General Data Protection Regulation (GDPR)
DISCLAIMER: This material is provided for general information only and is not intended for legal advice. Fully understand the impact of the GDPR on data processing activities please consult with an independent legal and/or privacy professional.
In April 2016, by the European Union has adopted GDPR policy. This is a joint proposal from the European Commission that gives individuals more control over the collection and use of data. Ago Mail is committed to ensuring that our customers meet the GDPR requirements by May 25, 2018, the GDPR implementation date. Below is the GDPR compliance process we follow. Record all data processing activities related to the collection, processing, and storage of personal data. Develop functionality to ensure that we can respond quickly to any requests from our customers when their subscribers request information/actions related to their data, including; Right of access
Right of rectification
Right to object
Right to be forgotten
Right of portability
Evaluating our sub-processors to ensure they are also GDPR compliant by May 25th, 2018.
Consent of users
What is personal data?
Before we dive deeper into the GDPR and the preparations we make, let’s understand what personal data is.
“Personal data is an information related to an identified or identifiable natural person (the” data subject “). In particular, an identifiable natural person is a name, identification number, location data, online identifier, or one or more factors that are physically, physiologically, genetically, mentally, economically, culturally, or socially relevant. It is linked to an identifier such as. That natural person’s identity is concrete.
So, if you’re storing information with a few people during a usable approach and if this information is related to some symbol corresponding to devise IDs, cookie IDs, email addresses, etc.), it`s personal data.
The GDPR stipulates that personal data must be processed legally, fairly, and transparently.
For all types of data that meet the above definitions, you need to justify that you are processing the data legally. Consent is a major step towards GDPR compliance, but data collection must be clear and purposeful. This is the highest level of data collection and usage policy.
This means that there is no ambiguity about approved activities or the organizations that carry out those activities. The organization or consent to carry out these activities. Consent must be clear and unique to the organizations involved. The reasons for processing and storage should be clearly explained. A separate subscription form or unchecked consent box is the recommended option for each purpose. Regardless of what creative method you use to obtain consent from the owner of your personal data, it is important that you do not lose clarity in the process. Transparency regarding the reasons for processing data is a prerequisite for establishing explicit consent.
Don’t forget that personal data must be collected for specified, explicit, and legitimate purposes. They need to be appropriate, relevant, and limited to what is needed in relation to the purpose being processed.
Lawful Data Processing
No matter which email marketing application you use, your consent will be the legal basis for processing your subscribers’ data. Although consent is not the only way to legally process personal data, at least one of the bases for legal processing of personal data must apply:
Data subjects have consented to the processing of their data for one or more specific purposes
Processing is required to fulfill the contract for which the data subject is a party or to take action before concluding the contract at the request of the data subject.
The processing is important to conform to a criminal responsibility to which the controller is subject;
Processing is required to protect the significant interests of the data subject or other natural persons.
Processing is necessary for the performance of a task performed in the public interest or in the exercise of official authority vested in the controller.
Processing is necessary for the legitimate interests pursued by the controller or by a third party unless such interest is overridden by the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data, especially when the data object is a child.
While it is true that for most marketing activities the industry tends to rely heavily on consent as a legal basis for processing, you must analyze your data processing activities and decide which reason is appropriate. If you are not sure which legal grounds listed in the GDPR apply to you, please consult your legal counsel to ensure that the processing activities are justifiable. As always, careful recording is crucial to support these reasons the GDPR requires the protection of personal data through “appropriate technical and organizational measures to ensure a level of security appropriate to the risk” throughout the lifecycle of the data.
GDPR Recital 78 states that “to be able to demonstrate compliance with this Regulation, the controller should pass internal policies and implement measures which meet in particular the principles of data protection by design and data protection by default.”
GDPR policy does not enforce any security mechanisms, however it requires that data controllers and processors take into “account the state of art, the costs of implementation and the nature, scope, context, and purposes of processing as well as the risk of varying likelihood and respect of the private rights of users” in the event of data destruction, loss, alteration, disclosure or accidental or illegal or unauthorized access.
Here is a high-level overview of our GDPR compliance roadmap:
Appointment of a data protection officer
What ago mail is doing about the GDPR?
COMPLETED – March 19th, 2018
Do in-depth research on the areas of our products and activities impacted by GDPR
COMPLETED – March 19th, 2018
COMPLETED – Date: May 14th, 2018
Make necessary changes/improvements to our products based on requirements
COMPLETED – Date: May 18th, 2018
Add all the required changes to our main procedures required and maintain compliance with GDPR
COMPLETED – Date: May 14th, 2018
Thoroughly test all of the changes to verify & validate compliance with GDPR
COMPLETED – Date: May 24th, 2018
What do ago mail Customers need to do?
Please take legal advice about GDPR and make sure that all your data collecting processes comply with the GDPR. Make sure that your Terms of Service and Privacy Policies communicate to your users how you are using ago mail and any other similar services. The GDPR may impose a severe penalty on you if you don’t
For any questions, feel free to reach us via [email protected]