Circle and GDPR

Overview

The General Data Protection Regulation (GDPR) is a regulation that intends to strengthen data protection for all individuals within the European Union (EU).

GDPR aims primarily to give control back to citizens and residents over their personal identifiable information (PII). PII is information that can be used to identify, contact, or locate a single person, or to identify an individual in context. Any information that can be used to trace an individual's identity, such as name, social security number, and even purchasing preferences can be considered PII.

In Circle projects, PII is found in several places such as data source recipient list tables, tracking data, images, jobs, and job output.

Circle works in conjunction with uProduce to provide tools for GDPR compliance. For more information about GDPR in other XMPie products, see GDPR Guidelines for XMPie Products.

This topic outlines important issues, best practices and functionality to allow you to comply with the various GDPR requirements:

     uProduce GDPR setup – a prerequisite

     Recipient Key

     User Authentication (secURL)

     HTTPS Protocol

     Export/delete recipient data

     Permanent and non-permanent data sources

     Sample recipients

     Template recipient list

     Automated decision processing

uProduce GDPR setup – a prerequisite

A prerequisite to Circle GDPR compliance, is that uProduce be configured for GDPR.

Circle relies on the automatic deletion mechanism of uProduce for some aspects of its GDPR solution. For example, when deleting a Circle project, Circle makes sure to delete all traces of the project (e.g., data sources, tracking data) and relies on the uProduce automatic deletion mechanism to complete the process (e.g., deletion of jobs and job output).

Recipient Key

It is recommended not to use personal information in the recipient key, in order to avoid webpages from being accessed by hackers. Finding the recipient key pattern and guessing its values might cause data breaches.

In websites that do not require signing in to access personal data, guessing the recipient key enables easy access to a citizen’s personal data. In addition, it reveals that the person is part of the campaign.

It is therefore not recommended to use in the recipient key first and last name, email address, identification number, etc.

From PersonalEffect version 9.3, you can use the insert expression |->[?] := SecureID() function in uPlan, or the Auto-generated Secure ID option in Circle's Master List and Easy Start wizard.

User Authentication (SecURL)

The strongest way to achieve data security in a website is by signing in to the website. This allows providers to deliver both secure and personalized campaigns which require users to validate themselves before exposing any personal information.

As part of the GDPR solution, XMPL provides the ability to define a website that requires the recipient to supply credentials and sign-in upon each entry to the website or XMPL API. See User Authentication

HTTPS protocol

To enhance security, you can use the HTTPS protocol to ensure that communication between the browser and the website is encrypted. When connecting to a website via HTTPS, the website encrypts the session with a Digital SSL (Secure Sockets Layer) certificate.

When HTTPS is configured and activated, Circle enforces HTTPS in webpage links, friendly URLs, XMPL APIs and Circle Live Preview. Currently HTTPS is not supported in email, PDF on demand and XMPieRURL ADOR. If you wish to continue using HTTP in email and PDF on demand in an HTTPS configuration, you can do so by leaving port 80 open. See Circle HTTPS Configuration Prerequisites and HTTPS Protocol.

Export/delete recipient data

Circle provides the ability to export or delete recipient data (PII) from Circle 2G projects. PII is found in several places, such as data source recipient list tables and tracking data.

(Circle 1G is deprecated and there is no GDPR support in uProduce XM.)

The export/delete operation can be performed for all projects within a single uProduce account, or on a project by project basis. For details, see Exporting/Deleting Recipient Data.

To use this feature, you need to specify the recipient key (for a remote data source) or some other identifying field name and value.

When performing the export/delete operation, the search is performed in the recipient table of the data source currently selected in the Master list.

Data source currently selected in the Master list

Recipient table currently selected in the Master list

Additional data source

 This means:

     Single recipient table
The search is performed in the recipient table (see B above) currently selected in the Master list. All other recipient tables of the current data source are not included in the search. All PII must be consolidated into 1 recipient table in a data source (see A above).

     Unused data sources
All other data sources which are not currently selected in the Master list are not included in the search. (These can be seen in the project’s Library>Data Sources page.)

     Additional data sources
Additional data sources (see C above) are never included in the search. Since Circle never writes to additional data sources, we consider them static information which is unlikely to include PII. If your usage differs from this and you need to export/delete from additional data sources, it is your responsibility to do so.

     Remote data sources
Circle does not delete/export recipient data from remote data sources. The management of recipient data in remote data sources is your responsibility. It does, however, delete/export the tracking data associated with the recipient. The tracking data typically resides on the uProduce server.

Best practices

     Never have more than 1 table which includes PII in any data source. Store all PII in a single table in a data source.

     Never keep any data source with PII unless it is selected in the Master list.

     On uploading a replacement data source, remember to delete the old data source.

     On duplicating a project from one uProduce account to another, never copy the Master list data sources. It is not good practice to copy PII between uProduce accounts. In addition, the export/delete operation can be performed within the scope of a single uProduce account.

Permanent and non-permanent data sources

All data sources uploaded via Circle or using the Circle API are marked as permanent.

This means that they have no expiration date and therefore are not deleted by the automatic deletion mechanism of uProduce. Circle data sources are set as permanent because the lifespan of Circle projects typically lasts longer than 30 days.

Circle provides the ability to manually delete data sources you no longer require (from the project’s Library>Data Sources page).

Best practices

     Remember that management of unused/old data sources with PII is your responsibility and can be done from the project’s Library>Data Sources.

     Never keep any data source with PII unless it is selected in the Master list.

     On uploading a replacement data source, remember to delete the old data source.

Sample recipients

Sample recipients are those recipients which are selected in the Sample Recipient wizard to be used to showcase your project.

Sample recipient data is stored on the cloud and is viewed by others when previewing the project. Therefore, never select a real recipient (with PII) for use as a sample recipient. Instead, create sample recipients with fake data and choose them as sample recipients to showcase your projects.

Template recipient list

The Master list of a Template project is copied to each of its instances. Therefore, never include real recipient data (with PII) in a Template’s master list. Instead, include only sample recipients with fake data in the Master list.

In addition, if you convert a successful project to a template, remember to replace the recipient list (with PII) with fake data.

Automated decision processing

Circle automation includes features such as event-based automation, time-based scheduling, and plan filters.

EU citizens have the right to access information about the reasoning behind any decisions taken by automated means. An individual can give written notice asking you not to make any automated decisions using their personal data and can ask you to reconsider a decision taken by automated means.

In such cases, retrieving, explaining and changing automated decisions in your projects is your responsibility.