Hello everyone,

The upcoming GDPR (General Data Protection Regulation)  will go into effect for all residents of the European Union in May 2018.

The GDPR will affect every email marketer with subscribers in the EU. This law addresses the exportation of individual personal data for EU residents. According to the GDPR and current EU privacy regulations, email marketers can only send emails to double opt-in contacts. 

Here are the relevant GDPR regulations:

• Articles 4(11), 6(1)(a), 7, 8 and 9(2(a)) (Recitals 32, 33, 42 and 43) elaborates on what constitutes proper legal consent. Any activity such as ticking a box in your webpage or expressing explicit consent as a statement is counted. Pre-ticked boxes, inaction, or opt-out mechanisms do not hold valid consent. Recital 32 states, "...ticking a box when visiting a website, choosing technical settings, or by any other statement or conduct which clearly indicates… the data subject’s acceptance... Silence, pre-ticked boxes or inactivity should therefore not constitute consent. " ("Data subject" refers to a subscriber/recipient).

• Article 15, Recitals 2,3 relates to subject access. This means that the data subject has the right to confirm that any personal data being held in other countries is safe. According to Article 15, Recital 3, "Where personal data are transferred to a third country or to an international organization, the data subject shall have the right to be informed of the appropriate safeguards... relating to the transfer."

• Recitals 2,3,4 detail the right to object. At any time, the subscriber can object to the usage of their personal data (contact info, bank account details, etc.) for direct marketing purposes. Any marketers concerned must take the necessary action. Recital 2 states, " Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time ......" 

For further information please refer to the official documentation: 

•  GDPR Text
• GDPR press release
•  FDPA (Federal Data Protection Act)

A note on penalties:

Non-compliance with GDPR can lead to huge fines. If you have EU subscribers in your mailing list with that don't meet the GDPR standards, you are likely to be fined for improper record keeping, and failure to notify the supervising authority. It is important to note that these rules apply to both controllers and processors (marketers).

Collection and Preservation of data

With this in mind, Zoho Campaigns, as an email marketing service provider, would like to confirm that all subscribers (of Zoho Campaigns' customers) have given their consent via opt-in (permission-based) methods and that they’re interested in receiving email newsletters from our customers. 

Zoho Campaigns store the essential details about subscribers who have signed up via Zoho Campaigns sign up forms. Upon importing subscriber details, customers should collect and store certain information about their subscribers.

We request that our customers collect and save the following details for all subscribers 

• Sign up form URL,
• Sign-up date and browser details, IP address of recipients who joined via sign-up forms.
  

Zoho Campaigns strongly recommends that our customers send permission-based marketing emails/newsletters to their subscribers. Ask your marketers to remove any old (unresponsive for up to three months) contacts from their mailing lists and send re-engagement emails. 

For any further clarifications or support on this subject, please don't hesitate to drop us a line at support(at)zohocampaigns(dot)com. Our team is always happy to help you out!

Thanks, 

Krithika.S