Regardless of your primary audience's location, navigating the landscape of global privacy regulations necessitates a strategic approach within BlueConic. Adhering to diverse legislation zones, such as GDPR and CCPA/CPRA, is no longer optional; it's a fundamental requirement for responsible data handling and maintaining user trust. This article will walk you through your options and strategies, tailored to your audience's primary location, ensuring you can confidently manage data privacy within BlueConic.
Before you begin
Familiarize yourself with BlueConic Objectives.
Ensure your Privacy Settings are accurate.
For EU General Data Protection Regulation (GDPR) audiences
To comply with GDPR audiences:
Click Add objective on the More > Objectives page and give it a name.
Next to "Required consent," check the boxes for Europe (GDPR) and United Kingdom (UK GDPR), as well any other relevant legislation zones. Visitors within the selected zones will be asked to provide consent so that items in the objective (e.g., Dialogues, Listeners) can access their profile.
Note: Only legislation zones that are enabled on the Privacy settings page are available for selection on objectives.
Enter a descriptive Consent title, which is the title the visitor will see when consenting to the objective.
Enter a Consent description, which should describe the consent given in easy-to-understand terms to the visitor.
Place items in the objective by selecting them.
Once you have created the objectives, you can now set up dialogues retrieve consent for your audiences.
Additionally, when creating a segment, you can make use of three profile properties specifically for GDPR:
Privacy legislation – Contains the value “GDPR” for people coming from one of the countries that the GDPR legislation applies to. Otherwise, it contains the value “NONE.”
Consented objectives – Contains the objectives that the visitor consented to.
Refused objectives – Contains the objectives that the visitor refused.
For California Consumer Privacy Act (CCPA) audiences
To comply with CCPA/CCPR audiences:
Click Add objective on the More > Objectives page and give it a name.
Next to "Require consent," click the checkbox for US - California (CCPA/CPRA) and any other applicable privacy legislation zones.
Note: Only legislation zones that are enabled on the Privacy settings page are available for selection on objectives.
Enter a descriptive Consent title, which is the title the visitor will see when consenting to the objective.
Enter a Consent description, which should describe the consent given in easy-to-understand terms to the visitor.
Place items in the objective by selecting them.
Once you have created the objectives, you can now set up dialogues retrieve consent for your audiences.
For international audiences (excluding the EU)
For audiences primarily outside the EU, simplify GDPR compliance by implementing a listener that creates visitor profiles exclusively for non-EU users. This avoids the need for complex consent dialogues and objective definitions for EU visitors, streamlining your process. If desired, you can still add consent mechanisms for EU users, creating profiles only after explicit consent is obtained.
To default to creating profiles only for non-EU visitors:
Install the plugin European visitors: only profile after consent.
Create a listener of type European visitors: only profile after consent.
Enable the Also block European visitors that already had a profile setting. This prevents the profile creation for returning EU visitors, unlinking their existing pre-GDPR profiles without deleting them from the database.
Check the Permanently delete existing European profiles (when they enter your channel) setting to make sure existing pre-GDPR profiles of returning EU visitors are deleted when they return to your channels.
(Optional) Select one or more segments that contain profiles that should not be deleted. This will some pre-GDPR profiles from being permanently deleted (they will get ‘unlinked’ when they re-enter the channel). For example, registered customers.
Turn the listener On and click Save.
Next steps
Learn how to set up a visitor's Privacy Center.
FAQs
What is BlueConic's role regarding consent legislation and customer data?
BlueConic acts as a data processor, providing tools to manage customer consent and privacy.
Can BlueConic ensure my company is fully GDPR compliant?
No, BlueConic provides tools, but you must consult legal experts for your specific compliance needs.
How does BlueConic help manage customer consent?
BlueConic uses "Objectives" to define data usage purposes and "Dialogues" to request and record consent.
What happens when a customer revokes consent?
BlueConic can prevent related actions (dialogues, connections, etc.) and optionally clear related profile data.
Can I synchronize consent data with other marketing platforms?
Yes, BlueConic allows exporting and importing consent data via connections and APIs.
How does BlueConic handle cookie consent in relation to GDPR?
BlueConic focuses on consent for data usage purposes, of which cookies are a part, and will only set identifiers in cookies after consent is given.
When does BlueConic create a visitor profile under GDPR?
Only if the visitor has legislation "NONE" or if they have legislation "GDPR" and they have consented to at least one related objective, or the related listeners, connections, or trackers do not require consent.
What happens when two profiles merge regarding consent?
Consented objectives are combined, refused objectives are combined (with conflicts resolved), and privacy legislation is determined based on priority (GDPR > NONE).
What is the difference between Europe (GDPR) and United Kingdom (UK GDPR) legislation zones?
They are separate zones to manage the differences between the GDPR, and the UK's version of the GDPR. UK visitors are assigned to the UK GDPR zone.
What is the difference between CCPA/CPRA and GDPR?
The California Consumer Privacy Act (CCPA/CPRA) and the European Union’s General Data Protection Regulation (GDPR) are separate legal frameworks with different scopes, definitions, and requirements. A business that already complies with GDPR will likely have a leg up when it comes to complying with CCPA/CPRA. However, the two legislations differ from one another in specific ways.