What is the GDPR?
In April 2016, the General Data Protection Regulation (GDPR) — legislation from the European Union regulating how companies and organizations handle an individual’s “personal data” — was adopted and, after a two-year transition period, became enforceable on May 25th, 2018.
It affords EU citizens many rights and requires compliance from all businesses and organizations who do business with individuals in the EU even if they reside outside of the EU.
It applies if you are collecting, recording, organizing or storing information of individuals in the EU, even if you reside outside. As a company doing email marketing, the chances are this applies to you.
What Are We Doing?
Here at Market 2 All, we already have strict processes in place to gather personal information for email marketing purposes.
First, we get express consent from everyone with signup forms and an unchecked checkbox on our contact forms. We also do not add subscribers without getting their express consent first.
Second, our email templates are all GDPR- and CASL-compliant (Canadian Anti-Spam Laws) with clear ways to unsubscribe and update personal information via preferences link in every campaign.
How Can You Be Compliant?
This article does not consist legal advice. If you have questions, please consult a lawyer who is aware of the GDPR.
Other things you can do are:
- Make sure that you are getting explicit consent to process your customer’s or subscriber’s data, then make sure you can display how you get this consent (screenshots are useful);
- Use a compliant email template with a clear unsubscribe link – all clients using our email news tool already have this;
- Provide clear Terms and Conditions;
- Go through your email lists and remove anyone who has not given you express consent;
- Keep records of all data processing activities, be able to easily show it should there be any complaints; and
- Do not share data with any third parties and do not use the data for anything other than the intended use for which it was gathered.
About our Email Newsletter Service
At Market 2 All, we provide professional email newsletter marketing services to clients in North America and Europe.
The parent company we utilize to provide email marketing to our customers stores data in a US-based data center. In addition, they use multiple data processing locations including USA, Australia and Germany. They also use Fastly as an external content delivery network, which is used for content caching. Fastly’s locations are available here: www.fastly.com/network-map.
They only use state-of-the-art data centers and cloud providers. Their data centers are monitored 24×7 for all aspects of operational security and performance. They are also equipped with state-of-the-art security such as biometrics, sensors for intrusion detection, keycards, and around-the-clock interior and exterior surveillance.
In addition, access is limited to authorized data center personnel; no one can enter the production area without prior clearance and an appropriate escort. Every data center employee undergoes background security checks.
At Market 2 All, we never give, rent, or sell access to your data to anyone else, nor do we make use of it ourselves for any purpose other than to provide our services. We store each account’s data within a unique identifier, which is used to retrieve data via the application or the API. Each request is authenticated and logged.
The databases are further protected by access restrictions, and key information (including your password) is encrypted when stored. Data is either uploaded directly into the application using a web browser or uploaded via the API which uses secure transfer protocols.
Whatever you do, do not hide your policies, ensure that they are easily accessible on your website, make them clear and understandable to a human being, and be clear about what you are doing and how.
If you respect international anti-spam laws—GDPR, CASL, CAN-SPAM—and peoples’ privacy, you should now have a better grasp of what the GDPR means for you.