Acquia strives to follow all relevant laws, policies, and regulations with Customer Data Platform. Compliance to stringent regulatory compliance policies helps CDP to improve your trust in the business. For Acquia Privacy resources, see Acquia’s Privacy Trust Center.
Customer Data Platform (CDP) and regulatory compliance
Prior to the enforcement of any specific user privacy regulations, many were already fulfilled by existing best practices:
Lawfulness of processing - As CDP is a data processor, the controller or CDP’s client obtains a lawful reason to process personal data and maintains that relationship with the end user. CDP assumes that all personal data it receives has a lawful reason for processing. Do not send any data to CDP that does not have a lawful reason for processing.
Security - CDP is a secure system by design and default, as certified by the SOC2 Type II compliance.
Data access - CDP allows our clients to access an end user’s personal data through the 360 API and UI. CDP client’s can leverage CDP’s 360 API or UI to share relevant personal data with the end user.
Data rectification - CDP keeps customer data accurate and updated as part of our normal data processing pipeline.
You can complete data erasure requests through the CDP user interface. For more information, see Data erasure. For any additional queries on data erasure requests, contact Support. For queries on GDPR, contact firstname.lastname@example.org.
How CDP can help you find data relevant to regulatory compliance
CDP aggregates data across all of our client’s source systems so it can help in determining which individuals the client deems relevant under specific regulatory conditions. Whether through Actions and 360, Template Reports, or Interactive Queries, you can leverage CDP to determine which natural persons and events are relevant to our client’s compliance, and in which source systems this data resides. For assistance on how to identify this data, contact your CDP customer value manager (CVM). Specifically you may be interested in your CVM helping by:
Providing all necessary customer metrics so that you can proactively define the criteria to identify no longer necessary customers on a periodic basis.
Drafting a template report or interactive query to periodically retrieve these natural persons whose data is no longer necessary for your business interests.