The General Data Protection Regulation (GDPR) is a European privacy law that became enforceable on May 25, 2018. The GDPR will replace the EU Data Protection Directive, also known as Directive 95/46/EC, and is intended to harmonize data protection laws throughout the European Union (EU) by applying a single data protection law that is binding throughout each member state.
Who Does the GDPR Apply to?
The GDPR applies to all organizations established in the EU and to organizations, established in the EU or not, that process the personal data of EU data subjects in connection with either the offering of goods or services to data subjects in the EU or the monitoring of behavior that takes place within the EU. Personal data is any information relating to an identified or identifiable natural person, including their email address. You should consult with legal counsel regarding the full scope of your compliance obligations.
Critical Impact's Preparation for the GDPR
Critical Impact is well prepared for GDPR, and we've added many new tools and functionality to help our clients comply with the GDPR. Additionally, we are certified under the EU-US Privacy Shield. This allows Critical Impact to transfer personal data among the European Union Countries, Switzerland and the United States, while still meeting data protection obligations under GDPR. Critical Impact's certification can be found on the EU-US Privacy Shield website here: https://www.privacyshield.gov/list.
What Can You Do to Prepare for the GDPR?
We put the power in your hands as it relates to your Critical Impact email marketing efforts and make those tools available in our system for your convenience. However, we don’t control your data, so there are actions that you need to take on your side to be GDPR compliant.
The GDPR regulation will require emailers to collect permission from their EU subscribers in order to send them email. If you do not have opt-in consent for your EU subscribers, you’ll most likely need to send a re-opt-in campaign to confirm opt-in status for those affected subscribers prior to May 25, 2018.
Available Tools to Help You Comply With the GDPR
Critical Impact is excited to announce that we are providing new tools to help clients with their own GDPR requirements, as it relates to your Critical Impact account. These tools are available now:
- List Building Tool
Quickly identify probable EU email addresses.
- GDPR Compliant Signup Forms
Our sign up form tool allows you to add fields that will help you comply with the GDPR laws for EU subscribers.
- Reconfirm Subscriptions
Give subscribers a chance to reconfirm their subscription in a GDPR compliant manner, by sending them a message with a reconfirmation link. When the user clicks the reconfirmation link, they will be added to a specific list in your account for easy record-keeping.
- GDPR Compliant Form Snapshots
When the sign up forms are submitted, Critical Impact will take a screenshot of the form at the time of submission so that we'll have record of what the form contained when the subscriber signed up.
Please note that this material is provided for your general information and is not intended to provide legal advice. You should consult with legal counsel regarding the full scope of your compliance obligations as the "Data Controller."