Frequently Asked Questions
About the Solution
Does GDPR Edge™ serve as a Data Controller or Data Processor?
GDPR Edge™ serves as a Data Processor in the scope of the GDPR requirements. This means the platform processes the consumer interactions, but does not bare the overall responsibility of appropriate data management.
Does GDPR Edge make my organization fully compliant?
No, GDPR Edge is a solution that allows your enterprise to bridge the gap to full compliance, but it still requires you to abide by the other changes included in the GDPR regulation.
How does GDPR Edge collect data from online interactions and purchases?
Through the GDPR Edge API integration. Data is easily collected from online points of sale, consumer loyalty programs or any other consumer data point and then stored in our Blockchain Ledger.
How does GDPR Edge work in physical storefronts?
For in-person interactions, we have created the Intel® RRP located at the point of purchase (i.e. POS) along with the GDPR Edge IP. Optionally, you can also use our deep integrations to the POS using our APIs or mix RRP devices and APIs as needed.
Does GDPR Edge integration with SSO?
Yes, it does.
What happens when a consumer corrects data?
Within the GDPR Edge system, consumers are able to manage personally identifiable data. When they make changes to the data previously collected, it is then updated in the Blockchain Ledger.
What happens when a consumer submits a ‘Forget this Transaction’ request?
As part of the ‘Right to be Forgotten’ article of the GDPR, consumers can request any data captured be forgotten by an organization. To support compliance, GDPR Edge provides consumers the option to forget complete transactions or specific transaction details.
How does my business complete a data transfer request?
As part of the ‘Data Portability’ article in the GDPR, consumers can request a data transfer between enterprises. Within the GDPR Edge solution, consumers can easily identify data they would like transferred and then submit a request to the managing organization.
Does my business need a Data Protection Officer (DPO)?
DPOs will be required for a specific types of organizations. This includes public authorities, enterprises that engage in large scale systematic monitoring, or organizations that engage in large scale processing of sensitive personal data. If your organization does not fall into those categories or for additional information, check with your legal council.
Where can I track consumer requests?
In the GDPR admin portal under the Tasks page, each of the consumer requests in need of attention are listed.
Can an organization customize the design appearance?
Yes, you can customize the accent and link colors, add your logo and a sidebar background image for the homepage.
What data is visible and manageable by consumers?
Any data that is collected by an organization and considered personally identifiable is visible and manageable by consumers.
What sort of personally identifiable information is used to centralize transactions against a single consumer record?
The unique identifiers collected during interactions such as credit card information, phone number or email address serve to centralize consumer records.
How is the collected data presented to the consumer?
Once the data has been collected and stored in the organization’s Ledger, it is accessible through a centralized account once they sign into GDPR Edge.
Can a consumer request a transfer or make changes to a bulk set of data at once?
Yes, through the personal account data management options.
How do you notify my consumers about where they can view and manage interactions?
As part of the GDPR Edge, we support enterprises in customizing the notification options by printing on receipts from the POS system, notifying through an email, on your website or other consumer management point.
Does GDPR Edge™ need to be implemented into all systems at the same time?
No, it’s very easy to implement GDPR Edge over a period of time to all systems as needed. It is easy to manually update records as needed when on-boarding.
How do you integrate the different environments?
We provide unique API keys for each type of environment to ensure a seamless setup process through development, staging and production environments.
What types of users will exist on the site?
Within each system on the backend there will be admins, auditors and DPOs. On the frontend, each consumer will have their own user account.
Can a consumer request an organization forget all personally identifiable data at once?
Yes, through the personal account data management options.
Where do organizations need to list interaction IDs?
Interaction ID locations can be customized for each enterprise, but is required to be easily accessible. This could mean in a confirmation email, on a transaction receipt or listed during an interaction.
Does GDPR Edge replace my compliance assessment or Privacy by Design?
No, you must also complete an assessment and in the future always make decisions regarding data collection and management by the Privacy by Design standards.
Does GDPR Edge help with compliance reporting?
Absolutely. There is an auditor portal with nearly all tools needed to demonstrate an organization's compliance. This is a core value of the system.
How does this solve the new California privacy regulation?
While GDPR Edge was not made as a direct solution for the new California privacy regulations, we believe it is a moldable platform that can provide a variety of data privacy solutions based on an organization's privacy needs.
How is the data secured?
Data collected during consumer interactions is transferred and managed in the our Blockchain Ledger using custom API workflows. Blockchain technology adds a level of security due to the data distribution design, which encodes the data using a variety of unique identifiers.