Explanations of GDPR and how Daasity helps you manage data privacy
What is GDPR?
GDPR stands for General Data Protection Regulation which became effective May 25, 2018 and applies to all organizations anywhere as long as data is collected related to people in the EU. Users are able to request what data an organization has collected and stored about them or request to have any personal information collected on them be deleted.
What is CCPA?
CCPA is the California Consumer Privacy Act of 2018 giving consumers more control over the personal information businesses collect and how it is used and shared, the right to delete the personal information collected from them, the right to opt-out the sale of their personal information, and the right to non-discrimination for exercising their CCPA rights. Only residents of California have rights under CCPA.
Personal information does not include any publicly available information such as professional licenses and public real estate/property records.
Customers can submit requests to merchants requesting information that has been collected or to have personal information deleted.
What is the Daasity process for merchants to submit privacy requests received from customers?
Merchants who have CCPA/GDPR privacy requests from their customers can email the request(s) to Daasity’s email (firstname.lastname@example.org) to initiate personal information clean-up across all data sources.
Merchants are required to provide the following information to Daasity for each customer privacy request:
- Email Subject: GDPR Request: Data Removal/Request or CCPA Request: Data Removal/Request
- Date of request
- Customer identifier (ie. email address, customer id, etc)
- Request type: information or deletion
- Date request needs to be completed by
Daasity will use the customer identifier provided in the request to search the data sources containing personal information for a match. Once the request has been processed the personal information will be hashed and will no longer be identifiable for the customer specified.
Daasity will confirm each request processed with an email reply or through the privacy solution requested by the merchant.
Can the merchant delete the personal information data in the source system and it reflects in the Daasity platform?
A merchant cannot delete the data in the source system and expect the personal information is deleted in the Daasity platform. The merchant will need to submit a privacy request to delete the data by sending an email to email@example.com.
A merchant can hash the personal information in the source system (ie. Shopify) and through the Daasity platform incremental updates for the personal information will be hashed in the Daasity platform. This action will only result in the hashing of data for the specific system updated and the source system needs to identify the timestamp when the personal information was updated.
Does Daasity offer an integration to process requests submitted by customers to merchants on the Daasity platform?
Daasity has partnered with Ethyca for an automated integration to process customer CCPA/GDPR requests or erasure of personal data. Merchants will be able to manage and process customer privacy requests through the Ethyca solution.