GDPR COMPLIANCE

eLead Response Management for Dealers

Why GDPR?

Because technology is changing rapidly and to keep privacy law relevant, on May 25, 2018, the countries in the European Economic Area (EEA) are implementing a new privacy law known as the General Data Protection Regulation (GDPR). 

The foundation of the GDPR is to protect the data privacy of all people in the EEA and reshape the way in which organisations approach data privacy.

There are several principles of the GDPR, which include, but are not limited to, the following:

Security – organisations must have appropriate security measures in place to protect personal data

Purpose Limitation – personal data that is collected needs to have a lawful and legitimate purpose for processing the information in the first place

Fairness and Transparency – there must be a clear reason as to why the personal data is being collected and how the data will be used

Data Deletion – personal data must be stored only if there is a legal basis to keep it and only as long as is reasonable

The GDPR has 3 distinct roles regarding the collection of personal data. There is the person whose data is collected (the “Data Subject”), the party that owns the data (the “Controller”), and the party who processes that data for the Controller (the “Processor”).

 

How RAPID! Response Protects your Data:

RAPID! Response data is housed in an ISO 27001, SOC2 compliant facility within the European Union. This Data is encrypted throughout its life cycle with retention being defined by you, the Dealer.

As the Dealer, you own the data collected from your customers in RAPID! Response. RAPID! Response enables compliance to the GDPR for your internet enquiries by implementing many underlying elements.

The following two new features in RAPID! Response allow you to easily manage your data:

  1. The Right to be Forgotten – You will be able to anonymize a customer’s personal data within the RAPID! Response console. An “anonymise” button will be available on the lead details page within the console. This will only remove personal data and will retain the rest of your lead data for posterity. This is a permanent erasure which makes it easier for you to be compliant with the GDPR’s right to be forgotten.

  2. Establishing a Retention Period for Personal Data – Within the console, authorized users will be able to set the retention period for how long your customers’ personal data is retained. This allows you to keep the data for a retention period which correspond with your business’ privacy policy. You will be able to set the time period and after the end of that time period is reached your customer’s personal data is automatically anonymized. The dashboards and reports that show aggregate data will not be affected.


These new features are just a couple of ways DMT is committed to ensuring that we are complying with the GDPR and to provide services to our customers that makes compliance easier for them.

Products
News
Company
Careers