The General Data Protection Regulation (GDPR) is a regulatory framework that was designed to harmonize data privacy across Europe, to protect and empower all personal data of individuals that are physically located in the EU/ EEA, and to reshape the way organizations across the region approach data privacy.
Notice: Clients are responsible for ensuring their own compliance with various laws and regulations, including the European Union General Data Protection Regulation. Clients are solely responsible for obtaining advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulations that may affect the clients’ business and any actions the clients may need to take to comply with such laws and regulations. The products, services, and other capabilities described herein are not suitable for all client situations and may have restricted availability. Acoustic Exchange does not provide legal, accounting or auditing advice or represent or warrant that its services or products will ensure that clients are in compliance with any law or regulation.
Whether you accept Right to Erasure or Right of Access requests from individuals via a web portal, call center, or any other process, you can use the Acoustic Exchange GDPR APIs to process those requests in batch.
How will Acoustic Exchange GDPR APIs help you?
Right to Erasure requests can be made by any data subject that wants their personal data to be removed by a data controller or processor. As a data controller, you can accept the request, ensure the authenticity or accuracy of the requestor as needed, and then submit requests in batches to Acoustic Exchange via the Right to Erasure API.
This includes online identifiers, such as IP addresses and cookies, if they are capable of being linked back to the data subject.
Right of Access requests can be made by any data subject who wants confirmation as to whether personal data concerning them is being processed and access to that personal data. The Right of Access API provides you with the ability to collect and provide that information to individuals.
How does Acoustic Exchange consume opt-in and data subject consent?
Acoustic Exchange leverages various attributes that indicate consent in its taxonomy. Controllers must use these attributes to identify data subjects that have consented to marketing campaigns. If a data subjects identifying information is to be syndicated through Acoustic Exchange, it is mandatory that all data subjects consent is stored by Controllers. This is especially true for data subjects that are classified as minors; meaning that if a Controller stores identifying information of a minor, then the Controller must have consent from the minors guardian to continue to store the minors identifying information. Moreover, if Acoustic Exchange is meant to syndicate permissible data that follows consent guidelines, the Controller is responsible for applying and adhering to those guidelines in any application they leverage in their omni-channel programs.