The General Data Protection Regulation (GDPR) is a European Union (EU) privacy regulation that was signed into law in April 2016. By May 25th 2018, businesses worldwide need to comply with this regulation.
This document has been produced by Mediahawk to help you deliver the undertakings required by GDPR, whilst also being able to work effectively and monitor your advertising performance.
An important aspect of GDPR is obtaining informed consent for the use of certain personal data. This consent should be given freely and specifically.
What personal data does Mediahawk process?
Mediahawk processes the following four pieces of data that are defined as “Personal”:
- CLI – Caller Line Identity: This is the callers telephone number.
This could be a personal landline, mobile, or a shared business telephone number.
- IP Address: This is captured whilst using the Vision product.
The IP address can be a personal one if it is fixed, or it could be a shared one supplied by an ISP. All are covered by GDPR.
- Voice Recordings: If you have call recording enabled on your account, we will record all calls that are delivered via the Mediahawk system.
Call recordings are covered under GDPR due your voice being unique, and the fact that personal data can be recorded as part of you and your client’s interactions. You may need to review the types of calls you receive and decide:
- if call recording is required.
- whether listening should be limited to authorised personnel within your business only.
- whether you should add / change any announcements at the beginning of the call.
- the length of time you should store voice recordings.
- CLI Data Mapping: Using the presented CLI (landline only), Mediahawk can attribute the call to the following information using the callers telephone number. In the example below, we have used 01908 000000.
Region: Area of the UK that the call originated. 01908 000000 = South East.
ITV Region: The Television region. 01908 000000 = Anglia.
County: The County the call originated. 01908 000000 = Buckinghamshire.
Postcode: The 1st part of the postcode using the full number = MK5 for example.
Town: The Town the call originated from = Milton Keynes.
Exchange: The telephone exchange the call originated from = Milton Keynes. For mobiles, we can provide the mobile exchange (e.g. Vodafone).
- Call-to-Action Tracking: This can be captured using the Dynamic product.
Mediahawk allows Customers to send unique data into the Mediahawk platform as a Custom Dimension. This data can be something as a simple as a “click count” through to a full sentence or value.
As you are able to send freeform data via this interface, you are legally responsible for this data and must ensure that you have obtained and necessary consents for collecting and sending this data, and that you are compliant with the General Data Protection Regulations 2018 (“GDPR”).
How can you receive consent to obtain, store, and process personal data?
A substantial change is that failure to “Opt Out” no longer constitutes consent. Visitors to your website need to “Opt In”. For example, rather than ignoring an “Accept a Cookie Question”, the visitor will have to actively accept the cookie.
We have amended our Vision code so that your developers can easily enable or disable our Vision tracking code depending on your visitor’s cookie selection. For further information, please contact our Client Services team at email@example.com or 0333 222 8333
How do I make my website GDPR compliant?
The golden rule that links all the requirements of GDPR, is the concept of consent being informed, specific and given freely. This means businesses need to be transparent in what personal data is being tracked via a website and how the data is used. This also includes what is tracked by cookies or any other solutions you use such as Google Analytics.
An example of a statement for the Mediahawk element of your tracking could be as simple as:
If you would like further information about GDPR and Mediahawk, please contact our Client Services Team at firstname.lastname@example.org or 0333 222 8333.
As always, we recommend that you get in touch with a qualified legal professional to understand the specific requirements of the regulation and how you should prepare for its implementation.
This is a commentary on GDPR as Mediahawk interprets it. This document is provided for informational purposes only and should not be relied on as legal advice or to determine how GDPR might apply to you and your organisation. We encourage you to work with a qualified legal professional to discuss GDPR and its impact on your organisation to ensure compliance. Mediahawk makes no warranties, express, implied, or statutory, as to the information in this document.