DemandNexus and GDPR: Our Commitment to Data Privacy and Security
The European Union’s General Data Protection Regulation (GDPR) is a landmark law designed to enhance personal data protection and privacy for EU citizens. This regulation introduces comprehensive guidelines and responsibilities for organizations handling the personal information of EU individuals, regardless of where those organizations operate.
Â
At DemandNexus, we view GDPR not only as a legal mandate but also as an opportunity to strengthen our data privacy and security practices. Our approach underscores our dedication to safeguarding the information entrusted to us by our partners, clients, and users.
Â
Below, we outline key aspects of GDPR and detail the measures we’ve implemented to ensure compliance. Please note that this resource serves informational purposes and should not be taken as legal advice.
Â
GDPR Overview
Effective as of May 25, 2018, the GDPR represents a significant shift in data privacy regulations, enhancing protection for EU residents’ personal information and enforcing strict compliance obligations for organizations.
Here are the key principles:
- Empowered Individuals: The regulation gives EU individuals more control over their personal data.
- Increased Organizational Responsibilities: Companies must implement stricter measures to ensure data security and privacy.
- Strengthened Enforcement: The GDPR expands the powers of EU data authorities and introduces severe penalties for non-compliance.
- Global Applicability: Any organization processing the personal data of EU residents must comply, regardless of its geographic location.
How GDPR Relates to DemandNexus
While DemandNexus does not operate or have employees, partners, or contractors within the EU, we recognize that our online presence may involve the processing or monitoring of personal data from EU residents. This possibility has led us to proactively adopt GDPR compliance measures as part of our broader commitment to data protection.
Â
Steps DemandNexus Has Taken to Comply
We’ve conducted an extensive review of our data processing practices and have implemented the following steps to ensure alignment with GDPR standards:
| Requirement | Description | Status |
|---|---|---|
| Data Protection Officer (DPO) | Appointed a dedicated DPO to oversee GDPR compliance and carry out responsibilities as outlined in Article 37. | Completed |
| Secure Data Processing | Enforced SSL encryption, real-time monitoring, and regular audits for secure handling of all collected data. | Completed |
| Lawful Basis for Processing | Updated Privacy and Cookie Policies to transparently outline the lawful bases for processing personal data. | Completed |
| Consent Practices | Adopted positive opt-in methods to ensure individuals provide clear and informed consent. | Completed |
| Data Subject Rights | Revised Privacy Policy to explain data subjects' rights and data collection purposes. | Completed |
| Data Protection Addendum (DPA) | Preparing DPAs to supplement our Privacy Policy and provide them to clients. | In progress |
| Breach Reporting Plan | Developed a plan to notify authorities and affected individuals within 72 hours of a personal data breach. | In progress |
| Processor Agreements | Established agreements with processors to ensure GDPR compliance. | In progress |
Specific Measures for DemandNexus’ Contact Database
- Appointment of a DPO: We’ve designated a Data Protection Officer to lead compliance efforts and maintain robust data security protocols.
- Enhanced Security Measures: Implemented state-of-the-art technical and organizational controls to secure data in line with GDPR standards.
- Exclusion of EU Data: As DemandNexus primarily targets North America and Asia-Pacific markets, we do not actively collect or store personal data of EU residents.
- Database Cleansing: We have reviewed and removed EU-based data records to ensure compliance. This includes personal information like names and email addresses tied to EU countries.
- Client Data Assurance: Unique data provided by clients is used solely for their campaigns and is promptly deleted after completion. Clients are required to confirm GDPR compliance before sharing data with us.
DemandNexus’ Commitment to GDPR Compliance
DemandNexus is fully committed to adhering to GDPR requirements and maintaining the highest standards of data privacy. Our ongoing efforts include regular audits, proactive policy updates, and continued monitoring of GDPR guidelines to ensure compliance and client peace of mind.
Â
With these measures in place, DemandNexus ensures that your data is handled responsibly and securely, reflecting our unwavering dedication to privacy and protection.
Â
