event marketing cloud blog
Open Letter to our Customers and Partners: Comply with GDPR Today
By Debra Chong, CEO
March 2018
Dear Customers and Partners:
 
Besides working on achieving and maintaining our compliance with the European Union’s (“EU”) General Data Privacy Regulation (“GDPR”), we wanted to take this opportunity to let you know we are actively engaged in assisting our Customers to meet compliance now with the GDPR. Waiting until May 25, 2018 is too late. You are already collecting data for marketing, meetings and events that occur after the GDPR deadline.
 
Lenos Software embraces the GDPR as an opportunity to deepen our commitment to data protection. Compliance with the GDPR is a partnership with our Customers. We have made enhancements to our Platform and will be reaching out to Customers to amend our licensing agreements to support our mutual compliance with the GDPR.
 
Privacy issues have been at the forefront of my 25+ year career with the Office of the Comptroller of the Currency (regulating national banks), as a Partner in a global law firm (representing banks, financial services firms, health care and insurance companies/organizations in compliance and regulatory matters) and now as a technologist, Co-Founder and CEO. Lenos Software, trusted by leading brands since 1999, was founded on Privacy by Design principles.  Privacy is personally very important to me, as well as my colleagues at Lenos Software.
 
What is GDPR?
 
In summary, the GDPR provides EU citizens specific privacy rights regarding the collection, storage, transfer and use of their personally identifiable information. The GDPR also provides standards of care and duties and responsibilities for data controllers (which includes many of our Customers) and data processors (which includes many of our other Customers and Lenos Software). Requirements of the GDPR are extraterritorial in reach and affects all companies, regardless of their location. Many EU citizens are citizens of other countries, as most EU countries provide for dual citizenship, or they authorized to work in other countries.
 
Non-compliance with the GDPR will result in significant fines and penalties of … “[u]p to €20 million, or 4% of the worldwide annual revenue of the prior financial year, whichever is higher” … for data controllers and data processors. In general, penalties and fines are not insurable, as that is contrary to public policy.
 
How does GDPR affect the collection of data for marketing, meetings and events?
 
The GDPR requires the posting of conspicuous and “plain language” privacy policies before an individual’s information is collected to ensure that informed and affirmative consent is given for the collection of their data and how their data is stored, transferred and used, whether in a personal or business setting. Tracking of individuals by using cookies or other mechanisms is also prohibited by the GDPR unless affirmative and informed consent is provided.
 
Since 1999, Lenos Software’s solutions are developed by “Privacy by Design” principles. What does this mean?
 
  • We have always required that customers post their Privacy Policies and Terms of Services to collect data.
     
  • We only use a cookie for security when a registrant logs in to access their data and do not use cookies or other tracking mechanisms to create individual or organizational profiles, which are invasive of personal and corporate privacy and pose security risks.
     
  • We have never re-targeted or re-marketed individuals that access or register on a website (that is, we have never followed an individual across the Web to display advertising).
     
After data is collected from a registrant, they have the right to withdraw their consent, at any time, which will require the deletion/erasure of their personally identifiable information. If data is collected before May 25, 2018, and used after that date, GDPR would apply to the access and management of that data, which in some cases may require obtaining of an affirmative and informed consent.
 
Should there be different data privacy requirements for EU Citizens and non-EU Citizens?
 
The simple answer is NO. Why? Trust is the paramount to all data collection and trust is an asset. The best approach is to adapt all data collection processes to match the GDPR requirements, as it will mean that your organization is more likely to comply with all privacy requirements and ensure that the data collected is of the highest quality.  This approach establishes you and your organization as a leader in ensuring the privacy of your customers, employees and partners as you recognize and respect the privacy of all individuals. As trust is the “new currency” and your organization’s brand is paramount, protect and promote brand equity by adopting privacy standards that engender trust in your audience. Nothing is more important than trust.
 
How can I ensure that the collection of data for marketing, meetings and events will comply with the GDPR?
 
Lenos Software has released a GDPR Consent and Data Management Module to assist Customers to manage their GDPR compliance and provide an audit trail, a history of actions taken. This module enables Customers to automatically:
 
  • Track and retain Privacy Policies, as well as ensuring their integrity
     
  • Prominently display the Customer’s Privacy Policy to ensure informed consent
     
  • Require an affirmative Consent from an individual before their data is collected
     
  • Enable registrants to edit the data that is collected
     
  • Provide registrants the ability to Withdraw their Consent
     
  • Identify actionable requests for Consents that have been withdrawn, are expired, provided by proxy or need to be affirmed
     
  • Enable and track communications in Consent management
     
  • Identify if the registrant that has Withdrawn their Consent has registered for other meetings and events
     
  • Track registrant transactions to determine whether data has been shared with third-parties in fulfillment of their meeting/event participation
     
  • Ensure the secure and permanent deletion of personally identifiable information when required
     
  • Transfer GDPR related data and information to Salesforce
     
  • Reproduce and replicate GDPR requirements across multiple meetings and events in minutes
     
  • Maintain recordkeeping to comply with the GDPR and enable a Customer’s Standard Operating Procedures, internal controls and audit requirements for the time that the data is retained by the Customer
     
  • User controls which may be assigned by the Customer on a “need to manage” and “need to know” basis
 
Additional information regarding the GDPR Consent and Data Management Module may be obtained at https://www.lenos.com/GDPR-Compliance-Manager
 
Lenos Software’s GDPR Consent and Data Management Module
 
This module was released in January 2018 by Lenos Software and has been successfully implemented by Customers, often within an hour. The module is licensed by Customers:
 
  • On an annual basis
     
  • Based upon the number of records that are managed by the Module
     
  • Requires subsequent renewals for the term that data is retained by the Customer (as stated in their Privacy Statements) to ensure compliance with the GDPR
     
We are partnering with Customers to ensure that the GDPR Consent and Data Management Module will be implemented and preferential licensing fees will be provided to Customers who have been long-term licensees of our solutions.
 
Implementation of the GDPR Consent and Data Management Module may also include partnering with Compliance, IT, Legal, Marketing, Privacy, Procurement and Security at your organization. We are prepared to share our knowledge and experience, and will work with you to ensure a successful implementation and outcome.
 
Please feel free to give me a call or send me an email regarding these important issues.
 
Thank you.
 
Best,
 
Debbie
Debra A. Chong, Esq.
dchong@lenos.com
Co-Founder and CEO
Lenos Software
 
For more information regarding GDPR and Privacy, follow us on LinkedIn:
https://www.linkedin.com/company/lenos-software/