GDPR Update

The General Data Protection regulation (GDPR) is the European Union's (EU) new privacy law which provides a consistent set of rules and guidelines for all countries in the EU as well as the United Kingdom as to how personal data is collected stored and shared. The new law will be "immediately enforceable" as of May 25, 2018.

Net Atlantic is ready for the new policies and below we share several key concepts of GDPR and how Net Atlantic addresses them. As always, we recommend that you consult an attorney to ensure that your business is compliant, especially if sending email to any EU citizens. The reason is that GDPR affects all companies using personal data from citizens of the EU - no matter where that company is located.

Personal data can be any information related to a natural person or ‘Data Subject’ that can be used to directly or indirectly identify the person. For email senders, information such as customer names, email addresses, IP addresses, engagement-tracking data, and other similar data will likely be included under "personal data".

The GDPR seeks to protect a number of "key rights" of all EU citizens so that they have more control over their own personal data. Included in these key rights are:

Right to be Forgotten - Your subscribers have the right to request for all of their personal data to be deleted by any company that has collected or is currently storing it. Your subscribers also have the right to cancel their customer account and request that their personal data be erased and that it no longer be shared.

How Net Atlantic is ready: You may delete individual subscribers upon their request at any time. In addition individual subscribers may contact Net Atlantic to request deletion of their data from individual Net Atlantic user's accounts or across multiple Net Atlantic users' accounts (to the extent the subscriber is on more than one Net Atlantic users' list). It is important to remember that Net Atlantic lists work independently of each other, and deleting a subscriber from one list does not ensure that same email address will also be deleted from other lists where it may be present.

Right Of Access - Your subscribers have the right to access and retrieve any of your personal data you have provided to any company.

How Net Atlantic is ready: Our Privacy Policy describes what data we collect and how we use it. As mentioned above, any of your subscribers or contacts may contact us to request to access information that we hold about them.

Right To Rectification - Your subscribers have the right to rectify, change or complete their personal data at any time. In terms of email marketing, this means a process to unsubscribe and/or manage subscriber profile option must be provided.

How Net Atlantic is ready: You may access and update your subscriber/contact lists within your Net Atlantic account to correct or complete subscriber/contact information upon their request at any time. In addition, any data subject (your subscribers) may contact Net Atlantic directly to access, correct, and/or delete information that Net Atlantic may hold about the data subject.

Right to be Informed - Your subscribers have the right to ask, at any time, about personal data, how and why it is being used.

How Net Atlantic is ready: As mentioned above, our Privacy Policy describes what data we collect and how we use it.

Right to data portability - You have the right to export any of your contacts and any associated info for those contacts at any time.

How Net Atlantic is ready: You may export any of your lists, or selected information within any list, at any time by accessing your Net Atlantic account.

Email marketers need to pay special attention when it comes to consent as GDPR is extremely clear when it comes to how information and consent can be collected and stored. For any EU citizen, they must be allowed to expressly consent to join a mailing list and provide their personal data. Please check out this guide on consent under GDPR for more detailed information and explanations. 

Please visit the website for the GDPR for more information.