We are big fans of the General Data Protection Regulation (GDPR)! We believe it will pave the way for a new international standard of data management and email marketing for everyone – not just EU citizens.
The GDPR came into effect on 25th May 2018. It ensures that businesses are collecting and handling personal data in a way that protects the privacy of EU citizens. It’s a great opportunity for businesses to improve processes and also to build better relationships with their customers. Even if you are not dealing with EU citizens’ data, this level of compliance will set you apart as an industry leader that cares about its customers.
To start collecting and processing the data of EU citizens, or to be an industry leader, there a few things you may need to do to enable you to be GDPR compliant. It is however important to seek your own legal advice for matters relating to your business.
Compliance is a group effort
The GDPR applies to anyone who collects and processes the data of EU citizens in relation to the offer of goods or services or the monitoring of their behaviour.
As an email service provider, Vision6 is a “Processor” of data. This is on behalf of “Controllers”, the businesses that use Vision6 for their email marketing. Controllers have primary responsibility for data protection. We have also taken steps to ensure you have all the tools you need to help you become compliant.
Re-consent campaigns
To be able to prove consent, companies had to engage in re-consent campaigns before GDPR came into effect, even for people on their lists.
To help with re-consent campaigns, we have updated our search function so existing EU subscribers can be more readily identified. We have also created GDPR-compliant web forms and email templates to ensure ongoing compliance.
The Vision6 tools to help you meet the GDPR consent requirements include:
- Updated advanced search tool to help identify EU subscribers
- User-friendly workflow to make re-consent campaigns easy
- GDPR-compliant web forms
- Recording of subscriber consent details and the ability to easily send to that contact if required
Launching a re-consent campaign is a great opportunity to empower your subscribers. You can be sure that you are engaging your subscribers and they want to hear from you. You may even see a boost in open rates and click-through rates.
Subscriber rights
To ensure your business supports the rights of subscribers under the GDPR, we updated our unsubscribe functionality and contact records.
The right to be forgotten means that subscribers may request at any time to have their entire data set deleted. Plus our footer templates already include the unsubscribe function. Our preferences functionality also allows subscribers to easily opt-out at any time. If the subscriber requests to be forgotten Controllers must delete the subscriber’s data as soon as possible.
The right to object means that subscribers can request that their data is not used for particular purposes. Your subscribers may give consent to how you use their data, as outlined in your updated GDPR-compliant Terms and Conditions and Privacy Policy. A re-consent campaign is a great way to ask your database to re-consent to the marketing materials they like receiving using the new Vision6 List Preferences feature.
The right to rectification means that subscribers can update their own data at any time. You can manage this through the Update Profile function built into our footer templates.
The right of access means that subscribers can access a record of their own data. We have ensured that contact history is accessible in Contact Details and you can email customer records if you receive this request.
The right of portability means that subscribers can request to have their data transferred to another organisation. You can do this easily within the Contact’s Details screen under Consent History.
Transparency is key
The main purpose of the GDPR is to ensure that businesses are collecting and processing the data of EU citizens in a fair and transparent way. Controllers are responsible for deciding what data is collected, how it is collected and processed and the legal basis for having that data. This should be clearly outlined in your Terms and Conditions and Privacy Policy.
Vision6, as a Processor, have taken steps to ensure that you have the tools you need to best support your relationship with your subscribers and help ensure your compliance with the GDPR.
Originally published on 3 May 2018. Kym Morley updated this post on 25 July 2019 for accuracy and timeliness.