How to make sure you are compliant
Off course, this is relevant mostly for European contacts.
By chance, our subscription forms are built in a way that you don’t need to worry about the consent aspect of email marketing. Not only do we have 2 different checkboxes for consent and subscription, but we also have double opt-in! Meaning that your contacts need to confirm their subscription in order to receive emails from your company.
Here are 6 steps to make sure your company is consistent with the GDPR:
- Name a DPO (Data Privacy Officer)
- Maintain a record of treatments and evaluate the impact of the GDPR.
Who: Actors responsible for the data treatment.
What: The nature of the personal data being collected in your forms.
For what goal: Indicate why you are collecting this data and how will you use it.
How: The actions made to treat the data and to secure the process of collecting it.
Where: You must be able to identify where the data comes from and where it is going; transfers, the country and the host’s address.
Until when: determine the duration that you will keep the data.
- Determine the actions with higher priority.
- Such as: the consent, the respect of private life, the right to erase data and the right to transfer his data.
- Conduct an impact analysis to manage risks.
- Such as: a study to determine the risks of the potential non-conformity, to determine how to improve the data treatment for it to respect your users rights.
- Initiate the appropriate internal procedures.
- Verify the technology capacities, the training of your team.
- Keep a proof of conformity on paper.