How Gleam is Handling GDPR

As you're no doubt aware as a marketer that the new General Data Protection Regulation (GDPR) is due to roll out on the 25th May 2018. This replaces the Data Protection Directive 95/46/EC which Gleam is currently compliant for.

We've always valued privacy at our core here at Gleam and have built the platform always in alignment with the Australian Privacy Act (which shares many common requirements with GDPR) to:

• Implement a privacy by design approach to compliance
• Be able to demonstrate compliance with privacy principles and obligations
• Adopt transparent information handling practices

Gleam by nature is a consent based platform, users specifically give consent to enter campaigns and the data they provide is only ever shared with the owner of the campaign. So Gleam acts as a Data Processor on behalf of the customer (Data Controller).

For example, when a user enters a campaign that validates an entry via an API, this data is often only used at the point of validation and never stored on Gleam or shared with Customers.

We understand that as a popular platform in the space we must always maintain a high level of privacy and trust across both customers and their users.

So, as a global business it's important that we align ourselves with GDPR and also assist our customers to ensure that they are compliant with GDPR when running campaigns.

Upcoming changes that we will be rolling out:

• We've appointed a Data Protection Officer
• You can now contact us directly via privacy@gleam.io to discuss any specific concerns
• New Privacy Policy: We'll be rolling out a new GDPR compliant privacy policy (that's written in a way that's easy to understand)
• New Data Processing Agreement: Since we store data in the USA (in an EU Privacy Shield-Compliant facility) we will be updating our agreement with EU customers detailing how we process their data
• Right to be forgotten: We have always honored this since our inception, we allow anyone to request for their account or data to be deleted. For campaign owners, you already have the power to delete contestants if they exercise this request to you directly
• Any reactionary changes based on GDPR rollouts from any service that we integrate with (to comply with their policies)
• Continent targeting for all campaign types to include or exclude EU (or other continents from campaigns)
• Improving the ability to obtain additional consent on Subscribe actions
• Improving the ability to obtain additional consent via checkboxes in Capture
• EU users will no longer be able to have Custom Fields checkboxes auto select
• Rolling out new Guides to help customers understand how to ensure their campaigns are GDPR compliant
• Helping customers understand which users have or have not given prior consent in previous campaigns
• Helping customers understand the 3rd parties that we have data processing agreements with (i.e. Mailchimp)

You can expect these changes to roll out before 25th May 2018, we're looking forward to continuing providing a platform that lets you run campaigns in a way that helps you achieve business outcomes whilst protecting the privacy of users.