A lot of you have heard rumblings of a major change to Data Protection Law in the EU, so what is the GDPR? What does it cover and how does this impact Meltwater and you? We have created the short introduction to help you guide your way through the GDPR maze. This should answer most of the questions you may have!
What is GDPR?
The General Data Protection Regulation (GDPR) is a European data protection law that will laterally be enacted by all EU member states and additional signatories such as the UK. You can think of GDPR as "a one ring to rule them all" solution instead of 28 national laws on the same subject.
The GDPR will enter force on 28th of May 2018. It will replace the current Data Protection Directive and be directly applicable for all EU member states. In contrast to the current Directive the GDPR will also apply to all non-EU companies who handle personal data of EU residents.
Meltwater will comply with the GDPR regulations when they enter into force like we have complied with the current directive.
What does personal data mean and why is this important to GDPR?
Protection of privacy is a fundamental right in Europe, but the way we share our private personal data has changed significantly in the last 50 years. Our personal data is more and more in digital form and can be shared easily with a large number of people. Just think about the data you share with the social media platforms. Therefore the EU commission has updated the existing 20 years old Directive and created the GDPR which includes the processing of various types of personal data in digital form.
Personal data is all physical or digital data that can be used to identify a natural person, for example name, address, email, phone number, IP address and picture. Not all of the above fill the requirements for personal data by themselves but when combined with other data you are able to identify the individual.
Some types of personal data are more sensitive than others and require stronger safety measures during the processing. For example, the religious beliefs or ethnic origin of a data subject is considered sensitive data. Meltwater does not collect such data from clients.
What personal data is needed for Meltwater's services?
You may have already asked questions related to the GDPR and how Meltwater’s systems comply with the regulation.
The first question is always what personal data does Meltwater process? All personal data we collect from our clients is collected by your rep or the Account Manager. In most cases this includes your name and email address, which we need in order to set up the account. On top of this we usually store your phone number.
A company can be either a processor and/or a controller of personal data. The controller is ultimately responsible for the use and storage of the personal data, and shall govern how it's processors use the personal data it shares with them. The processor only processes the personal data received from the controller according to the instructions given by the controller. A company can be both the controller and the processor as the examples about Meltwater below will show.
What is important to understand is that Meltwater does not become the controller, i.e. the owner, of personal data that we use to create and update account credentials, we simply process it to fulfill our obligations set out in the contract.
What about ICM and the Influencer details?
Various departments have been working hard to do the necessary updates to our systems and ICM has probably been the product we needed to focus on the most. This is mainly because we are the controller of the ICM database and as such fully responsible for the processing of the personal data of the influencers we have in our database.
We have the required opt-in, unsubscribe and opt-out processes in place and the ICM team has done a valuable job increasing the value the influencers get for being in our database.
If you import any lists or your own contacts to the service, you will remain the controller of the imported personal data and are responsible for it's proper storage and use.
Where is the personal data stored?
All data as well as personal data related to the Meltwater platform is stored in the European Economic Area, the EEA, which includes the member states of the EU as well as Norway, Lichtenstein and Iceland.
All data of the Engage service provided by our partner Sprout is stored in the United States. The transfer outside the EEA is allowed since Sprout is a participant is the Privacy Shield framework between US and EU/Switzerland.
Our partner Klear stores the Social Influencers data in Ireland.
If you haven't already, take a look at our GDPR readiness update below:
If you have any additional questions, feel free to reach out to email@example.com!