By now you might have heard snippets of news about the EU’s new data protection and privacy law. The General Data Protection Regulation (GDPR), which comes into effect May 25, 2018, is a pretty big deal for anyone who works in digital marketing, regardless of whether or not you live in the EU.
Giving EU residents control over their personal data
In an era of growing concern over how private companies access and apply consumer data, the GDPR was created to protect EU citizens from misuse of their personal information.
The GDPR represents a turning point in privacy legislation; it recognizes that citizens are the sole owners of their personal data. And it gives individuals the power to decide who can use their data, and for what purposes.
What is the GDPR and what does it mean for Cakemail users?
We’re here to break it down for you. Even though Cakemail is taking proactive steps to help its customers to comply, you are still responsible for ensuring that your data management and email practices comply with all GDPR regulations.
Here’s what we’re doing to support you
Cakemail is based in Canada and is PIPEDA compliant. Canada’s PIPEDA data privacy law is recognized by the EU as providing an acceptable level of protection. When EU citizens give you permission to collect their data, you don’t need to request further consent to export it to Canada.
Here at Cakemail, we’ve updated our Privacy Policy to reflect changes brought about by the GDPR. Our job as your PIPEDA-compliant email marketing provider is to educate you about obtaining consent from your subscribers, and to put the mechanisms in place so you know what’s required. Learn about complying with PIPEDA.
Your responsibility: obtain informed consent
Regardless of where you work and where your contacts live, you have one key responsibility under GDPR and PIPEDA: to obtain informed consent while you collect consumers’ personal data. It’s that easy. Make sure you clearly inform subscribers about why you’re collecting their data, and only collect data that are essentials to your communications.
Cakemail will continue to ensure that when individuals consent to share their information, they know their data is being used in their best interest. We have updated our default subscription forms to make sure subscribers give their informed consent. If you don’t use Cakemail subscription forms, you need to update your own forms.
We have a simple process for the data owner to ask for access, correction or destruction of personal data. To learn more, see our Privacy Policy. It’s your responsibility to establish a similar process whenever you manage your clients’ data.
Policy process review
For Cakemail, the GDPR represents an opportunity for us to continue reviewing and assessing our already rigorous policies and processes. These efforts guarantee the ongoing protection and respect of consumers’ personal data.
For other organizations — including yours — the GDPR is an opportunity to review processes that will bring transparency to data processing and data protection.
Introducing a new role: the Data Protection Officer
Cakemail has appointed a Data Protection Officer (DPO), whose role is to safeguard the rights of anyone who shares their data with our customers’, or resellers’ customers. Our DPO ensures that the data owner (the subject) remains confident that their personal information is being managed respectfully.
Have you appointed your DPO?
Data breach management
Today, newsworthy data breaches occur regularly in all types of business . The GDPR was crafted by people who understand that, despite rigour and efforts in security and protection, breaches will happen.
By focusing on prevention across your organization, you’ll increase your level of safety and develop a quick response in case data is breached.
Create a data breach plan. If a data leak occurs, a plan will help you understand, respond and minimize risks, and it will outline a process for informing data owners who are affected in order to keep their trust.
Audit compliance
Data protection is not a one-time effort; it’s an ongoing practice that is continually reassessed and improved. Cakemail has always been respectful of client and subscriber data. Our DPO is continually challenging all our rigorous practices, ensuring that personal data is protected and handled with care.
Have questions about the GDPR?
We’re here to help! Our Data Protection Officer is on hand to answer any questions you might have about the GDPR. Drop him an email: privacy@cakemail.com
