On May 25, 2018, the General Data Protection Regulation (GDPR) went into effect. Although the regulation is coming out of the European Union (EU), it has implications worldwide. This regulation replaced the 1995 Data Protection Directive and is intended to protect individuals’ right to privacy. This regulation impacts your business if you collect, process, or store information regarding residents of the European Union – and this includes residents even if they are outside the EU.
Marden-Kane’s core focus is the administration and management of sweepstakes, contests and instant win game promotions both domestically and internationally. We understand the need to protect and secure client data and have done so for over 60 years. That is why it was extremely important to us that we achieved compliance with the GDPR prior to the regulation’s effective date.
We were already compliant with Privacy Shield, a regulated framework set up for the approved transfer of data between the EU and the US. As part of that certification, which we achieved in 2016, we also engaged a third-party dispute resolution provider (the Better Business Bureau) to resolve privacy complaints. And for the last year we worked on improving efficiency and effectiveness in processes relating to data handling and data practices to become fully compliant with all of the articles of the GDPR.
So what does all this mean?
First, it means that Marden-Kane has already made a commitment to our clients and to those individuals from whom we collect data on their behalf. We work hard to ensure that an individual’s personally identifying information (PII) is kept private, and that we meet all legal and compliance specifications when it comes to your data.
Second, it means that if you want to administer your promotions legally in the EU, you should educate yourself on the GDPR and only use processors who are GDPR-compliant and who abide by the Privacy Shield Framework for data transfers outside the EU.
Finally it means that Marden-Kane already took the necessary steps to ensure our readiness for the GDPR. We are improved data processes across our organization and in our data centers. We also worked on forms that will allow you and your customers to make requests related to removing any personal data that might have been processed by us in relation to a contest or sweepstakes. We accomplished this by taking the following steps:
1. Assessing our data processing and storage practices, and mapping our internal and external processes to identify areas impacted by the GDPR.
2. Prioritizing and integrating a plan to meet GDPR requirements and updating our security and privacy policies accordingly.
3. Developing Data Protection Agreements that can be utilized with any third party provider or subcontractor that works with us in the future.
4. Making public web forms available for GDPR-related customer requests.
If you have additional questions or need more information on Marden-Kane’s GDPR compliance and privacy related information, please email us at firstname.lastname@example.org.
To learn more about the GDPR, to whom it applies, and what rights an individual has over their data you can go to the Official GDPR web site at https://www.eugdpr.org/.