The General Data Protection Regulation (GDPR) is a new data protection regulation in the European Economic Area (EEA) replacing Data Protection Directive 95/46/EC (Data Protection Directive) which was designed to harmonize data compliance requirements across the EEA and protect all EU citizens' data privacy, effective from May 25, 2018.

WHO DOES THE GDPR APPLY TO?

The GDPR applies to all organizations established in the EEA and to organizations, whether or not established in the EEA, that process the personal data of EEA data subjects in connection with either the offering of goods or services to EEA data subjects or the monitoring of behavior that takes place within the EEA.

WHAT DOES THE GDPR REQUIRE?

The GDPR lays out responsibilities for organizations to ensure the privacy and protection of personal data, as well as providing certain rights to data subjects. 

Some of the key privacy and data protection requirements of the GDPR include:

• Incorporating organizational and technical mechanisms to protect personal data in the design of new systems and processes
• Requiring the consent of subjects for data processing where user consent is the lawful basis for certain business practices
• Requiring certain companies to appoint a data protection officer (DPO) to oversee GDPR compliance
• Providing data breach notifications
• Safely handling the transfer of data across borders

HOW DID ADFORM PREPARE FOR GDPR?

In preparation for GDPR, Adform closely analyzed the requirements of the GDPR and implemented enhancements to its products, processes, and policies on an on-going basis. In the lead up to, and the period after GDPR went into effect, Adform has worked to support our clients and partners in their own GDPR compliance initiatives.

In addition, Adform prepared and implemented new Data Processing Agreements (DPAs) designed to meet requirements outlined by the GDPR.

Adform is ISO 27001 certified annually which demonstrates that the data security and processes required by the GDPR are in place.

Adform is in an a-typical position as we as a company have always had the policy of only processing pseudonymous data which means that no directly identifiable data is allowed onto the platform. The platform automatically rejects data like names, emails, phone numbers and similar data. The database is scanned daily for violation by algorithms as well as manually. Furthermore, several measures like IP truncation are also enforced automatically and through violation scans.

Adform has actively enforced policies to avoid sensitive data. Adform fully support opt-out frameworks and provide full disclosure of Adform's activities to clients and data subjects.