Please note: This document is intended for informational purposes only, and should not be taken as legal advice. If you have any questions or concerns about how GDPR affects your specific organization, it’s advised you consult with your own legal counsel.
What is GDPR?
The acronym “GDPR” stands for General Data Protection Regulation. This is a new data privacy law that was adopted by European Parliament in 2016. GDPR is intended to protect the privacy and personal data of European residents. In this document, we’ll be talking over how GDPR applies to Mad Mimi and to you as a sender, but for the most up-to-date and official information about this regulation, check out the official home page of the GDPR at www.eugdpr.org.
For additional learning about GDPR, the DMA has a handy checklist you can review and download here.
Although GDPR was adopted a while ago, you may be hearing more about it more recently. That’s because the two-year transition period is ending, meaning that any organization that processes personal data of European residents will need to be compliant with these new regulations by May 25, 2018.
These new GDPR rules set forth some stringent guidelines about how personal data may be collected, used, stored, protected, and shared with others. Personal Data is defined as any information that can be used to directly or indirectly identify a person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.
Mad Mimi is subject to the requirements of the GDPR because we process and store data about customers of ours that reside in the EU (that’s you!).
These rules also apply to you, because you own contact lists and data about your email recipients. As the controller (owner) of that data, it’s your responsibility to make sure that data is being used in accordance with any and all applicable legal regulations, including GDPR.
Although the law was adopted to protect European residents, it may still apply to your organization if you offer goods or services to, or monitor the behavior of, EU residents. In other words, it applies to any company processing and holding the personal data of individuals residing in the European Union, regardless of the company’s location.
So, what exactly are the new GDPR regulations, how do they affect Mad Mimi, how do they affect you as a sender, and how to they affect your recipients? Let’s dig in.
NOTE: This is not an exhaustive list of all GDPR requirements, and you are likely subject to privacy laws in other jurisdictions as well (e.g., U.S. Federal and State laws for U.S. companies). To determine exactly what is required of your business to ensure your compliance with GDPR and other applicable privacy laws, it’s best to speak to your lawyers!
What GDPR Requires of Services like Mad Mimi
Among other things, Mad Mimi is required to:
- Use certain levels of security to protect all stored personal data
- Notify the relevant authorities in the unlikely event of a security breach
- Obtain consent to store and process personal data of our users
- Keep records of what data we’ve stored and processed, and export or delete that data upon request
- And more!
What GDPR Requires of Senders like You
Among other things, you’ll also be required to:
- Obtain consent to store and process personal data of your customers and subscribers
- Erase or export data about customers and subscribers upon request
What Rights GDPR Grants to Your Subscribers:
Among other rights, your customers and subscribers have the right to:
- Know exactly what data is being stored, and to update or edit those details
- Be “forgotten,” meaning that all their personal data should be entirely erased
- Receive an export of all the data an organization stores about them
What Tools Are Available to Assist in my Compliance?
Disable View/Click Tracking
- Head to your “Audience” tab and search for that recipient’s email address.
- Click on the email address.
- On the next page, choose the option to “Disable view and click tracking for this person,” as shown here:
- Click the “Preferences” button that’s automatically included with that message.
- Check the link in the automated email they receive to access their Subscription Management page.
- Disable view and click tracking, as shown here:
When you delete a subscriber from your Mad Mimi Audience, all of their data will be entirely wiped from Mad Mimi systems. This means that we’ll no longer store any records of that subscriber’s previous activity in your account. Those details will be entirely deleted from any internal tracking we do behind-the-scenes as well.
Webform Age Confirmation and Terms of Service Link
You can add a checkbox to webforms that requires the subscriber to confirm their age in order to subscribe. You can also add a link to your organization’s Terms of Service right in your webform, so subscribers have easy access to that. Both of these can be accomplished by using the “Fancy Fields” webform feature:
Subscriber Data Export
This tool will allow you to export all personally identifiable information about any subscriber, per that subscriber’s request, in a portable CSV format. Once you’ve exported the CSV file, you can send it to the subscriber.
If you have any questions about using these tools, our awesome support team is available 24/7 at firstname.lastname@example.org. If you have any questions about GDPR compliance for your organization, it’s best to consult with your own legal counsel.