The EncodeCustomer object in relation to the GDPR
The EncodeCustomer object encrypts customer data. This makes the object very useful in relation to the GDPR. Encrypting customer data has the potential to protect a person’s data and privacy, which is the overarching goal of the GDPR.
The GDPR introduces a new term for encapsulating procedures such as masking data, encrypting and hashing that are all aimed at securing and protecting personal information. This umbrella term is called pseudonymising. The term is defined as follows:
''The processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.''
In practice, this means encrypting or masking data so that, without a decryption key, the data cannot be used to identify a person.
Applying pseudonymisation on personal data can decrease the risks for the data subject and help controllers and processors meet the data protection requirements. As a business, you are also less vulnerable to data leaks when you encrypt sensitive data. And should there be a data leak anyway, informing the data subject is only required if it is likely the breach results in a considerable risk for the rights and freedoms of the natural person.
Recital 34 of the GDPR furthermore dictates that informing a person is not necessary if suitable protective measures have been taken for the personal data, such as encryption. In short: by masking data and applying pseudonymisation, your business will limit the need of informing customers if data is being violated. This keeps your business’s reputation intact.
With these two objects, you are better able to meet the GDPR’s requirements. Do you need any help implementing these objects in your campaign? Please contact your Project Manager.