GDPR and Customer Experience
The European Union’s General Data Protection Regulation (GDPR) standardizes data protection laws across all 28 EU countries and imposes strict new rules on controlling and processing personally identifiable information. It will go into effect on May 25, 2018. GDPR replaces the 1995 EU Data Protection Directive, and supersedes the 1998 UK Data Protection Act. TA Digital believes this presents a great opportunity for brands to focus on consumer privacy while delivering exceptional experiences.
What is GDPR and how does it affect you?
GDPR is the European Union’s new privacy law that modernizes data protection requirements. The new rules have a broad definition of personal data and broad reach, affecting any company that collects personal information of individuals in the EU. As your trusted data processor, we’re committed to compliance and to help you on your GDPR compliance journey.
How TA Digital prepared for GDPR readiness
TA Digital has a strong foundation of certified security and privacy controls and will continue to make enhancements. Enterprise customers will have the responsibility to implement these enhancements, as well as update any necessary policies and procedures. We’ve implemented a set of certified security processes and controls to help protect the data entrusted to us. This helps us comply with several security and privacy certifications, standards, and regulations.

A strong foundation of security and privacy compliance
We’ve deployed security processes and controls to help protect the data entrusted to us. This helps us comply with many security and privacy certifications, standards, and regulations.

Contract terms
TA Digital’s Data Processing Agreement has been updated in consideration of the latest GDPR requirements.

Privacy by design
TA Digital is driven by the mission to help you responsibly unlock the power of data. We have a long-standing practice of incorporating a proactive product development effort, also known as “privacy by design.” For example, many of our services can obfuscate IP addresses and allow individual-level opt-outs.

Records of processing
TA Digital has formally documented existing privacy practices to comply with the enhanced recordkeeping requirements.

Data protection team
TA Digital currently has a Data Privacy Officer and a dedicated privacy team, and will continue to evaluate the need for additional steps in light of the new GDPR requirements.

Product and process innovation
TA Digital constantly listens to customers and looks for ways to simplify and further automate product and service offerings to better support their GDPR needs.
GDPR readiness
TA Digital realizes that GDPR is a shared compliance journey, with the regulation setting out the obligations for the various parties. The descriptions below set out the roles for brands or “data controllers,” technology providers or “data processors,” and the places where the processor may need to help or partner with the controller either through tools, processes, or documentation to help the controller.


Customers’ rights as data subjects
- Delete personal data
- Object to its processing
- Export it
- Access and correct errors


The role of a data controller
The role of a data processor

Get an assessment
GDPR puts increased emphasis on data collection best practices, data controller transparency, and consumer choice — all of which play a meaningful role in the customer experience. With an eye toward customer experience, you may want to think about how the following GDPR principles affect your business efforts.
Take stock of the data you’re collecting. Gather only the data you need to be effective.
Obtain appropriate consent
When will consent be required and what form will it take? How will you provide delightful customer experiences with consent and without unwanted surprises? Consider the value proposition for consumer privacy, which can help drive conversion and loyalty.
Provide the required notice for data collection
Review and update your current privacy notices, policies, and any information provided at data collection points.
Remove unique identifiers
Consider when to make some data anonymous or pseudonymous (by replacing obviously personal details with another unique identifier, typically generated through hashing, encryption, or tokens) to help minimize compliance obligations and the risk of data and privacy breaches and claims.
Fulfill data access and delete requests
Understand how your customer will reach out to you to make data access or delete requests. Know how to define internal data retention and deletion policies and procedures.
5 steps to get started with your GDPR preparedness:

Take stock of your digital properties to assess which tags, cookies, or other data are necessary

Draft your customer journey and tell your privacy story through meaningful notices and choices

Create a consent management strategy with an eye towards customer experience

Evaluate about how you will authenticate user identity to address data subject access requests

Build on existing processes to help respond to data subject access requests
Have a long-term view on privacy
Privacy needs a long-term perspective. Think and design today with tomorrow’s privacy in mind. While GDPR will soon go into effect in Europe, GDPR-inspired privacy regulations are already cascading into other regions and countries. By putting in the work necessary to comply with GDPR, you will position yourself well for future privacy compliance efforts in other parts of the world.