GDPR – What are the main things you should know?
If you’re in the email marketing industry, you should know about the new regulations that were passed by the European Parliament, called the GDPR.
After getting a sudden influx of new users that came looking for a: ‘EU-based alternative for Mailchimp’, we thought we should draft a quick roundup of the things that our current and future users should know.
Sender.net is a EU based company with all its data-centers based in the EU, thus compliant with all EU regulations, including, but not limited to GDPR.
What is the GDPR?
The new regulations are called GDPR – short for General Data Protection Regulation. The GDPR is a regulation, which, according to Europa.eu, is a binding legislative act. It must be applied in its entirety across the EU.
In simple terms, the GDPR was created to harmonize data privacy laws across Europe, to protect all of EU citizens’ data privacy and to reshape the way organizations across the region approach data privacy.
When will the GDPR will become enforceable?
The GDPR will become enforceable on May 25th, 2018. So there still is time to adapt to the new changes. We are constantly adapting to new changes and regulations, as should our customers.
Is there a way to avoid the regulations?
There is no way to avoid the regulations, especially if you are based in the EU. And you shouldn’t even want to – the GDPR is a good thing for all the consumers.
You should seek legal counsel regarding the obligations. If you are based in the EU or have personal data of EU citizens, the regulations will definitely apply to you.
That means that most of the world’s biggest organizations will be affected, including Sender.net and most likely all Email Service Providers.
So what’s considered personal data?
By definition, personal data means ‘Any information relating to an identified or identifiable natural person (‘data subject’), such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;’.
Basically, that means that the majority of the data you collect about your subscribers will now be treated and considered as personal data.
What new rights does the GDPR provide to EU residents?
These are the new rights given to the consumer:
- The right of access by the data subject. The data subject (the EU resident) will now have the right to know what data is being processed about them and how exactly it’s done. (Article 15). If you need information about privacy, please message email@example.com a detailed request.
- Right to rectification. The data subject will have the right to request that incorrect data about them is corrected. You may access your account details and correct them at any given time in the ‘Account’ section. (Article 16)
- The right to erasure. The data subject can request that the data concerning him or her be erased without undue delay. You may close your Sender.net account permanently at any given time which will also result in deletion of all your data associated with the account. To do that you just need to message us at firstname.lastname@example.org. (Article 17)
- The right to the restriction of processing. The data subject shall have the right to obtain from the controller (the Sender.net user is the controller) restriction of processing. If you’re interested in the specifics, read the whole article. (Article 18)
- The right to data portability. The data subject shall now have the right to receive the personal data concerning him in a structured, commonly used and machine-readable format in order to switch their data to a competitor. We will export your account data at any given time, you can message email@example.com for help. (Article 20)
- The right to object. The user has the right to prohibit certain types of data usage. If you’re looking for more information, read the whole article. (Article 21)
What if you fail to comply with the regulations?
Failing to comply with GDPR regulations can result in astronomical financial penalties – up to 20 Million Euros or 4% of global annual turnover, whichever is higher.
Am I GDPR-compliant?
Here’s what you can do to check:
- Did you collect ALL of your subscribers with their explicit consent? In other words, did your subscribers agree to receive your emails through a single or double opt-in form? Pre-ticked opt-in boxes are not GDPR compliant.
- Do you do/plan on doing something that your subscribers didn’t know when opting-in? For example If they opted-in for your promotional emails, it isn’t okay to send them information about your brother-in-law’s new tech startup.
- Do you have exact records of your subscribers opting-in? If yes, you have solid proof of consent.
- Do you have any cloud services where you store the information about your subscribers? If so, you should personally contact them to make sure they’re GDPR-compliant and therefore, won’t result in any fines for you or your company.
- Have you updated your opt-in forms, terms of service to make sure it’s clear what exactly are you keeping track of and how they can make requests to delete the data?
If you comply with these five rules, you probably are GDPR-Compliant.
What is Sender.net doing to comply with the GDPR?
Sender.net is fully committing to achieving compliance with the GDPR by May 2018 as we are based in the EU, Lithuania. Our team of legal experts will make sure that happens in time. This will mostly be done behind the scenes. It will mostly consist of analyzing our features to determine whether there are any that need updating, considering new, GDPR-friendly features. Though if you ever have any questions, you should contact us at firstname.lastname@example.org to have any privacy concerns answered. We are prepared to answer any requests made by our customers.
If you’re still looking for more information on the GDPR, here are our other articles on the topic:
Onward & Upward,
NOTE: The article wasn’t written by a legal expert. The article is not meant to be taken as legal advice, it is merely an overview. If you have any legal questions regarding the GDPR, please seek professional legal counsel.