Reply
Highlighted
Community Manager
Posts: 205
Registered: ‎09-01-2015

Preparing for GDPR

[ Edited ]

In this announcement:

Table of Contents Placeholder

Overview

What is GDPR?

The EU General Data Protection Regulation (GDPR) is European legislation meant to consolidate data privacy regulations across Europe. The date to begin enforcement for GDPR compliance is May 25, 2018

Your Role as a Data Controller

The data controller determines the purposes and means of collecting personal data and is the owner of the data. All personal data collected is subject to GDPR and requires consent from the data subjects. The consent must be a clear affirmative act. In addition, the data controller must be able to demonstrate that the data subject has given consent to the processing operation.

Our Role as a Data Processor (Universal Data Hub)

When you send data into the products–EventStream, AudienceStream, or DataAccesswe act as a data processor. As a data processor, we have the responsibility to provide you (the data controller) the means to fulfill data subject access requests and to provide responsible data collection practices. Read below to learn more the Visitor API.

Our Role as a Tag Manager

Our client-side solution to tag management (iQ) ensures that we do not collect or process personal data being sent directly to third-party vendors via the browser or device. However, iQ Tag Management offers a feature to help you, as the data controller, with data governance and consent management. Read below to learn more about the Consent Management feature.

How Tealium Can Help

Consent Management in iQ (Coming Soon)

As a data controller, you are responsible for ensuring that consent is properly acquired from your users and to give them the option to withdraw that consent at any time. iQ offers Consent Management to help you comply with these requirements. 

Consent Management uses the following two (2) components to help you manage consent:

  • Consent Request Manager
    Configure the prompt that is presented on your website to request consent from users. Users can grant consent or withdraw consent via the prompt.
    consent-manager-language-content.png
  • Consent Preferences Manager
    Configure the categories of tracking offered to users that give consent.
    consent-preferences.png

Consent Management offers the following features:

  • Multi-Language Support
  • Customizable Content: Message, Logo, Call to Action Button, etc.
  • Fully Customizable Presentation: HTML, JavaScript, and CSS
  • Global Settings (for multiple profiles)
  • Automated Load Rule Creation to Target Users in the EU
  • Configure the Tags to Omit (non-tracking tags)
  • Logging Consent Changes
  • Preview Mode

This is an upcoming feature and more details will be announced as they become available. Until then, enjoy this quick preview of the consent management feature:

Visitor API in AudienceStream (Coming Soon)

As a data controller, you must comply with data subjects' rights to access, rectify, and delete data. The Visitor API will be available as a screen within AudienceStream as well as an API to be integrated programmatically. Access to the API is secured by access keys that must be granted to active users of the account.

The Visitor API offers the following features:

  • Lookup/View Visitor Data
  • Delete Visitor Data
  • View Visitor ID Attributes
  • Check Delete Status

The full details of the Visitor Lookup feature will be available upon release released.

See documentation on the new Visitor API.

Frequent Asked Questions

Does Tealium provide logging or evidence of consent, so that I don’t have to?

Yes, if enabled, EventDB and EventStore can accommodate this logging.

Can Tealium request consent from my website visitors for me?

While Tealium does not inherit the burden of consent responsibility, Tealium iQ will offer a convenient set of consent management features that assist with collecting consent.

Does a request to delete data assume consent withdrawal?

No, erasure and consent are independent. If you submit an erasure request, all data for that user is deleted. If that user visits your site again, without withdrawing consent, then data collection will continue.

Is Tealium a data processor or a data controller?

Tealium is a data processor with respect to your web properties and your users.

Tealium is a data controller only with respect to our own web properties and services such as tealium.com and my.tealiumiq.com.

Do my website visitors go to Tealium to submit data inquiries?

No, your customers will submit their data inquiries directly to you and you will use the API or the Universal Data Hub  (UDH) user interface to fulfill those inquiries, as detailed above in this document.

Will Tealium handle data inquiries for all the tag vendors I manage in iQ?

No, Tealium cannot certify or monitor the data inquires of third-party vendors. Tealium iQ Tag Management software only honors the consent response and tracking preferences of the data subject as configured in the consent management feature.

Will Tealium handle data inquires for all the connector vendors I manage in EventStream/AudienceStream?

Tealium is dedicated to passing along the data inquiry to vendors that provide an API for GDPR Data Subject Access Requests. Check the Connector Marketplace for vendors that support this functionality.

If a user consents to be tracked by a website from one device but declines consent on another device, will he/she be tracked?

Consent is granted on a device, browser, or app basis. A user will be tracked on any device, browser, or app where consent has been given and not tracked on those devices where it has not be given (or has been withdrawn).

Remember to "Accept as Solution" when your question has been answered and to give kudos to helpful replies.