The General Data Protection Regulation (GDPR) is a regulation that
intends to strengthen data protection for all individuals within the European
Union (EU).
The General Data Protection Regulation (GDPR) is a regulation that
intends to strengthen data protection for all individuals within the European
Union (EU).
GDPR aims primarily to give control back to citizens and residents over their personal identifiable information (PII). PII is information that can be used to identify, contact, or locate a single person, or to identify an individual in context. Any information that can be used to trace an individual's identity, such as name, social security number, and even purchasing preferences can be considered PII.
In Circle projects, PII is found in several places such as data source recipient list tables, tracking data, images, jobs, and job output.
Circle works in conjunction with uProduce to provide tools for GDPR compliance. For more information about GDPR in other XMPie products, see GDPR Guidelines for XMPie Products.
This topic outlines important issues, best practices and functionality to allow you to comply with the various GDPR requirements:
uProduce GDPR setup – a prerequisite
Permanent and non-permanent data sources
A prerequisite to Circle GDPR compliance, is that uProduce be configured for GDPR.
Circle relies on the automatic deletion mechanism of uProduce for some aspects of its GDPR solution. For example, when deleting a Circle project, Circle makes sure to delete all traces of the project (e.g., data sources, tracking data) and relies on the uProduce automatic deletion mechanism to complete the process (e.g., deletion of jobs and job output).
It is recommended not to use personal information in the recipient key, in order to avoid webpages from being accessed by hackers. Finding the recipient key pattern and guessing its values might cause data breaches.
In websites that do not require signing in to access personal data, guessing the recipient key enables easy access to a citizen’s personal data. In addition, it reveals that the person is part of the campaign.
It is therefore not recommended to use in the recipient key first and last name, email address, identification number, etc.
From PersonalEffect version 9.3, you can use the insert expression |->[?] := SecureID() function in uPlan, or the Auto-generated Secure ID option in Circle's Master List and Easy Start wizard.
The strongest way to achieve data security in a website is by signing in to the website. This allows providers to deliver both secure and personalized campaigns which require users to validate themselves before exposing any personal information.
As part of the GDPR solution, XMPL provides the ability to define a website that requires the recipient to supply credentials and sign-in upon each entry to the website or XMPL API. See User Authentication
To enhance security, you can use the HTTPS protocol to ensure that communication between the browser and the website is encrypted. When connecting to a website via HTTPS, the website encrypts the session with a Digital SSL (Secure Sockets Layer) certificate.
When HTTPS is configured and activated, Circle enforces HTTPS in webpage links, friendly URLs, XMPL APIs and Circle Live Preview. Currently HTTPS is not supported in email, PDF on demand and XMPieRURL ADOR. If you wish to continue using HTTP in email and PDF on demand in an HTTPS configuration, you can do so by leaving port 80 open. See Circle HTTPS Configuration Prerequisites and HTTPS Protocol.
Circle provides the ability to export or delete recipient data (PII) from Circle 2G projects. PII is found in several places, such as data source recipient list tables and tracking data.
(Circle 1G is deprecated and there is no GDPR support in uProduce XM.)
The export/delete operation can be performed for all projects within a single uProduce account, or on a project by project basis. For details, see Exporting/Deleting Recipient Data.
To use this feature, you need to specify the recipient key (for a remote data source) or some other identifying field name and value.
When performing the export/delete operation, the search is performed in the recipient table of the data source currently selected in the Master list.
|
Data source currently selected in the Master list |
|
Recipient table currently selected in the Master list |
|
Additional data source |
This means:
● Single recipient
table
The search is performed in the recipient table (see B above) currently
selected in the Master list. All other recipient tables of the
current data source are not included in the search. All PII must be consolidated into 1 recipient table
in a data source (see A above).
● Unused data
sources
All other data sources which are not currently selected in the Master list
are not included in the search. (These can be seen in the project’s Library>Data
Sources page.)
● Additional
data sources
Additional data sources (see C above) are never included in the search.
Since Circle never writes to additional data sources, we consider them
static information which is unlikely to include PII. If your usage differs
from this and you need to export/delete from additional data sources,
it is your responsibility to do so.
● Remote data
sources
Circle does not delete/export recipient data from remote data sources.
The management of recipient data in remote data sources is your responsibility.
It does, however, delete/export the tracking
data associated with the recipient. The tracking data typically
resides on the uProduce server.
● Never have more than 1 table which includes PII in any data source. Store all PII in a single table in a data source.
● Never keep any data source with PII unless it is selected in the Master list.
● On uploading a replacement data source, remember to delete the old data source.
● On duplicating a project from one uProduce account to another, never copy the Master list data sources. It is not good practice to copy PII between uProduce accounts. In addition, the export/delete operation can be performed within the scope of a single uProduce account.
All data sources uploaded via Circle or using the Circle API are marked as permanent.
This means that they have no expiration date and therefore are not deleted by the automatic deletion mechanism of uProduce. Circle data sources are set as permanent because the lifespan of Circle projects typically lasts longer than 30 days.
Circle provides the ability to manually delete data sources you no longer require (from the project’s Library>Data Sources page).
Best practices
● Remember that management of unused/old data sources with PII is your responsibility and can be done from the project’s Library>Data Sources.
● Never keep any data source with PII unless it is selected in the Master list.
● On uploading a replacement data source, remember to delete the old data source.
Sample recipients are those recipients which are selected in the Sample Recipient wizard to be used to showcase your project.
Sample recipient data is stored on the cloud and is viewed by others when previewing the project. Therefore, never select a real recipient (with PII) for use as a sample recipient. Instead, create sample recipients with fake data and choose them as sample recipients to showcase your projects.
The Master list of a Template project is copied to each of its instances. Therefore, never include real recipient data (with PII) in a Template’s master list. Instead, include only sample recipients with fake data in the Master list.
In addition, if you convert a successful project to a template, remember to replace the recipient list (with PII) with fake data.
Circle automation includes features such as event-based automation, time-based scheduling, and plan filters.
EU citizens have the right to access information about the reasoning behind any decisions taken by automated means. An individual can give written notice asking you not to make any automated decisions using their personal data and can ask you to reconsider a decision taken by automated means.
In such cases, retrieving, explaining and changing automated decisions in your projects is your responsibility.
