Recital 1 of the GDPR:
The protection of natural persons in relation to the processing of personal data is a fundamental right. Article 8(1) of the Charter of Fundamental Rights of the European Union (the 'Charter') and Article 16(1) of the Treaty on the Functioning of the European Union (TFEU) provide that everyone has the right to the protection of personal data concerning him or her.
3marketeers Advertising, Inc. is GDPR-ready, so that our clients can communicate with customers and prospects with GDPR compliance in mind.
We take data privacy seriously and meet or exceed data privacy regulations, and support organizations running our agency marketing programs while meeting data privacy obligations across the globe.
To be removed from any 3marketeers communications, please confirm you are revoking your consent. By completing this form, we will confirm your details and remove you from further outreach.
We'll send a confirmation to your email address. Please be sure to verify your signup.
GDPR, which is an acronym for General Data Protection Regulation, was enacted by the European Parliament ('EP') to further strengthen data protection for people inside of the European Union ('EU').
The European Union's Regulation 2016/6791, the new General Data Protection Regulation, came into effect on May 25, 2018 in order to regulate the processing by an individual, a company or an organization of personal data relating to EU resident individuals in the EU.
GDPR replaces the previous individual EU member state regulations and guidance on privacy. The General Data Protection Regulation is in the form of regulation instead of a directive and is therefore enforceable in EU member states as law.
Organizations need to ensure they are compliant, or risk financial penalties.
GDPR compliance requires commitment from agency clients, as it does with other data protection laws. We are tracking the recommendations and guidance issued by regulatory authorities to assist us to develop tools appropriate for use of 3marketeers' services.
The legislation makes EU resident individuals' privacy rights stronger by limiting processing of their personal data, significantly expanding their rights over their data, and giving them greater visibility into the nature, purpose, and use of their data.
GDPR is in force for every organization that tracks EU resident behavior inside of the EU and that processes or uses the personal data of EU residents.
It grants broad individual rights pertaining to personal data, some of which include:
In general, any organization that collects, processes or stores personal information about EU citizens within the EU states must conform to the GDPR, no matter if they have an EU business presence or not.
Organizations that fall under the General Data Protection Regulation legislation:
Article 3 GDPR
(Full list at https://gdpr-info.eu/art-4-gdpr/)
Personal Data
'Personal data' means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
Controller
'Controller' means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
Processor
'Processor' means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
When collecting, processing or holding personal information organizations must make certain that the information:
Consent by EU persons to collect and utilize personal data
Most marketing-related activities will rely on using "consent" as the appropriate reason for processing data. 3marketeers Advertising customers should assess how consent is gained, how it is documented and how authorization is maintained for processing personal data for EU persons.
Article 4.11
Consent' of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
Article 7 "Conditions for consent"
Article 7.1
Where processing is based on consent, the controller shall be able to demonstrate that the data subject has consented to processing of his or her personal data.
Article 7.2
The request for consent shall be presented in a manner which is clearly distinguishable from the other matters, in an intelligible and easily accessible form, using clear and plain language.
Article 7.3
The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Prior to giving consent, the data subject shall be informed thereof. It shall be as easy to withdraw as to give consent.
Accountability that processing is performed in accordance with the GDPR
Organizations must consider and be able to demonstrate how they comply with the principles of the GDPR.
Article 24 "Responsibility of the controller"
Article 24.1
Taking into account the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, the controller shall implement appropriate technical and organisational measures to ensure and to be able to demonstrate that processing is performed in accordance with this Regulation. Those measures shall be reviewed and updated where necessary.
3marketeers clients are controllers under the GDPR and have the primary responsibility as they choose which prospects, customers and contact information is leveraged for their marketing programs, and who they choose to communicate to.
The 3marketeers GDPR Data Processing Addendum is located here.
Multi-lingual compliance mechanisms such as opt-out capability have always been in place in the tools that 3maketeers uses.
3marketeers clients will continue to rely on Privacy Shield certification for placing lawfully obtained personal data under the GDPR.
We are evaluating, and enhancing our features and processes to further assist users subject to the GDPR and will continue to support GDPR compliance requirements.
Here are some of the steps that can be accomplished within your organization. The list is not comprehensive in nature and your organization must determine individual steps that must be accomplished:
European Commission (EC)—Data protection in the EU
European Commission—What does the General Data Protection Regulation (GDPR) govern?
EUR-Lex (Official Journal of the European Union)
GDPR Data Processing Addendum (PDF)
UK Information Commissioner's Office
Third-party, searchable, indexed
3marketeers Advertising has made this information available to assist organizations in understanding the GDPR. The information contained herein is not legal advice and shall not be construed as legal advice.
Any person who intends to rely upon or use the information contained herein in any way is solely responsible for independently verifying the information and obtaining independent expert advice if required. Organizations should consult their legal counsel to interpret and understand their obligations under the GDPR, and how their organization utilizes and processes personal data.