6 Ways We Make GDPR Compliance Easy
The General Data Protection Regulation (GDPR) is fantastic for Australian business.
We believe it creates a new international standard of data management and email marketing for everyone – not just EU citizens.
The GDPR, from 25th May, asks businesses to collect and handle personal data in a way that protects the privacy of European citizens. It’s a great opportunity for businesses to improve processes internally and also to build better relationships with their customers.
Even if your business does not collect or process the data of any EU citizens, this level of compliance will set you apart from your competitors. It’s also a great opportunity to set your business apart as a business that cares and maintains the data for customers and leads alike, and leader within your industry.
To ready your business for the GDPR there a few things you may need to do to enable you to be compliant with the new regulation. It is however important to seek your own legal advice for matters relating directly to your business.
Compliance is a group effort
The GDPR is applicable to anyone who collects and processes the data of EU citizens in relation to the offer of goods or services or the monitoring of their behaviour.
As an email service provider, BrandMail is a “Processor” of data on behalf of “Controllers”. “Controllers” are the businesses that use BrandMail for their email marketing. Controllers have primary responsibility for data protection, but we have also taken steps to ensure you have all the tools needed for simple compliance.
Re-consent campaigns
To help with re-consent campaigns, we’ve updated our search function so existing EU subscribers can be more readily identified. We have also created GDPR-compliant web forms and email templates to ensure ongoing compliance. You’ll see these rolled in your account over the next couple of weeks for you to launch your own re-consent campaigns.
This step must be completed by May 25 as you need permission to control the data of EU citizens with the required proof of consent from that day onwards – even if they are already in your list.
The new BrandMail tools to help you meet the GDPR consent requirements include:
- Updated advanced search tool to help identify EU subscribers
- User-friendly workflow to make re-consent campaigns easy
- GDPR-compliant web forms
- Recording of subscriber consent details and the ability to easily send to that contact if required
Launching a re-consent campaign is a great opportunity to empower your subscribers and support your relationship with them. You can be sure that your subscribers are engaged and want to hear from you and you may even see a boost in open rates and click-through rates.
Subscriber rights
To ensure your business supports the rights of subscribers under the GDPR, we’ve updated our unsubscribe functionality and contact records.
The right to be forgotten means that subscribers may request at any time for their entire data set to be deleted. All footer templates already include the unsubscribe function and we are updating our preferences functionality so subscribers can easily opt-out at anytime. If the subscriber requests that all of their data be completely removed, Controllers must delete their account as soon as possible.
The right to object means that subscribers can request that their data is not used for particular purposes. Your subscribers may give consent to how you use their data, as outlined in your updated GDPR-compliant Terms and Conditions and Privacy Policy. A re-consent campaign is a great way to ask your database to re-consent to the marketing materials they like receiving using the new BrandMail List Preferences feature.
The right to rectification means that subscribers can update their own data at anytime and is managed through an Update Profile function built into our footer templates.
The right of access means that subscribers can access a record of their own data that has been collected and processed. Once Controllers have received this request, we have ensured that contact history is accessible in Contact Details and can be emailed to the customer that has requested their record.
The right of portability means that subscribers can request that their data be transferred to another organisation. You can do this easily within the Contact’s Details screen under Consent History.
Transparency is key
The main purpose of the GDPR is to ensure that businesses are collecting and processing the data of EU citizens in a fair and transparent way. Controllers are responsible for deciding what data is collected, how it is collected and processed and the legal basis for having that data. This should be clearly outlined in your Terms and Conditions and Privacy Policy.
BrandMail, as a Processor, have taken steps to ensure that you have the tools you need to best support your relationship with your subscribers and help ensure your compliance with the GDPR.
Want to know the real technical aspects of GDPR and how GDPR affects businesses outside of the EU?
If you have any questions regarding how to get your businesses email marketing compliant with GDPR get in touch and we can help.