Greater attention to data processing has become necessary with the technological evolution of social networks, big data, behavioral advertising, and the Internet of Things, among others. And within this context, we will address the importance of data handling in Digital Marketing and the attributes of the RGPD, check it out!
First, let’s explain some common terms when talking about Data Processing:
Special Categories of Data
This is known as “sensitive data” and, within marketing, we should do our best not to ask for it. They reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as the processing of genetic data, biometric data to uniquely identify a person, data concerning health, or data concerning a person’s sex life or sexual orientation.
Any type of operation performed on personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of making available, comparison or interconnection, limitation, deletion or destruction.
It determines the purposes and means by which personal data are processed. For example, a digital marketing agency is the controller if it decides why and how personal data should be processed.
Employees who process personal data in your organization do so to fulfill their tasks as a controller.
Handles personal data on behalf of the controller(Example: Hubspot). You must provide sufficient guarantees that appropriate technical and organizational measures are implemented so that the processing will meet the requirements of the GDPR.
The processing by a processor must be governed by a contract binding the processor to the controller, setting out the object, duration, nature and purpose of the processing, the type of personal data and the rights and obligations of the controller.
Now that you know the main terms related to data processing, learn a little more about the RGPD:
RGPD (General Data Protection Regulation)
The GDPR (General Data Protection Regulation), on the other hand, seeks to ensure immediate applicability in all member states, cover companies inside and outside the European Union, avoid costs, and reduce bureaucracy.
In addition, the RGPD seeks to grant:
- The right to be forgotten – the data subject has the right to have his or her personal data erased. The data controller is obliged to erase the data when it is no longer necessary for the original purpose; when the data subject withdraws consent; or when the data subject opposes the processing and there are no overriding legitimate interests justifying the processing.
- Right to portability – The data subject has the right to receive his or her personal data in a structured, commonly used and machine-readable format, and the right to pass it on to another responsible person if the data processing is based on consent or on a contract and is carried out by automated means. The right to data portability covers only the data provided by the customer.
- Demanded consent – Consent by the user must be a free, clear, specific, and informed expression of will. Thus, the act must be unequivocally positive (it cannot be by silence or opt-out). It is also necessary to obtain proof that consent was obtained.
Find out when data processing is lawful:
- By consent: must be granted by the data subject;
- Necessary for the performance of a contract: the processing must be necessary to perform a contract to which the data subject is a party;
- For fulfilling a legal obligation: when it is legally required;
- In the data subject’s vital interest: When it is necessary for the data subject’s or another person’s defense;
- For performing public interest functions: when necessary for these functions;
- By legitimate interest pursued by the controller.
When we are going to work with data processing in Digital Marketing, we must adopt some practices, according to the provisions of the RGPD.
What to avoid when seeking consent for data processing
When we ask the user to accept cookies from our site, for example, this action needs to be distinguished from other acts. Be clear about the actions the user must take to give consent.
Try to minimize the amount of text and actions required for user consent. Keep the layout clean and free of elements that might confuse people browsing this area of the site.
“Very long “terms and conditions
Most permissions for data processing require the creation and display of “Terms and Conditions” for use. Don’t make this document too long. A famous example is Paypal’s “Terms and Conditions”, which have more words than “Hamlet”!
Now that you know how to protect the data you work with, learn how to analyze that data and generate valuable insights for your business? Read about Google Analytics: what it is, how to set it up, and how to use it on your website!