Technology designed in line with the ‘Privacy by Design’ principle

Protecting people comes first

Just when all sectors were looking to exploit data as a source of revenue, boosted tenfold by Big Data, the GDPR turned the monetisation of information on its head.

No company or platform that uses data can escape this data management regulation, which came into force on 25 May 2018. With the introduction of this new regulation, the European institutions set out a clear objective: to protect people at a time when their personal data had become a veritable goldmine.

Data-use subjected to strict regulations.


Privacy as a competitive advantage?

It is true that implementing the new measures set out in the GDPR is demanding, and some see it as a threat to European companies’ competitiveness in relation to their American and Chinese competitors.

Yet, this point of view can be flipped on its head, and confidentiality can, in fact, become a competitive advantage.

In a world in which consumers are increasingly concerned about protecting their privacy, it is reasonable to assume that, in the future, only those players who have succeeded in establishing a dialogue based on trust, transparency and respect will be able to secure customer loyalty.


The French Data Protection Authority (CNIL) summarises the 3 main principles of the GDPR as follows: 

  • Strengthen the rights of individuals, including the creation of a right to the portability of personal data and provisions specific to minors;
  • Make the parties involved in data processing (Data Controllers and Processors) accountable;
  • Increase regulatory credibility through closer cooperation between data protection authorities, enabling them, in particular, to adopt municipal decisions when data processing is transnational and to impose more stringent penalties.

The GDPR changed the rules by making the companies that collect information responsible for the protection of personal data.

At the same time, the authorities strengthened their sanctions, “a clear signal to everyone that data protection is now an important issue and one that companies must take seriously”, Isabelle Falque-Pierrotin, Chairman of the CNIL, stressed.

More than ever, therefore, responsible data management is a priority…


Notify’s response to the GDPR:

Notify is a marketing technology platform that has built its business around data management.

By cross-referencing its brand customers’ MD5 and SHA 256 hashed data with that of its media partners, Notify can deliver their messages to consumers when they are connected and, therefore, available. This well-timed approach leads to a 78% increase in message open rates… and a significant increase in the conversion rate.

In order to guarantee compliance with the GDPR for itself and its brand customers, Notify has been implementing an 8-point activity plan over the past few months:

  • Double consent from consumers: consumers must express their agreement to being contacted twice, firstly to the brand by means of an opt-in (i.e. a voluntary action) and then to the media platform.
  • Data retention limited to a maximum of 90 days.
  • ‘Privacy by design’: only the information that is required for providing the real-time Notify service is collected.
  • Hashing of personal data in MD5 and SHA 256 format.
  • Support from an external CPO (Chief Privacy Officer) to ensure that personal data is handled correctly.

  • ISO 270001 certification, the process for which is currently being finalised.

  • Regular audits of media partners’ Terms and Conditions of Use to check compliance with legal requirements.

  • .The right to be forgotten: consumers can ask to be removed from the real-time service at any time.