Privacy
Our approach to privacy and the EU's General Data Protection Regulation (GDPR)
As a world leader in customer data science, we place privacy at the heart of our business. We have extensive privacy-related polices, processes and controls in place and have adopted GDPR as our benchmark for operations around the globe.
We have reviewed our governance, policies and practices to ensure they meet GDPR standards. Our business-wide programme follows the principles outlined below:
We have adopted GDPR as our global standard. Every client we work with around the world will benefit.
We will always respect our clients' wishes with regard to use of their data, whether acting as a data processor or data controller.
We maintain the highest standards when it comes to our security measures and continually review our security practices.
We consistently minimise the amount of identifiable data and other sensitive data types we hold.
We only process data that is necessary for us to provide services to our clients.
We hold data only for as long as we need it. We will always agree retention rules with our clients.
We have stress-tested all of our solutions to ensure we have the capability to honour all individuals' rights under GDPR e.g. the right to erasure and to portability.
We will be transparent with clients about our supply chain. We always expect our suppliers to meet the same rigorous standards that we set for ourselves.
Our practices are there to help make clients' data compliance as simple as possible.
Ten facts about GDPR
- Start date: It came into effect on 25th May 2018.
- Evolution, not revolution: It is a refresh of existing EU data protection laws, updated for the digital age.
- Forget "PII" (Personally Identifiable Information)?: GDPR applies to any information relating to identifiable people, known as "personal data". This definition is now much broader than it was under the Data Protection Act and includes digital identifiers such as emails, cookies and device IDs, circumstances where individuals can be singled out and pseudonymous data. Consequently, the concept of anonymity has been narrowed.
- Service providers are regulated: GDPR applies to service providers (processors) who process data on behalf of others (controllers). Before GDPR, only controllers had legal obligations.
- Data is global, so GDPR is global: GDPR applies to any organisation that processes personal data in any EU state, sells goods or services in the EU or monitors individuals located in the EU.
- Accountability and transparency: GDPR requires justification for the processing of personal data, such as genuine customer consent or a legitimate business interest. Mere interest is not enough.
- Power to the people: GDPR introduces new rights for individuals, such as a right of erasure and a right to portability. People now have far greater control over use of their data than ever before.
- Profiling is covered: GDPR expressly covers the profiling of individuals. For example, individuals have the right to opt out of direct marketing and (importantly) all related profiling.
- Consumer awareness of data privacy issues is increasing - GDPR reinforces this trend: Individuals have the right to know how their data is used, and EU regulators also have new audit powers.
- The consequences of making mistakes are greater than ever: The statutory fines under GDPR (up to 4% of global turnover) have been grabbing headlines, but perhaps more interesting is the power consumer interest groups now have to enforce rights on the behalf of individuals.
How we're helping our clients with data privacy
In addition to ensuring that we continue to meet the highest data privacy standards, we're committed to helping our retailer and brand clients with their own data compliance.
We have a proven track record in helping organisations bring together and manage enterprise scale offline and online data assets to create value for customers. As a data processor, we build in privacy safeguards from the start; minimising your compliance challenge whilst maximising your return on investment.
We offer solutions for mapping, inventorising and organising your data assets through to systems issues such as pseudonymisation, applying retention periods across disparate assets or the erasure of individual customer's data.
Contact us to find out how the global expertise of our data consultants could help to solve your technical data challenges.
Related resources
Speak to your local dunnhumby team today Go