GDPR Overview

As of May 25, 2018, the new European Union privacy regulation called the General Data Protection Regulation (GDPR) went into effect, requiring all businesses to comply with the new privacy rules or risk hefty fines. GDPR places emphasis on lawful consent for obtaining customer information, customer rights over the information they share, and legal basis for processing the information by companies. This compliance also means consumers have more freedom to choose what personal information they share with companies and how companies make use of it.

Company categorization under GDPR

Under GDPR, companies are broadly classified as “data controllers” and “data processors.” Data controllers are companies or organizations that collect the data from EU consumers. Data processors are companies or organizations that process the data on behalf of the data controllers.

How is my organization affected by GDPR?

The GDPR affects only companies that collect, store, and process ‘personal data’ of citizens in the EU. However, there is a high chance that your organization could be one of them. “Personal data” means data relating to a living individual who is or can be identified either from the data or from the data in conjunction with other information that is in, or is likely to come into, the possession of the data controller.  For example: Cell phone number, Gender, user preferences, etc. If you are a customer of Predictive Response operating out of the EU or running campaigns targeting users who belong to the EU, the answer is YES.

How does GDPR apply to Predictive Response?

When it comes to the use of Predictive Response’s platform by our clients, those clients are the controllers and Predictive Response is a processor—and that means that Predictive Response will follow the instructions of its clients when it comes to the processing of personal data on their behalf. 

How does Predictive Response enable our customers to be GDPR compliant?

Predictive Response will be adding features and a preference management tool that will help our clients stay GDPR compliant. The feature additions support the following key GDPR requirements.


With the new GDPR regulations, companies need to ensure that they have explicit consent from EU individuals in order to market to them. Predictive Response will arm clients with the following tools to help ensure consent is lawfully gained:

  • Affirmative consent opt-in feature
  • A GDRP Preference Center that provides easy access to consent preference details and history
  • Consent tracking records, including:
    • Date consent was provided
    • Originating site consent was granted
    • Access to consent tracking records

Do Not Track

Under the new GDPR guidelines EU citizens have the right to request no tracking of their browsing activity. Predictive Response will provide our clients with the ability to disable tracking through the GDPR Preference Center.

Right to be Forgotten

The right to be forgotten allows individuals a method to gain more control over how their data is collected and used – including the ability to access or remove it. This means companies must have procedures in place for removing or deleting personal data if an EU individual requests it. With our ‘forget me’ feature, all data records will be removed through the simple click of a button in the GDPR Preference Center. 

Data Access

Under the new GDPR guidelines, EU citizens have the right to request a copy of their personal data that a company holds. At Predictive Response, we will make it easy for our clients to provide this data in a CSV file format. 

The deadline for GDPR compliance is May 25, 2018. We’re working hard to get our features released before the May 25th deadline and will publish more detailed information in the coming months. 

For more information, or If you have any questions, please contact us

To see full GDPR Guidelines, please visit:

European Commission
Information Commissioner’s Office

Disclaimer: Predictive Response is a marketing automation service provider, and the article does not constitute technical and legal advice about GDPR compliance. Any person who intends to rely upon or use the information contained herein in any way is solely responsible for independently verifying the information.