FAQ: Consent & Privacy Management for GDPR


Where can I learn more about the EU General Data Protection Regulation (GDPR)?

A: For all questions about the regulation, you can visit the official EU GDPR portal to learn more, including an FAQ about the regulation itself: https://www.eugdpr.org/


When does GDPR go into effect?

A: May 25, 2018


Is BlueConic considered a data processor or a data controller in relation to the profile data stored in the platform on behalf of its customers?

A: BlueConic is considered to be a data processor in this context.


When will BlueConic’s Consent & Privacy Management capabilities release?

A: April 2018


Will BlueConic’s Consent & Privacy Management capabilities make my organization compliant?

A: Not necessarily. You should consult your internal legal/privacy experts to determine which of your marketing objectives require implicit or explicit consent, as well as where and when you need to ask for consent. Once you have this determined, you can use BlueConic’s Dialogues to ask for consent and capture individual rights requests.


Does BlueConic provide consulting to its customers about how to be GDPR compliant? 

A: No. BlueConic is not a consulting or law firm. We recommend you consult your organization’s legal and/or privacy experts to determine what is required for your specific organization.


Is BlueConic GDPR compliant in relation to the profile data stored in the platform on behalf of its customers?

A: Yes, all our internal processes are compliant, as well as 3rd parties, like Amazon Web Services.



What is the new Objectives object in BlueConic, and how does it relate to consent management for GDPR?

A: The new BlueConic Objectives object lets you define purposes for personal data collection that require explicit or implicit consent. You can easily add Dialogues, Connections, Listeners and other BlueConic objects to Objectives to enable consent management for those objects.


Is it possible to only ask for consent against one overall Objective and remain compliant with GDPR?

A: This is a question for your internal legal & privacy experts. It depends on what types of data you collect, as well as how many different marketing purposes for which you use it.



How can BlueConic help me manage consent for personal data collection?

A: You can use BlueConic Dialogues to request consent from individual customers for the specific purposes associated with your defined Objectives in the platform. Once consent is given or denied at the individual level, that data is stored in the corresponding profile that is persistently stored in BlueConic. As a marketer, BlueConic Dialogues provide you with complete control and flexibility over how and where you ask for consent, so you can make changes as needed without the help of IT or developers. You can view what percentage of your customers has provided consent for each of your objectives at any time.


Can I see a demo of how to set up Objectives in BlueConic, as well as Dialogues for requesting consent?

A: Watch our tutorial video to see how to do this in under 5 minutes.


Can I limit the exposure of consent-related Dialogues to only be shown to customers in the EU?

A: Yes. Based on the IP address of your website visitors, BlueConic can determine the legislation of a user, and only display consent Dialogues to visits with an IP address located in the EU.


What if a customer denies or revokes consent for website tracking behavior? How would BlueConic automatically manage that?

A: Assuming that ‘website tracking behavior’ is defined as a BlueConic Objective, when a customer denies or revokes consent for that Objective, BlueConic will not execute Dialogues, Listeners, Connections and other related objects for that particular customer’s BlueConic profile.


Can I synchronize customer-level consent data to my external marketing platforms, such as ESP, CRM, retargeting?

A: Yes. You can use BlueConic partner Connections to sync with your external platforms. When exporting profiles, you can select to only transfer profiles for customers that have given consent.


What if we are capturing consent in other platforms? Can we integrate consent data captured outside of BlueConic into BlueConic profiles?

A: Yes. As long as the consent is captured at the individual level and can be mapped to a BlueConic profile identifier, you can use BlueConic connections to synchronize this data. When importing profiles, you can select to only transfer profiles that have given consent.


Can I also use BlueConic’s consent management capabilities to manage cookie consent?

A: Cookies are seen within the GDPR as only one way to create an online identifier. With the GDPR, the focus is on getting consent for a specific purpose, of which cookies are only a part. BlueConic will only set an identifier in a cookie when the visitor has given consent to at minimum one consent, before that no identifiers are stored in cookies.



Can BlueConic help me manage individual rights requests, such as requests to access data, rectify data, and delete data?

A: Yes. You can use BlueConic’s new privacy management capabilities to create a customer-facing privacy center using BlueConic Dialogues. Customers can make these requests in the privacy center, so you can respond in a timely manner.