Opportunity Above Adherence: Dynamic Yield’s Path to GDPR Compliance

Our Data Privacy Officer walks through the internal steps taken by Dynamic Yield to not only ensure GDPR compliance but also strengthen customer trust.

VP Operations, Dynamic Yield

Read the full transcript

Here at Dynamic Yield, GDPR means more to us than just a new privacy legislation that requires adherence in order to avoid penalties and fines. For us, while the GDPR deadline has come and gone, our commitment to data privacy and security remains. A core piece of our philosophy, the personalization and optimization services we provide are predicated on the highest standards of data integrity. Without it, the ultimate customer experience can never truly be gained.

As our newly appointed Data Privacy Officer, I work closely with internal stakeholders at Dynamic Yield to make sure we build a program that employs airtight technical and organizational security measures, or TOMS, as they’re most commonly known.

We now offer localized storage and data hosting options. While our data center in Virginia continues to operate under the privacy shield framework, which GDPR continues to support, we initiated and launched our ER-based data center in Frankfurt.

Our EU customers may now store their data locally, without ever leaving the shores of Europe. We also made some pretty substantial changes to our workflows. For example, we solidified our commitment to only collecting data in order to analyze user behavior. We won’t combine our customers’ data with data from other customers. We won’t share it with third parties, and we won’t use it for any unnecessary reasons. We also no longer store IP addresses or any other sensitive data, which we no longer onboard from our customers.

We’ve also built internal flows for handling customer and data-related requests. And I’ve personally been in discussions with customers, understanding their needs and requirements in this context. I’m confident that having gone through this program, Dynamic Yield can be viewed as a trusted partner, mindful of our customers’ data concerns. At Dynamic Yield, we saw GDPR more as an opportunity, an opportunity to strengthen the trust between ourselves and our customers.

For a detailed list of all the requirements I addressed, and to stay informed on the continuous improvements of our privacy program, I invite you to visit dynamicyield.com/GDPR. Thank you.

If you’re watching this video, we’ve made it past the GDPR deadline of May 25th. It was a long and winding road leading up to the enforcement of Europe’s new privacy legislation, which set out to better protect how its citizens’ personal data gets collected, processed and used. 

Inboxes were littered with emails regarding “privacy policy updates” and seemingly every site across the web started serving cookie notices to their users to ensure T’s were crossed and I’s were dotted (guilty as charged). Companies like Facebook and Google both rolled out changes to their platforms, removing certain data sharing capabilities in hopes of dodging data protection agencies but were the first to face complaints over ‘forced consent.’ For some, the massive investment necessary to achieve compliance and avoid the significant fines associated with violating GDPR provisions meant shuttering operations in the EU entirely.

As a global personalization platform that customizes experiences for more than 600 million users each month, the GDPR meant much of the data being collected and analyzed within Dynamic Yield on behalf of our customers would now require special treatment. An enormous undertaking, in this post, I’m going to outline the internal steps taken to ensure the various measures ordered under GDPR were met.

Respecting the Customer Experience

At Dynamic Yield, we are champions of the customer experience and believe any meaningful interaction with a brand is one built from the unique needs and preferences of the individual. Our platform was designed to collect and analyze things like a user’s attributes, past behavior, interests, affinities, browsing activity and more to guide experience creation and deliver relevance. For the individual by the individual, this sentiment largely influenced how our organization thought about GDPR as we set out on our path to compliance because without respect and consideration for the end user’s privacy, the ultimate customer experience can never truly be gained.

A core piece of our philosophy, the personalization and optimization services we provide have always been predicated on the highest standards of data integrity. Which is why we saw the GDPR as an opportunity and not just a new privacy legislation that required adherence solely to avoid penalties and fines. For Dynamic Yield, it’s what needed to be done in order to strengthen the trust between ourselves and our customers.

GDPR in Focus

With an unwavering commitment to data privacy and security, our organization worked tirelessly on tightening our data protection program, invested extensive resources in not only making sure Dynamic Yield complied with our processor related regulations but also assisted customers in their own compliance when it came to managing a personalization program with Dynamic Yield.

First and foremost, by providing the infrastructure and functionality necessary to allow our customer’s end users to exercise their new rights:

  • Requesting to know what data is being collected on them.
  • Requesting to no longer be tracked.
  • Requesting to delete all historical data stored thus far.

As our newly appointed Data Privacy Officer (DPO), I worked closely with our Chief Information Security Officer, our customer success team, and various other internal stakeholders to make sure we tailored a program which employed airtight technical and organizational security measures, or “TOMS” as they’re commonly known. These TOMS which outline important information related to safeguarding, breach incidents, security assessments and audits, the use of sub-processors, international data transfers, data retention and destruction, liability and more were clearly listed in an updated Data Processing Agreement (or DPA) that was sent out to our entire customer base and signed. This agreement constituted an understanding between us and our customers as far as data privacy and protection are concerned.

While our data center in Virginia continues to operate under the Privacy Shield Framework, an agreed-upon framework for the transfer of personal data from the EU to the US, we initiated and launched our EU based data center in Frankfurt. There, our EU customers may now store their data locally, without leaving the shores of Europe. With Privacy Shield coming under scrutiny in the months following the enactment of GDPR, we are making sure we are always updated on data privacy trends in the market and prepared to make any adjustments accordingly.

Launch Your Personalization Campaigns with a GDPR Compliant Solution
Discover how Dynamic Yield ensures customers, partners, and prospects can use our personalization engine safely and compliantly

We made some pretty substantial changes to our workflows. For example, we solidified our commitment to only collecting data to analyze user behavior for the purpose of personalizing experiences. We won’t combine our customers’ data with data from other customers, we won’t share it with third parties, and we won’t use it for any unnecessary reasons. Additionally, we don’t onboard sensitive data from our customers, and no longer store IP addresses.

We also built internal flows for handling and customer data related requests should particular information need to be access or deleted, creating more transparency between the processor, controller, and end user.

A New Era of Data Protection

For us, while the GDPR deadline has come and gone, our commitment to data privacy and security remains. On the heels of the Cambridge Analytica scandal and with California’s new privacy act already signed into law (as well as the Privacy Shield scrutiny previously discussed), we believe the new concepts and rules introduced by the GDPR mark only the beginning of an entirely new era in data protection.

As lawmakers, businesses, and individuals become more critical of how personal data is collected and used, we expect to see website owners become much more selective about their choice of processing vendors, contracting only with those processors who take data protection seriously. And at Dynamic Yield, we’re determined to be viewed as a trusted partner, mindful of our customers’ data concerns, and also advocates for the larger movement to protect the individual data rights across the globe.

For a detailed list of all of the requirements addressed above, and to stay informed on the continuous improvements of our privacy program, please visit dynamicyield.com/GDPR.

Posted By

Categories:
Personalization
Rate this post