What Is GDPR?​

GDPR (General Data Protection Regulation) is the privacy data law that is designed to harmonize and update data protection requirements in the European Union. Effective May 25, 2018, GDPR applies to Mapp customers who hold personal data for Data Subjects residing in the European Union (EU). If you market to or process the information of EU Data Subjects, you must address these requirements.

The primary objectives of the GDPR are to give control of personal data to EU citizens and residents. GDPR also simplifies the regulatory environment for international business within the EU.

Personal data is defined as any information that is related to an identified or identifiable natural person.

To comply with GDPR, you must ensure that the collection and use of data from your contacts is lawful. You can choose between different legal grounds for data collection. These grounds can be, for example, legitimate interest, contract performance, or contact consent.

This page lists the requirements for and information about GDPR and links to tools and functions in Mapp Cloud to help you with your GDPR compliance. Mapp Cloud products all allow you to manage consent, data retention, and system user roles. Mapp Engage supports you by providing subscription functionality for preference management across every supported channel type.

Additional GDPR requirements are:

  • Privacy by design and by default

  • Data portability and visibility

  • Right to be forgotten

User Roles Related to GDPR​

  • Data Subject. Data subjects are end consumers, customers, and employees in the European Union.

  • Data Controller. The Data Controller is the person in your organization who is ultimately responsible for the lawful processing of PII. When using Mapp Cloud, you are the Data Controller.

  • Data Processor. A Data Processor processes personal data on behalf of the Data Controller. The Data Processor must support the Data Controller regarding compliant PII processing. As the Provider of the Mapp Cloud, Mapp Acts in the role of a Data Processor.

GDPR-Related Features on the Mapp Platform​

Under GDPR, Data Subjects have special rights regarding their personal data. These rights include an assurance of data privacy, the right to access personal data, and the right to be forgotten.

The Following Mapp Features Ensure GDPR-Compliance:

  • Privacy by design and default with built-in security.

    • Mapp takes care of everything behind the scenes and provides a fine-grained role and permission model. Your only job is to manage access and access credentials securely at your end.

    • You control data collection, Mapp Cloud only collects data when you want.

    • Mapp has a default system setting that prevents cross-channel matching and merging of profiles.
      The contact must grant explicit permission to share personal contact data between channels. The contact consent is for exactly which channels can match their data. These channels include Mapp Engage with email and mobile, and Mapp Acquire with the data management platform.

    • Data retention. Default data retention is set in the standard contract. However, this period can be extended on request and after consultation with your Mapp Account Representative.

  • Data portability and visibility with data export.
    Data Subjects in the EU have the right to access all personal data. Data Subjects have the right to know how their data is processed, where it is processed and for what purpose it is processed.

    • Use enhanced contact management to export all the personally identifiable (PII) data that you have stored for a contact.
      For procedures on the management of contact data, see Contact Management​.

    • Generate a comprehensive CSV export from the contact profile page or via API.
      For information on the export of contact information, see Procedure​.

    • Use this export to respond to customer requests to know what personal data the system stores about them.

  • Right to be forgotten with the anonymize function.
    The Data Subject can request that the data controller erase all personal data, stop the transfer of this data, and halt processing of the data.
    Mapp has implemented an anonymize function to remove the personal data effectively from your system. The anonymize function lets you fully satisfy customer requests for privacy while retaining valuable statistics.

    • Mapp can remove personally identifiable information from customer profile data, so that the data can no longer be associated with a specific person.

    • Use the new anonymize option on the contact profile page, via API, and add the option to your unsubscribe pages.

    • For instructions on the Anonymize function, see ​Anonymize a Contact​.
      The start page provides a snapshot of the number of recent anonymization requests that you have received.