Be GDPR compliant with ODICCI
GDPR sets a high standard for consent. Companies can no longer use long illegible and unreadable terms of conditions. Consent must be clear and distinguishable from other matters and provided in an intelligible and easily accessible form, using clear and plain language. It must also be as easy to withdraw consent as it is to give it.
It is therefore important to explain in plain language what the data will be used for, that people can withdraw their consent at any time (and how), and which organizations and any third-party controllers will be relying on this consent.
To make sure your content is GDPR compliant, you need to ensure future contacts provide you with an ‘unambiguous’ consent through a ‘clear affirmative action’. This means people need to opt-in by ticking a checkbox (not a pre-ticked box) and it should be very clear what people are opting in to. Many companies have resulted in offering multiple opt-in options so people can choose what type of content they will receive.
In ODICCI, you can set up forms with as many options as you like for opt-ins – and include tick boxes that are not pre-ticked. The lead form consent will be attached to your contact and always available to review.
You need to review how you obtained your current email contacts in ODICCI along with their information in-store to ensure they were obtained according to the GDPR legislation. If you obtained contacts through pre-clicked opt-in forms, did not specify explicitly the purpose of the data collection or the data processing, you need to refresh the consent.
In ODICCI, you can look at the history of each contact and see when and how it was obtained (through which campaign or which content piece), and review whether it was done according to GDPR compliant methods.
SUBJECT ACCESS REQUESTS
In ODICCI, you can look up all your contacts, view their personal data and export the data digitally.
In ODICCI, you can easily look up a contact to review all the personal information you have obtained on. This includes contact information, dates of interaction, and information gained through interactive content (such as their favourite colour from a quiz). You can export all the information in a digital format.
RIGHT TO BE FORGOTTEN
In ODICCI, you can look up any of your contacts and quickly erase all their personal data.
EVALUATE and OPTIMIZE
- Reduce unnecessary data capture
Take stock of the data you’re capturing. Gather only the data you need to be effective.
- Ask fo proper consent
When will consent be required and what form will it take? How will you provide delightful customer experiences with consent and without unwanted surprises? Consider the value proposition for consumer privacy, which can help drive conversion and loyalty.
- Provide the required notice for data capture
Review and update your current privacy notices, policies, and any information provided at data collection points.
- Remove unique identifiers
When appropriate consider making data anonymous or pseudonymous (by replacing obviously personal details with another unique identifier, typically generated through hashing, encryption, or tokens) to help minimize compliance obligations and the risk of data and privacy breaches and claims.
- Fulfill data access and delete requests
Understand how your customer will reach out to you to make data access or delete requests. Define internal data retention and deletion policies and procedures.
Disclaimer: This website does not include legal advice for your company to use in complying with EU data privacy laws like General Data Protection Regulation. Instead, it provides information to help you better understand what can be done on the ODICCI platform to comply with the law. This information isn’t legal advice and we encourage you to seek a professional lawyer’s opinion when referring to this. To be clear, this information is in no way a recommendation or any expression of legal understanding. This page does neither enlist all the regulation within the GDPR, and its important that you make sure your company meets all the legal requirements of the GPDR.