Cxense welcomes the General Data Protection Regulation (GDPR), which goes into effect on May 25, 2018, as an important step in unifying data protection regulations across the EU. It provides consumers with more transparency and control over their data in a world that is becoming ever more connected and digitalized.
We at Cxense are fully committed to delivering our solutions and services in a GDPR-compliant way and are making great efforts to help our customers to do so as well.
What does GDPR mean for Cxense?
Cxense helps publishers and marketers across the globe to transform their raw data into their most valuable resource. GDPR is an incentive for us to further improve and enhance the way we do this, but it does not change the fundamental principles of our business model:
- We collect, store and process data on behalf of our customers
- We do not share or sell any data we collect on behalf of our customers
- We build our success solely on our customers’ success
Because we are a data-driven company it goes without saying that we have always handled all personal data in a manner compliant with applicable regulations. Furthermore, it has always been in our DNA to strive for the highest data security and ethical standards in the industry.
Accordingly, we see GDPR not as an obstacle that needs overcoming but as an opportunity. With its unified and structured approach, GDPR helps us to further improve the ways in which we help our customers turn data into actionable insight. At the same time, it provides consumers with more transparency and control over their own data.
As part of our efforts, we are currently preparing multiple product changes to simplify compliance for our customers. For example, we are adding consent-aware tracking and APIs to fulfill consumers’ rights to see their data or be forgotten. We will also provide our customers with the information needed to fulfill the transparency requirements within GDPR (e.g. retention periods or data types). In addition, we are establishing a new data center in Europe to provide our customers with the non-mandatory option of storing their data only within the EU. Lastly, we have established technical solutions, processes and legal frameworks to be compliant when the law becomes effective and we have hired an independent Data Protection Officer to oversee our work.
We firmly believe that demand for personalized experiences, created with the help of Cxense tools, will continue to increase and these personalized experiences offer significantly more value to consumers than a one size fits all approach. At a time when consumers are exposed to an ever-increasing amount of content, we expect they are more likely to turn to offerings that are tailored to their individual preferences. Therefore, we maintain that they will continue to allow Cxense to use their data to provide these unique experiences.
At the same time, however, some consumers may prefer a non-personalized experience. In that case, our technology provides an improved user experience even without the use of any personal data, for example by recommending content that is similar to what a user is currently reading.
What does GDPR mean for our customers?
At Cxense we are not only fully committed to being compliant ourselves, we are also actively supporting our customers to succeed in fulfilling GDPR requirements. Cxense collects and processes data which may be considered personal data under GDPR. This means our customers will need to comply with the regulation and implement new policies on data tracking, retention and deletion. This applies to both customers based in the EU as well as non-EU customers with significant EU traffic.
One major consequence for our customers is that any processing of personal data for services offered by Cxense requires the informed consent of consumers. But as soon as consent is given, our customers can proceed to collect and process the data needed to create personalized experiences. In cases, however, were a customer has been integrating other vendors that rely on 3rd party data sharing, each such integration and vendor poses a risk for non-compliance and should therefore be carefully assessed. In our understanding, this should over time greatly increase the value of 1st party data and create additional market potential for specialized vendors like Cxense.
Achieving GDPR compliance can be a complex task, one that requires a combined effort of both Cxense and our customers. This partnership is regulated by a mandatory Data Processing Agreement (DPA) that clarifies the obligations of both parties. In terms of GDPR, it is our customers’ responsibility to act as Data Controllers, which entails obtaining consent and establishing the legal basis for collecting personal data. Whereas Cxense acts as the Data Processor by delivering a service according to the Data Processing Agreement in compliance with GDPR.
For our customers, becoming GDPR compliant can mean a significant effort, from contract and policy revisions to technical changes. While Cxense does not provide any legal advice, we are strongly committed to support our customers as best we can with technical solutions and best practices in order to simplify this task for them as much as possible. We recommend that customers who are still uncertain about the implications of GDPR for their business seek legal advice.
Building trust in personalized experiences
At Cxense we believe that GDPR is a timely and appropriate measure to strengthen consumer rights with regards to privacy in a world that is becoming more digitalized. We are convinced that the changes resulting from the new regulation will be positive for our industry as a whole and Cxense in particular because they bring about greater transparency, consumer control, and ultimately more trust by consumers in personalized services.
We will continue to help our customers create the best user experiences with personalization, but the future of personalization must be built on a strong foundation of consumer trust. We will do our best to contribute to this foundation.