The new general data protection regulation (EU GDPR) directly affects marketing practices, including email marketing. All marketers concerned with GDPR need to change rapidly how they seek, obtain and save consent.
How eMailPlatform adheres with the GDPR
Secured servers located in Denmark
All data is stored and processed on our secured dedicated servers. The data center is a TIER III + data center. The highest achievable safety level.
Delivery of emails to recipients
Additionally, we handle the actual delivery of your emails to the recipient’s server or service (e.g. Gmail, Hotmail/Outlook.com), something the vast majority of our competitors have outsourced to foreign companies.
This means that the sensitive delivery information and statistics in the MTA itself (the special SMTP server for outgoing emails) are under our complete control and reside on our own servers.
GDPR features in eMailPlatform
As your data processor, it is our most important task to ensure that your business can live up to your responsibility as the data controller. Therefore, we have developed a range of special features that extend beyond the EU’s GDPR directive.
The dilemma is the document requirement versus the right to be forgotten and deleted – not to be confused with the possibility of unsubscribing from a newsletter. In addition, under GDPR, any person has the right to receive of what has been collected and recorded of information.
A contact card in eMailPlatform contains a wide range of information about the person that either has been entered – or has been enriched from integrations with other systems – or derived from the behavior of the recipient. A behavior can be the opening of a newsletter, a click, update of information, or other underlying processes such as geographical location and much more.
If someone requests to be deleted according to GDPR, simply select Delete. Delete removes all unnecessary fields on the contact card, removes the contact from all lists, exports, and other data sets. However, it will always be possible to search the contact card again if you know the full email address. That way, eMailPlatform makes it easy to meet the documentation requirements set out in the GDPR.
Like this post so far? Follow us on Facebook so you never miss out.
Let us walk through a situation where a person has requested to be deleted:
As a data controller, you have to make sure it happens by deleting any communication with the person. The following day, the person decides to accuse your company of sending out SPAM. By making a search on the person’s email address in eMailPlatform, the above deleted profile will appear, and your company can document that you are compliant with the documentation requirement.
The Data Inspectorate has approved the process of keeping an absolute minimum of information to comply with the documentation requirement.
If a GDPR deleted person is to be re-registered, select “Resubscribe” at the top left on the contact card. A popup box says that it requires a confirmed signing up. We have done so to protect you and your company from unintentional re-enrollment.
Upon re-enrollment, the person will receive a confirmation email (SMS if the permission is on SMS), where the recipient must actively click on a confirmation link. Just as you know it from any other confirmed signing up.
After the recipient has confirmed the registration, a new contact card will be generated with a new unique SubscriberID.
The redirected contact has an average MailRating and no other information. Subscriber Source will be Re-subscribed and thus very easily identifiable.
In eMailPlatform, the original permission, i.e. the GDPR deleted contact, will still be preserved. Most of all, to document the original permission, but also to avoid any doubt that the deletion has been completed.
Flow from sign-up to re-enrollment
A contact can be recorded in eMailPlatform in several different ways. Either through a web form created in eMailPlatform and inserted on your company website or web-shop, through an integration with CMS, ERP system, popup solution or the like – or by import from Excel, CSV-file or as import through the DataSync that can handle very large and complicated data volumes.
The contact can either be verified before it is inserted into eMailPlatform or confirmed via a web form or through automation flows in eMailPlatform. After the contact is confirmed, they can receive outbound communication from you.
If the contact unsubscribes through a newsletter or email they have received, the status will change to Unsubscribed. After this, the contact will no longer receive any campaigns or outbound communication from you.
There is a difference between a completely normal unsubscribe where the person has not asked to be deleted, and then a requested deletion and possibly simultaneous disclosure of registered information.
Unsubscribe then “pauses” the contact card, whereas deletion removes all unnecessary information and directly blocks that email address from signing up to other lists. It is important to distinguish between an unsubscribe and a GDPR requested deletion.
Operating your business with multiple lists, for example, required by multiple brands, an unsubscribe from one list does not necessarily mean an unsubscribe from the other list – your other brand.
We have chosen this procedure because a signed-in person can contact and request registered data later. If a deletion was made directly on a cancellation, it would be difficult to comply with the law’s requirement for insight into registered information.
After a person, a contact, has been GDPR deleted, he or she may wish to be re-registered. This can be done either through an eMailPlatform web form, where the person completes the form and receives an email for confirmation, or through the special Re-subscribe feature, which also sends a message to the person, and asks that confirm the desire to be re-registered.
We can not see your data
All data you enter into eMailPlatform belongs to you and your company. We are just your data processor. And the data can be exported from our platform at any time.
In addition, we have made it impossible for our employees to identify the people behind your contacts in eMailPlatform. A rule removes 40% of the email address or mobile number – and replaces it with an asterisk.
We also cannot export the data without your prior approval.
In this way, we protect your data in the best way possible for your company data. It is neither a requirement in the Personal Data Act nor the GDPR, but an additional protection we have chosen to provide you with at eMailPlatform. On top of this, all data is encrypted on our servers and in our databases.
As always, our support is looking forward to hearing from you. Book your free demo of eMailPlatform now. We will show you eMailPlatform in action and answer all the questions you have before starting your email marketing journey.