Terms and Privacy •
What is GDPR
GDPR (General Data Protection Regulation) is a new regulation base on personal data protection of the European Union citizens.
When will GDPR take effect?
The GDPR will be released on May 25th, 2018.
Who is concerned by GDPR?
Any organizations who are processing with personal data in the European Union. No matter if your organization is based in the European Union or not, if you collect, manage, store or analyze data or any type, GDPR will be affected your organization. |
Where does GDPR Apply?
It applies to all 28 European union member states and to organizations outside the European Union when processing the data of EU citizens.
What happens if I don’t comply GDPR regulation?
Fine up to €20,000,000 or up to four percent of the company’s annual "global turnover". More details in this article
Basically, you’ll have to handle with 3 key concepts:
Consent
Consent, defined in Article 4, is approached during all of the GDPR's text. Generally, the GDPR is much higher standards of consent compared to the Data Protection Directive.
Consent under the GDPR requires to be both explicit and informed. Organisations must present information about processing "in a concise, transparent, intelligible and easily accessible form, using the clear and plain language" (Article 12).
Organisations will need clear consent from individuals where data processing is based on consent. They must be able to prove individuals have given consent to process their data (Article 7).
When organizations collect personal data, they are obliged to divulge certain information in accordance with Article 13.
Individual Rights
Articles 12-23 introduce the individual rights covered by the GDPR. Generally, the GDPR extends individual rights to personal data.
Right of access
Covered by Article 15, the right of access means individuals can request information about how their data is being used but also a copy of the data itself.
Right to rectification
According to Article 16, individuals are allowed to contact a Controller to modify inaccurate personal data.
Right to be forgotten
According to Article 17, individuals can request that their data be erased under certain specific circumstances. These circumstances include, but are not limited to:
- If the individual removes consent
- If the original reasons for the data collected are no longer needed to be processed
- If the data was used unlawfully
Right to a restriction of processing
Though the Article 18, individuals have the right to restrict how their data is used.
Right to data portability
According to Article 20, individuals have a right to request their personal data to use it somewhere else.
Right to object
Article 21 claims that people can object the processing of their data in certain conditions, "unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject or for the establishment, exercise or defense of legal claims".
Data Processing
This part of the article will look over the data processing requirements and provide links to pertinent part of the GDPR’s text.
Controllers and Processors
A Controller is an organization that defines how personal data will be used. A Processor is an organization that using personal data on behalf of the Controller. The specific responsibilities of each party are explaining in Articles 24-43.
In our case, Taximail is a Processor and Taximail’s users are Controllers.
Data processing agreements
Article 28 claims that Controllers must have clearly documented contracts with Processors that define the scope of processing. These contracts must be "in writing, including in electronic form." Requirements for processing contracts can be found in the remainder of Article 28.
Data protection officers
According to Article 37, organizations will be required to name a data protection officer. The specific responsibilities of a data protection officer are covered in Article 39. The data protection officer is responsible for compliance with the GDPR regulation.
Transfer of personal data to third countries or international organizations
Articles 44-50 of the GDPR cover the specific requirements of personal data transfer to third parties or international organizations. The GDPR does have some requirements for such transfers.
Tips to prepare for the GDPR using Taximail
Run a double opt-in confirmation campaign
Enabling double opt-in is the best way that may help you comply with the "consent" requirements of the GDPR.
Once is enabled, contacts will confirm their email address before receiving further communications.
You can learn how to enable double opt-in in this help center document.
Edit and delete contacts
With GDPR, Contacts can request correction or deletion of their data.
Prepare yourself with how to delete and edit contact information might help you comply with GDPR requirements.
You can use our help docs to learn how to Update subscriber's information and Remove a subscriber in a list.
How to export contact data
The right to data portability and right of access let contacts to request their personal data anytime.
Exporting contact data can help you comply with these requirements.
You can learn how to export contact data in this help center document.
Get proof of consent from existing contacts
The GDPR requires you to demonstrate proof of affirmative and explicit consent from subjects. The regulation applies to the collected personal data from your current contacts.
You may need to reach out your existing contacts to obtain consent before the GDPR takes effect and if you are not able to demonstrate proof of their consent.
Delete contacts and lists you no longer need
The GDPR is intended to protect the privacy of data subjects, which includes minimizing the risk that data can be misused. Therefore you should delete lists and unsubscribed contacts that you no longer use.
You can learn the differences between contact statuses in Remove a subscriber in a list.
Taximail’s help
What are we doing to help you comply with GDPR regulation?
Since the GDPR regulation takes effect on 25th, may 2018, Taximail updates his privacy, terms, and conditions as well as provide you tools to help you comply with GDPR requirements.
GDPR pop-up forms
In order to get the consent of your contacts, we will update this feature to let you add and edit key information to comply with the regulations.
We've updated the pop-up forms to a GDPR-friendly form. In just a few clicks, you’ll be able to enable GDPR-friendly fields for your pop-up forms connected created from your Taximail account.
These forms will get separate checkboxes so contacts can choose whether to opt-in to each element of your Taximail marketing messages, and you’ll be able to customize the field labels, checkbox options, and legal text.
Terms and Conditions update
Taximail did update his terms and conditions as well as our privacy policy. We recommend you to do update it as well then send an email notification to your customers.
How to handle with contact requests
In order to comply with the modification, deletion, correction, and exportation for the contact data you should be able to handle perfectly with this features
Please reach out our help center -> Manage your list in "The basics"