What is GDPR?
The General Data Protection Regulation (known as GDPR) is a new European Union law that came into effect on May 25, 2018. The purpose of the GDPR is to update existing legal protections around the privacy of individuals. The GDPR uses the term “personal data” to mean any information that in any way relates to any living individual who is identified (or identifiable) from that information (whether in isolation or in combination with any other information). This is a very broad concept, and information that you might not think of as being particularly private (e.g., an IP address) is nevertheless treated as personal data for the purposes of the GDPR.
Does GDPR apply to BrightTALK?
The GDPR applies to anything that is done with or to, of personal data, by any entity that is within the GDPR’s scope. Information about users within BrightTALK’s platform is considered personal data and therefore GDPR does apply to some of BrightTALK’s activities.
Is BrightTALK a processor, a controller or a joint controller?
BrightTALK is a controller with respect to its processing of personal data of users, because BrightTALK has a direct relationship with the individual users of the platform and BrightTALK decides what data to collect and how to process the data. Channel owners are also controllers with respect to their own processing activities. BrightTALK and the channel owners are not joint controllers because they do not collectively make decisions about how and why they will process personal data - rather, each of them makes its own decisions, and they are therefore independent controllers.
How long is userdata held in the system? How is the data erased?
User data is held until the user chooses to delete their account. Presentation data is published on the platform until a customer chooses to un-publish. In the event of a contract not renewing content can be removed from the site.
All data is erased from databases by overwriting fields with anonymised data. Files are deleted.
Where is the system located that stores the data?
The systems on which the data are stored are located in the United Kingdom and Ireland. BrightTALK’s decisions regarding its own processing activities are taken by BrightTALK Inc. in the United States.
What security measures have been implemented to secure the data?
BrightTALK is ISO27001 certified. Developers receive ongoing security training. BrightTALK has implemented a secure development policy. Additionally, BrightTALK engages an outside party to conduct annual security testing.
Has BrightTALK provided the necessary notice to users?
How can a channel owner/manager add their company’s GDPR requirements to their channel?
A channel owner can do this through the channel survey feature. This survey allows channel owners to implement a custom form that requires users to consent/agree to the channel owner’s Terms & Conditions, Privacy Notices, or other legal documents, as determined by the channel owner.
If you require any additional information, please reach out to your dedicated Sales Executive or Customer Success Manager.