All Collections
GDPR
GDPR Compliance
GDPR Compliance
Liz Gannes avatar
Written by Liz Gannes
Updated over a week ago

The EU recently approved the General Data Protection Regulation (GDPR) and will begin enforcing on May 25, 2018. GDPR was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.

In short, it will streamline data privacy across the EU, and put in place new privacy protections for EU citizens. The way that we are getting compliant as a US company is by becoming a Certified Privacy Shield Member.

We created several new tools, forms, and support processes to help creators and their businesses get and stay compliant with the General Data Protection Regulation (GDPR).

New Features

1. Consent Checkboxes

You can now add 'Terms & Conditions' checkboxes to your forms and popups. This will be a required checkbox that your users will have to check before subscribing. You can also add a link to your terms page or privacy policy page here.

consentcheckbox2.png

2. Identify EU Subscribers and Get Consent

You can identify European subscribers and collect explicit consent from your existing EU subscribers. Using MailMunch's powerful segments and our brand new consent email templates, it's super simple to collect consent from existing subscribers.

3. Proof of Consent

You can see full proof of subscriber consent on the subscriber's page. It includes:

  • A timestamp of subscriber consent (time, date, location)

  • The source of the opt-in (website, social media, etc.)

  • IP Address of the subscriber at time of opt-in

consent4.png

4. Double Opt-In

The double opt-in process includes two steps. In step 1, a potential subscriber fills out and submits your online signup form. In step 2, they'll receive a confirmation email and click a link to verify their email, which is added to your MailMunch list.

Forms and Assistance

1. Data Processing Agreement

Our Data Processing Agreement (DPA) offers contractual terms that meet GDPR requirements and reflect our data privacy and security commitments to our customers. Each customer processing personal data on behalf of EU/EEA individuals is now able to sign this agreement here.

2. Right to be Forgotten

Under GDPR, each of your subscribers in the EU has the right to erasure (or the right to be forgotten), meaning they can contact you and we will delete all of their personal data from our systems. You can initiate this process on behalf of your customers here.

3. GDPR Audit Concierge

Getting an audit notice can be a scary process as you try to get all the necessary data together. If that happens to you, we want you to know we have your back and will get you any data we have that can help you comply with the audit. Just fill out this form to get in touch with our audit concierge team.

4. Privacy Shield Certified

We have filed for our Privacy Shield Certification so that we are able to process data in compliance with EU regulations.

Questions?

If you have questions on how best to implement these new features, drop us an email at [email protected] or contact us.

Did this answer your question?