The aim of this GDPR functionality document is not to provide legal advice, but to explain the features Ometria has developed to fully satisfy GDPR requirements. To get a better understanding of the regulation and how it relates to retail marketers, we suggest reading our GDPR guide. Adopted in April 2016, the GDPR is set to apply within the EU from 25th May 2018.
Under the GDPR, a customer has the right, subject to certain conditions, to have his or her personal data erased (Right of erasure (the right to be forgotten) - Art 17, Rec 65-66).
The complete deletion of data associated with a customer is not necessary, since data that does not directly or indirectly identify that customer is not within the scope of GDPR.
Ometria product functionality enables the retailer to “pseudonymise” (see Art 4) the data we hold, which maintains accurate reporting within the Ometria platform.
We have also released a new GDPR requests screen and API functionality which can be used to verify the status of pseudonymisation requests and retrieve further information relating to individual requests.
Note: User access to pseudonymise data and verify GDPR requests in the platform is governed by user permissions managed under Settings. Please see Permissions below for more information.
Submitting GDPR data anonymisation requests
There are three ways retailers can manage requests using Ometria:
- i) in the Ometria platform using Anonymise contact
- ii) via the Ometria API
- iii) submitting the request to the Support team via: email@example.com
i) In the Ometria platform: Using Anonymise contact
There is now a “anonymise contact” button available in the Contact details screen in the platform. This can be used to anonymise individual contacts in Ometria and can be accessed via: Customer > Segment Explorer > Contacts.
Note: Ensure the correct user permission is enabled under Account settings so enabling users can access this option. Please see Permissions below.
In the Contacts view you can search/filter to find an individual contact and then select any contact to be taken through to the Contact details screen. Here there is an Edit drop-down option where you can select the Anonymise contact option.
Once selected you will see the following dialogue confirming you are sure you want to anonymise the contact. Then select the Delete option to action the request.
Before confirming the Anonymise option you can also add an Optional comment against the request. When a comment is added this is visible against all processed requests when validating in the GDPR requests view in the platform and via the API. Please see Verifying requests.
Note: This action cannot be undone and please confirm you are happy to remove before proceeding.
Once actioned the contact data will be anonymised and you will be available to verify the request in the GDPR requests screen in the platform. Please see Verifying requests below.
A deletion request confirmation message will appear confirming the request will be processed and provide a deletion request identifier. Please note that its a “deletion” request because we are deleting contact PII data, but anonymising the profile.
ii) Using the Ometria API
The Ometria API can be used to submit requests and this feature should be used where a retailer needs to submit multiple requests.
For further information please please refer to the full technical documentation available at: http://docs.ometria.com/gdpr/introduction/
iii) Submitting requests to Ometria Support
Requests can also be submitted to the Ometria Support team via: firstname.lastname@example.org
Verifying GDPR data anonymisation requests
You can verify the status of any request directly in the Ometria platform using the GDPR requests screen, via the API and Support ticketing.
Verifying status: GDPR requests view
In the Ometria platform: users with the right permissions can access a GDPR requests dashboard in the Settings tab.
This dashboard will list all GDPR requests, request IDs, dates requests were submitted, blacklist status and deletion status.
The following fields are available in GDPR requests with column sorting available for each of these.
- Date of request: date and time request was received
- Date of completion: date and time request was processed
- Source: source of request - API or Application
- API request ID: identifier for API request submitted
- User name: name of user who submitted request in the platform
- Is currently blocked?: Yes or No. Yes indicates a GDPR request has been submitted and processed, meaning the contact is blocked and no new data will be ingested and stored against the contact. No indicates the contact has been re-opted in and the block has been removed for the contact. Data will be ingested and stored against the contact.
If you select any individual request listed in the GDPR requests view this will bring up the Request information dialog, confirming the records anonymised.
If an optional comment was added this will appear here under Comment.
Verifying status: API request
Once you submit a request via the API, you will receive an identifier which can be used to verify the status of the request. You can use this identifier as a record that you have submitted the request.
For further information please refer to: http://docs.ometria.com/gdpr/introduction/
Verifying status: Support requests
You can also verify the status of a request via the Ometria Support team where the request initiated by an email to email@example.com.
Anonymised contacts in Ometria
Once a contact is anonymised their personal data will no longer be visible in the Contacts view and the Contact details will display a red Anonymised tag.
An anonymised email address will be displayed against the contact.
In order to access and be able to use the Anonymise contact button feature the permission needs to be enabled under account settings.
This permission can be enabled under Account > Settings > Users and Permissions > Permissions where the Anonymise contact option needs to be enabled per user.
To access the GDPR requests screen a user needs to have account administrator access set as a user permission.
Under Account > Settings > Users and Permissions > Permissions please ensure the Adminisiter account option is enabled.
We have added a new click handler enabling you to add specific UTM parameters to any CTA/link in a broadcast campaign template.
This click handler can be inserted into any broadcast template to confirm consumer consent and add all contacts who click a specific CTA/link to a segment in Ometria.
Please refer to the Re permissioning guide for full details.
"Loose" opt-in mode
We are removing the ability to send marketing messages to contacts that have an "unknown" opt-in status (loose mode).
On the 1st May 2018, all clients currently using this functionality in automation emails will be automatically switched over to "strict" mode which only sends marketing messages to contacts who are opted in.
We recommend all clients switch to "strict" mode as soon as possible.
Our transactional API should not be used to send marketing emails. It is, therefore, the client's responsibility to ensure that all emails sent via this API are purely transactional and do not include any marketing materials.
For any additional support please contact firstname.lastname@example.org