In 2018, the protection of Internet users' personal is taken further. Fines for companies making fraudulent use of personal data are multiplied (up to 130-fold). This legal revolution is brought on byGDPR.
The General Data Protection Regulation was adopted by European Parliament in 2016 and will be effective on May 25, 2018. The regulation affects all companies that proceed European users’ personal data.
Disclaimer : Kameleoon does not provide legal advice regarding GDPR. This page only aims to inform on the major challenges GDPR implies and how Kameleoon's personalization tool complies with this regulation.
Under RGPD, you no longer have the right to collect personal data if the user hasn't explicitly authorized you to do so. Your data management policy needs to be perfectly clear. You do not have the right to process a visitor's personal data unless they explicitly agreed.
With GDPR, transferring a customer's personal data outside the European Union becomes illegal. A company operating on several continents and using tools that centralize customer data outside the EU breaches the new regulation. The same is true for any company operating in Europe and centralizing user data outside the EU.
Yahoo, MySpace, eBay, Sony, Ashley Madison, Dropbox, Tumblr, LinkedIn, Adobe, etc.: Data theft happens all the time. In the past, companies tried to hide these glitches as long as they could. With GDPR, corporations have 72 hours from the moment the breach is known to inform the competent authorities. Users also have to be informed, although GDPR doesn’t set a timeframe for that. However, it’s a matter of common sense and of keeping their trust to inform users as soon as possible.
Under GDPR, you must be able to reconstitute all of a visitor’s data at his request, in a structured, unencrypted format.
A person who has given you his or her data has the right to ask you to erase it entirely. If they do, you have to comply.
The nomination of a Data Protection Officer (or DPO) is mandatory for all corporations proceeding user data on a large scale or regularly tracking data subjects or sensitive information. This also applies to the public sector, independently of the purpose or type of processing.
Any corporation disrespecting the new rules risks fines of up to 4% of their overall revenue, or €20 million, according to the severity of the infraction.
In its standard setup, Kameleoon's platform doesn't collect or processes any personal data as defined by GDPR. The only data collected is anonymized browsing data which doesn't allow a visitor's identification. However, the Customer has the possibility to inject existing personal data from their ecosystem (CRM, DMP, ...) into Kameleoon, to improve analyses and results. In that case, the Customer has total control over the information and selects only authorized data. Kameleoon processes this personal data in a totally GDPR-compliant way and follows the Customer's written instructions and data processing procedures.
As the IP address is considered personal data, Kameleoon doesn’t process or save it but replaces them by a randomly generated ID. This guarantees complete anonymization and a higher level of data protection.
Kameleoon enables the Customer to deliver the entirety of a given visitor's collected data at their demand.
Right to erasure:
Nomination of a DPO: Our security and GDPR compliance program is supervised by a Data Protection Officer named in January 2018.
Response in case of an incident: Our incident management program enables us to react to security breaches on a 24/7 basis. If visitor or customer data is impacted, the Customer is informed without delay, as stipulated in the contract.
Security insurance plan: Kameleoon's security measures take into account state-of-the-art technology and GDPR requirements. Kameleoon guarantees confidentiality, integrity, availability and traceability of the Customer's data and keeps an updated written documentation detailing implemented technical and organizational security measures.
EU-based servers: Kameleoon’s servers are situated in Europe. No personal data whatsoever circulates outside the EU, so our customers are sure to comply with GDPR’s data circulation restrictions.
Product development and new features: All new features to be developed are GDPR compliant and follow strict guidelines to guarantee compliance with personal data protection rules.