You’ve probably already heard or read about it hundreds of times, but for the sake of completeness, we’ll give you a short and succinct explanation about what GDPR actually means.
What is GDPR?
GDPR stands for General Data Protection Regulation. It is a European Union law and replaces the Data Protection Directive. The GDPR has been established to better protect the data of European citizens. Each company inside the EU has to abide by this new legislation. A brief overview of key regulatory points of the GDPR includes the following:
- you can prove which data you collect and how you use and secure this data.
- you have obtained all data after a clearly demonstrable, explicit and registered consent or permission of the person in question.
- you can fully remove a person from your database(s) when he asks for it (right to be forgotten)
- you have put in place the necessary procedures to report a data breach to the affected persons within 72 hours.
For more information, we would like to refer to:
- the official publication of the legislation
- the 13-step plan of the privacy commission
- this easily searchable archive in more than 24 different languages
Protection of your privacy
For any further questions, you can always contact firstname.lastname@example.org.
Email marketing and GDPR. This is what you should pay attention to:
- To collect and process personal data, legal consent or a so-called consent of the person concerned is required.
- As a data controller, each company is fully responsible for the collection and protection of this data.
- When working with external data processors, a so-called collaboration agreement is required.
- Consent must be “freely given, specific, informed and unambiguous”. You need the express permission of the email address owners and you must be able to prove that you have legally obtained it.
- The data processor must prepare a comprehensive data protection statement in accordance with Article 13 of the GDPR and has to inform addressees about the data processing procedures.
- A commercial newsletter always has to contain the contact information of the sender and a clear unsubscribe link.
Sendtex as a data processor:
We, as an organization that facilitates customers in managing, sending and following up email campaigns, regard privacy and its protection as paramount. In that respect, we can only be enthusiastic about the arrival of this new privacy legislation. In the course of 2016, the development of Sendtex v3 was started and the privacy and security component was included from the start.It was logical that the development of new software with this philosophy in mind would mean an additional workload. However, to be able to offer our customers the best possible tool, we had to involve the whole team and delve deeply into this legal matter. An external software assessment was conducted to give us sufficient insight to make this new Sendtex environment GDPR-ready.
We can, therefore, state that with these new developments, Sendtex is equipped with various platform options to such an extent that our customers will be able to work in accordance with this new legislation. Of course, we will follow up and continue to work on additional (sector-specific or other) functionalities.
Sendtex already provides the following:
- Possibility to set up two-factor authentication via the Google Authenticator app on your smartphone.
- Consent logging for every contact.
- Looking up the history of a user's consents.
- Right to be forgotten by removing and anonymizing specific user data.
- Possibility to optionally secure variable user fields.
- Rights system so that certain backend users can’t see the personal data of the stored e-mail addresses.
- Possibility to save screenshots or photos in a register, in order to log consent requests.
- User data protected from being visible to Sendtex employees.
- The necessary interface options for users to meet the GDPR legislation.
- SSL security across all interfaces and the API layer.
- Technical and organizational measures to comply with privacy legislation.
- Privacy by design is provided from the heart of the organization.
- ISO certified EU data centers.
- A policy of never buying or selling email lists for companies or individuals.
- The possibility of a processing agreement.
This article is for information purposes only and cannot be considered as legal advice regarding EU privacy legislation. We always recommend contacting a legal adviser for applicability to your own company.