03-13-2018 09:17 AM - last edited 3 weeks ago
In this announcement:
The EU General Data Protection Regulation (GDPR) is European legislation meant to consolidate data privacy regulations across Europe. The date to begin enforcement for GDPR compliance is May 25, 2018.
The data controller determines the purposes and means of collecting personal data and is the owner of the data. All personal data collected is subject to GDPR and requires consent from the data subjects. The consent must be a clear affirmative act. In addition, the data controller must be able to demonstrate that the data subject has given consent to the processing operation.
When you send data into the products–EventStream, AudienceStream, or DataAccess–we act as a data processor. As a data processor, we have the responsibility to provide you (the data controller) the means to fulfill data subject access requests and to provide responsible data collection practices. Read below to learn more the Visitor API.
Our client-side solution to tag management (iQ) ensures that we do not collect or process personal data being sent directly to third-party vendors via the browser or device. However, iQ Tag Management offers a feature to help you, as the data controller, with data governance and consent management. Read below to learn more about the Consent Management feature.
As a data controller, you are responsible for ensuring that consent is properly acquired from your users and to give them the option to withdraw that consent at any time. iQ offers Consent Management to help you comply with these requirements.
Consent Management uses the following two (2) components to help you manage consent:
Consent Management offers the following features:
This is an upcoming feature and more details will be announced as they become available. Until then, enjoy this quick preview of the consent management feature:
As a data controller, you must comply with data subjects' rights to access, rectify, and delete data. The Visitor API will be available as a screen within AudienceStream as well as an API to be integrated programmatically. Access to the API is secured by access keys that must be granted to active users of the account.
The Visitor API offers the following features:
The full details of the Visitor Lookup feature will be available upon release released.
Yes, if enabled, EventDB and EventStore can accommodate this logging.
While Tealium does not inherit the burden of consent responsibility, Tealium iQ will offer a convenient set of consent management features that assist with collecting consent.
No, erasure and consent are independent. If you submit an erasure request, all data for that user is deleted. If that user visits your site again, without withdrawing consent, then data collection will continue.
Tealium is a data processor with respect to your web properties and your users.
Tealium is a data controller only with respect to our own web properties and services such as tealium.com and my.tealiumiq.com.
No, your customers will submit their data inquiries directly to you and you will use the API or the Universal Data Hub (UDH) user interface to fulfill those inquiries, as detailed above in this document.
No, Tealium cannot certify or monitor the data inquires of third-party vendors. Tealium iQ Tag Management software only honors the consent response and tracking preferences of the data subject as configured in the consent management feature.
Tealium is dedicated to passing along the data inquiry to vendors that provide an API for GDPR Data Subject Access Requests. Check the Connector Marketplace for vendors that support this functionality.
Consent is granted on a device, browser, or app basis. A user will be tracked on any device, browser, or app where consent has been given and not tracked on those devices where it has not be given (or has been withdrawn).