Blog

05/17
2018

Albert and GDPR

05/17/2018

Albert and GDPR

In light of the new consumer data regulations hitting the European Union (EU), Albert is reaffirming its commitment to protecting both its users’ data and their right to understand how it’s being used.

The General Data Protection Regulation (GDPR) is a new European data privacy law designed to upgrade existing protections to the privacy rights of persons in the EU with respect to their personally identifiable information (PII). The new law, which comes into effect on May 25, makes it more difficult for companies doing business in the EU or otherwise offering products or services to persons in the EU, to collect personal information on consumers without their knowledge. It also grants consumers more control over how that information is used.

The GDPR has extended the EU’s data protection laws to every individual and organization that processes personal data of persons in the EU and collects any form of PII, which can include anything from an email address or a photograph to a person’s financial records or credit score.

Albert Technologies, LTD, has always been committed to the highest degree of customer data protection, and we honor the integrity of each consumer’s personal data by following a strict formal protocol. Here are a few examples of how we’ve adapted to the new protections put in place by the GDPR.

Collecting Data and Providing Information to Customers

GDPR policies clearly define what PII entails, so at Albert, we’ve become more strict about data collection and storage policies. As it applies to Albert customers, instead of absorbing their CRM into Albert, we now direct client’s to migrate that data into their ad accounts, where Albert can leverage the data for campaign execution without actually storing or processing any PII on our servers. In addition, we also make sure that our performance and management of ad campaigns through our customers’ social media account, is only performed under the limited ad manager permissions. This way, our customers and Albert can avoid providing access to personal data held or maintained by our customers and in their social media accounts.

Analyzing and Managing Data

To comply with GDPR policy changes, we recently analyzed all the data we’ve collected and stored since our inception. We wanted to ensure we knew what data we hold, where it’s from, and how it’s used within our organization.

Albert has also updated all internal policies for managing data. We’ve made a number of security adjustments that address our saving and encryption processes, as well as how and from whom permission can be given to access various databases. Finally, from the moment we obtain any kind of customer personal data, we track its course, monitor its applications, and ensure that it’s never used for any purposes other than for providing our customers with our services.

Security and Certifications

Albert is in the process of completing an American Institute of CPAs SOC 2 compliance certification, which ensures all of our data collection practices pass necessary reporting audits and drive us to high standards for security in general.

Deleting Data Files

At Albert, we’ve have a two-pronged process for dealing with data that belongs to our customers’ customers.

First of all, if a company requests their audience and customer data or asks us to delete it once they are no longer a client, we respond within 48 hours and carry out a standard procedure. The user deleting or requesting access to their data begins the process by filling out a form — we then send an alert to our team that tells them to stop all data collection for that company and, upon their request, delete any and all data of theirs that we have on file. Even if a client doesn’t explicitly ask for this information to be deleted, we remove all audience and customer data associated with a former client after a few months if we feel certain that company won’t be returning.

Secondly, we review all of our data files on a quarterly basis to investigate what data is unneeded and to ensure that we have absolutely no information that belongs to companies that are no longer clients.

Aligning Albert Procedures with GDPR Policies

In addition to the above and in order to ensure full GDPR readiness, we ran a thorough analysis and audit of all internal processes related to data management, and updated our internal training covering data privacy. We also created and updated protocols for handling data breach and security events to be in line with policy.

The Only Solution for Maximizing Results While Protecting User Data

New GDPR policies are in alignment with how we believe people and their data should be treated.

Albert, the first fully-autonomous AI marketing platform in the world, functions primarily through sophisticated algorithms — most of which have nothing to do with analyzing or storing personal data, but with making precise calculations. Albert is able to drive amazing marketing results not by uncovering sensitive information that users are keeping hidden, but by finding connections between readily available data that human analysts would never be able to make.

Because Albert’s success has never been predicated on invading users’ privacy, we’re confident that we’ll continue to deliver amazing results for organizations marketing to citizens of the EU while maintaining our firm line on consumer data privacy.

For more information, please visit our privacy policy at https://albert.ai/privacy-policy/.

by Ron Netzerel
Chief Product Officer