The General Data Protection Regulation (GDPR) is a new European privacy law that became enforceable on May 25, 2018. The GDPR is intended to harmonize data protection laws throughout the European Union by applying a single data protection law that is binding throughout each member state.
The GDPR applies to all organizations established in the EU and to organizations that process the personal data of EU data subjects in connection with either the offering of goods or services to data subjects in the EU or the monitoring of behavior that takes place within the EU. Personal data is any information relating to an identified or identifiable natural person, including their email address. You should consult with legal counsel regarding the full scope of your compliance obligations.
Critical Impact puts the power in your hands as it relates to your email marketing efforts and have made tools available in our system for your convenience. However, we don’t control your data, so there are and will be actions you need to take on your side to ensure your own GDPR compliance. For example, when you provide a form for people to use to become subscribed to your email, there are some key pieces of information you must provide such as:
Make sure you have permission and the proper proof of opt-in before sending to subscribers in the EU. Any email automation also needs to use EU subscriber data in a compliant manner.
It’s important that your email marketing platform can process data securely. Critical Impact is certified under the EU-US Privacy Shield. This allows Critical Impact to transfer personal data among the European Union Countries, Switzerland and the United States, while still meeting data protection obligations under GDPR. Critical Impact’s certification can be found on the EU-US Privacy Shield website here: https://www.privacyshield.gov/list.
Please note that this material is provided for your general information and is not intended to provide legal advice.