The European Union (EU) passed a set of laws which enhance the protection of personal data of EU citizens called the General Data Protection Regulation (GDPR) in 2016. It went into effect on May 25, 2018 and changed the way companies can interact with personal data from EU citizens. The new set of rules strengthen data privacy and security for every individual within the EU and requires companies to comply with these new strict rules. The GDPR also outlines harsh penalties for violations of this legislation.
FrescoData is focused on maintaining GDPR compliance. We realize that the way we can interact with EU citizens is changing. Because of these changes, we have created new systems that use personal data from EU citizens in a compliant way. We have taken main areas of interest from the legislation and discussed how FrescoData is compliant with applicable law:
With GDPR, personal data from EU citizens can only be processed if an individual has given clear consent to do so. Clear and concise language must be used to in the consent process. Consent must also be obvious and easy to understand for individuals as well.
At FrescoData, we have worked closely with our data providers in EU countries to ensure they have taken measures to secure personal data information in compliance with GDPR. We are tackling consent by moving to a double opt-in subscription system for our email lists. Double opt-ins force individuals to confirm their email address before they can receive email communication from a company or individual. This type of opt-in in email marketing is how we are ensuring consent compliance under GDPR.
Under the GDPR personal data cannot be transferred outside of the EU. FrescoData already complies with this approach to email marketing.
Here is an outline of our process:
1. Company A wants to send email marketing to their target market in Germany
2. They contact FrescoData to set up this campaign on their behalf
3. Using an API, we connect to data lists from Germany to send out the campaign
In this scenario, neither FrescoData or Company A see the personal data targeted for the email campaign. This information is securely maintained by the FrescoData partner in Germany. The only way Company A can obtain the personal information of someone from that list would be if an individual responded to their campaign, consenting to sharing their personal information with Company A. This process allows FrescoData and the companies it works with to send email campaigns to individuals in EU countries, while also keeping personal data safe within its country of origin.
Right to be Forgotten
GDPR allows individuals to gain more control over how their data is collected and used. Individuals now need to have the ability to access it, update it as necessary or remove it if they wish. FrescoData is taking a practical approach to meeting this standard. We include unsubscribe links in all our email marketing campaigns, which individuals can click at any time to opt-out of communication with FrescoData and the companies it is affiliated with. This allows EU citizens to feel confident that they have a choice in receiving email marketing from FrescoData.
FrescoData has tackled consent by introducing double opt-in features to our subscription process. We are not moving personal information outside of its country of origin. Plus, we have introduced procedures to edit, update or remove personal data from our email lists. FrescoData is committed to maintaining GDPR compliance. As we continue to learn more about the effects of the regulation, we will refine our compliance measures.