Data Security


We care a lot about data. Because we process a lot of data. It’s therefore important to us to make it easy for you to comply with the GDPR in ODICCI. We will do our best to assist and guide you in meeting the demands of the GDPR.



The GDPR sets a high standard for consent. Companies can no longer use long illegible and unreadable terms of conditions. Consent must be clear and distinguishable from other matters and provided in an intelligible and easily accessible form, using clear and plain language. It must also be as easy to withdraw consent as it is to give it.

It is therefore important to explain in plain language what the data will be used for, that people can withdraw their consent at any time (and how), and which organizations and any third-party controllers will be relying on this consent.


To make sure your content is GDPR compliant, you need to ensure future contacts provide you with an ‘unambiguous’ consent through a ‘clear affirmative action’. This means people need to opt-in by ticking a checkbox (not a pre-ticked box) and it should be very clear what people are opting in to. Many companies have resulted in offering multiple opt-in options so people can choose what type of content they will receive.

In ODICCI, you can set up forms with as many options as you like for opt-ins – and include tick boxes that are not pre-ticked. The lead form consent will be attached to your contact and always available to review. 


You need to review how you obtained your current email contacts in ODICCI along with their information in-store to ensure they were obtained according to the GDPR legislation. If you obtained contacts through pre-clicked opt-in forms, did not specify explicitly the purpose of the data collection or the data processing, you need to refresh the consent.

In ODICCI, you can look at the history of each contact and see when and how it was obtained (through which campaign or which content piece), and review whether it was done according to GDPR compliant methods.  



The GDPR includes the right for contacts to receive confirmation as to whether or not a company is processing personal data concerning them, including information on where and for what purpose. The company should also provide a digital copy of the personal data, free of charge. The request should be processed within 30-days.

In ODICCI, you can look up all your contacts, view their personal data and export the data digitally.  



Data portability is the right for a contact to receive the personal data, which they have previously provided to a company, in a digital format, and the right to forward that data to another company.

In ODICCI, you can easily look up a contact to review all the personal information you have obtained on. This includes contact information, dates of interaction, and information gained through interactive content (such as their favourite colour from a quiz). You can export all the information in a digital format. 



The right to be forgotten is also known as Data Erasure and entitles the contact to have the company holding their data erase their personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data.

In ODICCI, you can look up any of your contacts and quickly erase all their personal data.

blue copy


The GDPR puts a strong emphasis on best practices for data collection, data controller transparency, and consumer choice — all of which play a meaningful role in the customer experience. With an eye toward customer experience, think about how the following GDPR principles may affect your business efforts.
  • Reduce unnecessary data capture
    Take stock of the data you’re capturing. Gather only the data you need to be effective.
  • Ask fo proper consent
    When will consent be required and what form will it take? How will you provide delightful customer experiences with consent and without unwanted surprises? Consider the value proposition for consumer privacy, which can help drive conversion and loyalty.
  • Provide the required notice for data capture
    Review and update your current privacy notices, policies, and any information provided at data collection points.
  • Remove unique identifiers
    When appropriate consider making data anonymous or pseudonymous (by replacing obviously personal details with another unique identifier, typically generated through hashing, encryption, or tokens) to help minimize compliance obligations and the risk of data and privacy breaches and claims.
  • Fulfill data access and delete requests
    Understand how your customer will reach out to you to make data access or delete requests. Define internal data retention and deletion policies and procedures.



Disclaimer: This website does not include legal advice for your company to use in complying with EU data privacy laws like General Data Protection Regulation. Instead, it provides information to help you better understand what can be done on the ODICCI platform to comply with the law. This information isn’t legal advice and we encourage you to seek a professional lawyer’s opinion when referring to this. To be clear, this information is in no way a recommendation or any expression of legal understanding. This page does neither enlist all the regulation within the GDPR, and its important that you make sure your company meets all the legal requirements of the GPDR.