A tech tool designed according to the “Privacy by Design” principle

Priority given to the protection of persons

As all sectors are poised to tap into personal data’s potency as a source of income, the volumes of which have increased tenfold with the exponential rise of Big Data, the GDPR has turned the monetization of information upside down. No company or platform exploiting data can escape these strict rules for processing it, which came into effect on May 25, 2018.

With this new regulation, the European Union aims to protect individuals at a time when their personal data is potentially worth more than gold to companies.

Data use subject to strict regulations

The CNIL (France’s national data protection agency) sums up the GDPR’s three main objectives :

  1. To protect and strengthen the rights of individuals, particularly through the creation of a right to data portability as well as provisions specifically aimed at minors;

  2. To hold data processors (data controllers and processors) accountable;

  3. To enhance cooperation between data protection authorities, who can make joint decisions when data processing is transnational and can impose stronger sanctions in case of violations.

By making companies who collect personal information responsible for the protection of all personal data, the GDPR switches up the rules.

By reinforcing existing sanctions and adding new ones, the European authorities are sending “a strong signal to show everyone that data protection is now an important issue – one that must be made a priority by all companies,” stresses Isabelle Falque-Pierrotin, President of the CNIL.

Reasonable and responsible data management is therefore, more than ever, a primary concern. As is accountability.

notify’s response

As a marketing technology platform, notify’s offer is based on smart data management. By cross-referencing the MD5 and SHA 256 hashed data of our clients’ databases with those of our media partners, notify enables messages to be delivered to the customer when he or she is connected, and therefore available. This timely solicitation drives open rates up to 78% and significantly increases conversion rates.

To guarantee our compliance as well as the compliance of our clients, notify has outlined an 8-point action plan:

  • Double consent of the customer: the prospect or customer must explicitly give his/her consent to be solicited twice, first by opting-in to the message sent by the brand (a voluntary act), then again with the media platform.

  • Data is retained for a maximum of 90 days.

  • Privacy by design is respected: Only the information necessary to deliver the real-time notification service is collected.

  • Personal data is hashed out in MD5 and SHA 256 format.

  • An external Chief Privacy Officer oversees everything and acts as liaison with our clients and partners to guarantee the correct processing of personal data.

  • We’re ISO 270001 certified.

  • We conduct regular audits of our media partners’ T&Cs to ensure compliance with legal standards.

  • Right to be forgotten: the customer can at any time ask to no longer benefit from the real- time service. Thanks to this comprehensive plan, notify guarantees responsible processing of all collected data.

Confidentiality, a competitive advantage?

Admittedly, the implementation of the GDPR’s new provisions is a trying one, and many see it as a threat to the competitiveness of European companies compared to their American or Chinese counterparts.

However, the perspective can and should be reversed. In a world where citizens are increasingly concerned about the protection of their privacy, we can imagine that, tomorrow, only those players who have succeeded in establishing a trusting, transparent and respectful dialogue will be able to build customer loyalty.