We have spent months talking about the General Data Protection Regulation (GDPR). The 25th of May, which is the day when it goes into effect, is fast approaching. During this time, we have provide you with tons of information related to adapting your email marketing strategy.
On April 11th, 2018, we held a webinar going through the key points in which the new General Data Protection Regulation (GDPR) affects the email marketing strategy.
Editor’s Note: Benchmark provides information during the webinar and in this article for informational purposes only. Such information cannot be understood as legal advice. To get advice on any issue or aspect related to the GDPR, you should contact your lawyer.
In this article, we’ll do a quick review of what GDPR is. We also want to do a recap of how has Benchmark has adapted to the GDPR and about all the changes we have implemented and which you might need to know.
What is the goal of the new GDPR?
The main goal of the new GDPR is to provide users with final control over their personal data.
What benefits does the new GDPR provide?
- One continent, one law: a single, pan-European law for data protection, replacing the current inconsistent patchwork of national laws. Companies will deal with one law, not 28.
- One-stop-shop: a ‘one-stop-shop’ for businesses. Companies will only have to deal with one single supervisory authority, not 28, making it simpler and cheaper for companies to do business in the EU.
- The same rules for all companies – regardless of where they are established: Today European companies have to adhere to stricter standards than companies established outside the EU but also doing business in our Single Market. With the reform, companies based outside of Europe will have to apply the same rules when they offer goods or services on the EU market. This creates a level playing field.
- Technological neutrality: the Regulation enables innovation to continue to thrive under the new rules.
Roles and restrictions with the treatment of personal data
The GDPR lays out the responsibility on the “controller” who assumes the responsibility of the application of the Regulation. The controller is who determines the purposes and means of the processing of personal data. As a consequence the controller must also ensure that the way the personal data is treated is compliant with the GDPR.
If the controller for example has decided to use Benchmark as an email marketing software, he or she has to ensure that tools provided by Benchmark are GDPR compliant, granting the right of rectification, access or erasure. As you probably know, Benchmark provides that option through the “Manage subscription” link, which however does not appear as mandatory in the footer of the email. Therefore it’s the controller’s duty to activate and add it.
In this scenario, Benchmark is just a simple data processor software.
Until now, when a subscriber signed up through our signup forms it was not mandatory to inform him/her about the purpose of the data processing activities to be carried out. The GDPR mentions that the consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject’s agreement and should cover all processing activities carried out for the same purpose or purposes. When the processing has multiple purposes, consent should be given for all of them.
In addition, where processing is based on the data subject’s consent, the controller should be able to demonstrate that the data subject has given consent to the processing operation.
The GDPR advocates for simplicity in data collection. As marketers we tend to ask for more details than required (e.g. for sending out a simple weekly newsletter). This new Regulation encourages to collect the minimum data necessary for the current marketing strategy and not to ask for unnecessary data that may (or may not) be useful in the future.
The controller should grant the easy execution of the data subject’s rights, including mechanisms to request and, if applicable, obtain, free of charge, in particular, access to and rectification or erasure of personal data and the exercise of the right to object.
Treatment of personal data
The controller must inform the data subject of the existence of the processing operation and its purposes to grant a fair and transparent processing.
How is Benchmark complying with the new GDPR?
Find out all the details about How Benchmark adapts to the GDPR in this article.
Find the recording of our Webinar here:
If this article has been interesting for you, please, share it with your colleagues and friends.