en DE RU
Request Demo
Bloomreach Acquires Exponea. Learn more

How Exponea Protects Your Data

A Comprehensive Overview of Exponea Security Features

Table of Contents
    Listen this article on:

    What rights do customers have when it comes to their personal data?

    Mar 12, 2021 Carl Bleich 5 min read

    Author’s note: You’ve done all of your research, spent hours going through different options, seen an amazing demo, and are finally ready to purchase your customer data platform. But one last step looms…final approval. Make sure that you are armed with information you need to prove that your CDP is safe and secure. This is the fifth article in Exponea’s series “Don’t panic: A marketer’s guide to customer data security”. This series will help educate marketers on why security is so important right now and give them the proper tools to help ease the nerves of risk-averse colleagues who may not fully understand the benefits of a CDP.

    If you are currently working with a customer data platform or are in the market for one, it’s important to understand your CDP will eventually be the home of a massive amount of customer data, if it is not already.

    Gartner defines a customer data platform as “a marketing system that unifies a company’s customer data from marketing and other channels to enable customer modeling and optimizing the timing and targeting of messages and offers.”

    As the cliche goes, “with great power, comes great responsibility”. It is the responsibility of marketers to care for that aforementioned unified customer data and ensure that customers are afforded all of their rights the law requires when it comes to their data.

    But what rights do customers have when it comes to their personal data? Let’s take a deep dive into answering this question so that your company can be prepared if you receive a request related to customer data. 

    Customer data requests: An overview

    Before going into detail about requests, the importance of having a specific process for customers to make these requests must be discussed. 

    Companies would be best served to have a specific channel (most commonly email) where customers should send requests. This should be communicated to customers through your company’s privacy policy so there is no confusion when a customer decides to make a data request.

    Companies are responsible for responding appropriately to all requests, even if a customer does not use the correct channel to communicate the request. Requests should be archived with the date they were made. The General Data Protection Regulation (as well as other governing laws/guidelines) requires that responses are made to customers within 30 days of receipt of the request.

    What could customers actually be asking your company for?

    Right of Access

    This type of request generally involves three things: confirmation that you hold an individual’s personal data, access to all the data that you hold, and/or other questions related to the gathering and storage of this data.

    Customers making this request oftentimes just want to know what personal data your company holds that belongs to them.

    Right of Data Portability

    This right allows customers to obtain their personal data from your company and reuse it. It essentially allows customers to transfer or move data from one IT environment to another safely. The data should be provided to customers in a way that does not affect its usability.

    Right to Rectification 

    Customers have the right to request that their incorrect or incomplete data be corrected. If there is found to be incomplete or incorrect data on a customer in your system, you must meet the 30-day deadline to correct this if the customer does make this request.

    A good practice for certain companies in delicate situations would be to take an extra step to confirm the identity of the individual making the request to ensure the data isn’t being manipulated. It is important to log all communication related to requests for rectification in order to avoid potential miscommunications with customers or GDPR issues.

    Right to Erasure

    Your customers do have the right to have all of their data completely erased from your CDP in certain circumstances.

    Generally speaking, you have two options on how to move forward: anonymize the customer in your CDP or delete the individual completely. Deleting completely is the safer option in regards to GDPR.

    Unlike the previous rights, this right is not absolute, meaning it does not apply in all situations. If a customer’s data is no longer necessary for the purpose for which you collected it, you are subject to erase it if a customer makes this request. The right to erasure also applies if you are processing the data for direct marketing purposes and the individual never consented to that.

    Right to Restrict Processing

    This right essentially gives customers the right to limit the ways that companies can use their data temporarily. This is typically done in lieu of requesting a full erasure of data.

    Like erasure, this is not an absolute right and only applies in certain circumstances. When processing is restricted, companies are permitted to continue storing the data in question but cannot use it.

    Right to Object

    Finally, customers also have the right to permanently stop you from processing their data in certain circumstances.

    The absolute right in this case involves individuals’ rights to stop their personal data being used for direct marketing purposes. In other cases, customers must show they have a “compelling reason” for a company to stop processing their personal data.

    The request can be in regards to all of a customer’s data or just a certain portion of data held by your company. It can also relate to a specific purpose or reason you are processing the data. 

    Exponea is here to help with customer data requests

    The different requests and your company’s required response to them can be overwhelming. It’s important to have a strong ally in your corner to help should your company ever find itself in a situation like the aforementioned ones.

    Exponea’s Customer Data and Experience Platform is a world-class product that provides secure data compilation and marketing automation initiatives. Our individual rights document goes into even further detail about how to address customer data requests for companies that use Exponea.

    Exponea was the world’s first GDPR certified SaaS company and holds top security certifications to help keep our customers as protected as possible.

    The Exponea Academy also features a “GDPR Best Practices” course that dives further into all of these rights so that your company will know immediately how to respond to all customer requests should they come. 

    Ready to see the CDXP in action? Watch our short demo video to see how you can turn customer data into marketing magic without worrying about security and data privacy. If you’re interested in learning more about data privacy and security, Exponea Academy’s Privacy Fundamentals course is the deep dive you need to master the topic and become an expert.


    How Exponea Protects Your Data

    A Comprehensive Overview of Exponea Security Features

    meet the author
    Carl Bleich
    Content Marketing Manager
    Carl works with Exponea experts to produce valuable, customer-centric content. A trusted expert with over 15 years of experience, Carl loves exploring unique ways to turn problems into solutions in the martech space.  

    Watch Exponea demo video!
    Explore the Customer Data & Experience Platform B2C Leaders Love to Use

    MISSGUIDED Victoria Beckham Desigual
    ebuyer River Island

    We rely on cookies

    to optimize our communication and to enhance your customer experience. By clicking on the Accept and Close button, you agree to the collection of cookies. You can also adjust your preferences by clicking on Manage Preferences. For more information please see our Privacy policy.

    Manage cookies
    Accept & close

    Cookies preferences

    Accept & close
    We use cookies to optimize our communication and to enhance your customer experience. We also share information about how you use our website with our third parties including social plugins and analytics. You consent to our use of cookies if you continue to browse our website. You can opt out of our cookie use on the Do not Sell my Personal Information page. For more information please see our Privacy Policy.