GDPR: How do we handle personal data protection within Mip? #
These guidelines describe the procedures we provide within MIP, the Customer Data Platform (CDP), which help manage retention periods and the right to have data erased. This is in accordance with GDPR, the legislation that protects the personal data of European citizens. This means that individuals must consent to the use of their data and have the right to be "forgotten.
Retention periods #
Legislation: "...To ensure that personal data are not kept longer than necessary is necessary, the data controller should establish establish time limits establish time limits for erasure of data or for a periodic review thereof..."
Personal data are retained within Mip by default for 10 years. The period can beadjusted depending on the client and sector. Inactive relationships are first considered "no longer usable" and then permanently discarded or deleted. This is done through built-in procedures.
It is also possible to forward to other, external systems that the retention period of a contact is fading within Mip.
Right to be forgotten #
Legislation: "...A data subject must have the right to have personal data concerning him rectified and must have a "right to oblivion"...
More specifically, data subjects must have the right to have their to have their personal data erased and not to have their personal data further processed where the personal data are no longer necessary for the purposes for which they were collected or otherwise processed, where data subjects have withdrawn their consent or objected to the processing of their personal data, or where the processing of their personal data does not comply with this Regulation in any other respect...."
Individuals can request to have their personal data erased if it is no longer needed for the original purposes. Through our interface(MyMip), our customers themselves can indicate that someone has indicated that they wish to be "forgotten. Through automatic procedures, the data are subsequently anonymized.
It is also possible to transmit to other, external systems that an individual's data be verblanked or deleted within Mip.
Anonymize or delete data #
Legislation: "...The data protection principles should therefore not apply apply to anonymous data, namely data that does not relate to an identified or identifiable natural person or to personal data rendered anonymous in such a way that the data subject is not or is no longer identifiable is. This Regulation therefore does not cover the processing of such anonymous data, including for statistical or research purposes...."
Instead of complete deletion, by default we blind the data so that it is no longer traceable to a specific person. This means that names, unique IDs and other identifying information are removed, while anonymized data is retained for analysis purposes. This is fully in line with GDPR.
If the customer wishes, it is also possible to delete all data. This also makes certain data no longer available for analysis purposes.
We are committed to ensuring data protection and compliance with GDPR guidelines!
