A new data privacy law known as the General Data Protection Regulation (GDPR) went into effect May 25th, 2018 and changes the way businesses must collect, handle and store customer information.
The GDPR is the biggest data protection law we've seen in more than two decades. It gives consumers more power over their personal data and means companies have to make some big changes to comply with the new regulations.
Does GDPR affect everyone?
Odds are, if you collect email addresses online, you have European subscribers. That means you'll have to comply.
While the regulations are only applicable to EU citizens, many companies are updating their entire email marketing process to comply with these new standards. Why is that? Most experts think this regulation is just the beginning of a widespread need to tighten data security everywhere.
For that reason, many companies are updating their entire email marketing strategy and bringing every contact – whether they're EU citizens or not – into GDPR compliance.
Pinpointe's commitment to GDPR compliance
At Pinpointe, we're taking steps to help our customers comply with the new rules.
We have always striven to meet or exceed the industry's toughest privacy regulations and GDPR is no different. Here's how Pinpointe has modified its processes to meet the privacy standards enacted under the GDPR:
From its inception, Pinpointe recognized the responsibility in data collection. We designed Pinpointe to help businesses better understand their customers and promote their products via email, but to do so requires collecting personal information such as names and email addresses.
We understand the gravity of data collection and have remained diligent in our security efforts to ensure information is safeguarded.
When GDPR was introduced in 2016, Pinpointe set two goals: to make sure our practices were GDPR compliant and to give customers tools to help them become compliant as well.
Here's what we have done towards achieving these goals:
- Audited our personal data collection and storage processes
- Strengthened data collection protocols
- Updated privacy documents and our Terms of Service
- Appointed a data protection officer
- Provided customers with opt-in records that show time stamped consent
- Educated customers about the new law
Pinpointe tools that can help with GDPR compliance
If you're a Pinpointe user, you're in luck. We've already taken steps to help you comply with Europe's new data privacy law.
Inside our advanced email platform, you'll find several tools that can aid in GDPR compliance:
Under GDPR, subscribers have to give their consent before you can email them. Most brands have an opt-in process that asks subscribers for consent, but there's a little more to it now.
Before collecting a person's information, you have to tell subscribers how you'll use their information and what steps can be taken to withdraw consent.
Specifically, you have to tell subscribers:
- Who and where your company is
- Why you want their information and how you will use it
- Whether or not data is shared with anyone else like vendors or third parties
- How long data is kept
- How to opt-out of your list and how personal data is erased from that point
- How they can report any suspected problems with data security
Any time you collect customer information, you have to be explicit in how you'll use that information. This means you'll have to update the language on your opt-in pages to provide all of this information.
Keeping better records
Companies need to update their record keeping procedures under GDPR as well. You basically need records that show your compliance with the new regulation. That way, if a subscriber reports your company for alledgedly violating the GDPR, you have proof to show otherwise.
One of the records you'll need to keep is proof of consent. Pinpointe users can access this information from their account. We keep opt-in records that provide a time and date stamp that reflects when a subscriber joined your list.
Here's an example of the file you can save for your records:
Make opting out easy (and be prepared to remove data too)
GDPR gives subscribers the power to not only opt-out of an email list, but to have their data removed from servers as well. It's aptly referred to as "the right to be forgotten," and gives customers the power to grant and remove their personal information with ease.
Pinpointe provides its customers with access to the following features to help ensure subscribers have the required control over their personal data:
- Unsubscribe footer
An unsubscribe footer is automatically added to every email. If a subscriber wants to opt-out, Pinpointe removes their name from your list for you.
Here's a simple, two-word unsubscribe option that's added to the bottom of this example email.
- Access master unsubscribe list
You can view your unsubscribe list at any time to see a running list of contacts who have opted out. You can use it as a checklist to wipe customer information from your server if the customer wants to be forgotten.
- Delete contacts
If a customer contacts you via email or calls your customer support line asking to be removed from your email list, you can go into your Pinpointe account and delete contacts manually by managing your database.
Pinpointe has also optimized its own process by which it can find and remove a subscriber's email address from our systems. As part of complying with such a request, the subscriber's email will also be added to a global suppression list.
Your subscribers also have the right to have their information updated. If a customer reaches out and wants to make these revisions, you have to comply.
In truth, updating your records is beneficial to the subscriber and to your company. With up-to-date information, you can send relevant emails that the customer actually wants.
Pinpointe customers can simply search their database of contacts, locate the subscriber, and edit their information. You'll find a form full of fields that you can update.
However, if you do need our assistance, we have modified our processes to make it simpler for Pinpointe's own authorized agents to update the personal information of a subscriber who makes such a request, including allowing our agents to more easily tag specific data fields containing personal information as "Do not track" and "Do not retain." We have also added a new process to ensure no GEO IP data will be tracked and stored if a subscriber so requests.
Breaking the rules is costly
GDPR isn't a suggestion or directive, it's a regulation. It has binding legal force, which is a fancy way of saying if you break the rules you'll land in legal trouble. To make sure companies take the new regulation seriously, there are strict penalties in place for those who don't comply.
The maximum fine your company can face for violating the rules is up to 4% of your global annual turnover or $24 million, whichever is higher.
It's a steep penalty meant to show companies how serious the regulation is.
GDPR marks a dramatic shift in data collection, storage and usage. At Pinpointe, we're making every effort to help our customers comply with these new rules and will keep you updated on future changes that are applicable to GDPR compliance.
To learn more about GDPR and the additional changes you should make to your email marketing strategy, check out our recent post, "GDPR and Email Marketing: How Will Europe's New Privacy Laws Affect Your Email Marketing?"