What is GDPR?

The European Union (EU) passed a set of laws that enhance the protection of personal data of EU citizens called the General Data Protection Regulation (GDPR) in 2016. It went into effect on May 25, 2018, and changed the way companies can interact with personal data from EU citizens. The new set of rules strengthen data privacy and security for individuals within the EU. GDPR also outlines harsh penalties for violations of this legislation.

FrescoData is focused on maintaining GDPR compliance. Because of these changes, we have created new systems that use personal data from EU citizens in a compliant way. We have taken the main areas of interest from the legislation and discussed how FrescoData is compliant with applicable law:

Consent

With GDPR, personal data from EU citizens can only be processed if an individual has given clear consent to do so. Clear and concise language must be used to in the consent process. Consent must also be obvious and easy to understand for individuals as well.

At FrescoData, we work closely with our data providers in EU countries to ensure they have taken measures to secure personal data information in compliance with GDPR. We are tackling consent by moving to a double opt-in subscription system for our email lists. Double opt-ins force individuals to confirm their email address before they can receive email communication from a company or individual. This type of opt-in in email marketing is how we maintain consent compliance under GDPR.

Security

Under the GDPR personal data cannot be transferred outside of the EU. FrescoData already complies with this approach to email marketing.

  • Stroke 4@2xCreated with Sketch. Here is an outline of our process: Company A wants to send email marketing to their target market in Germany.
  • Stroke 4@2xCreated with Sketch. They contact FrescoData to set up this campaign on their behalf
  • Stroke 4@2xCreated with Sketch. Using an API, we connect to data lists from Germany to send out the campaign

In this scenario, neither FrescoData nor Company A sees the personal data targeted for the email campaign. This information is securely maintained by the FrescoData partner in Germany. The only way Company A can obtain the personal information of someone from that list would be if an individual responded to their campaign, consenting to sharing their personal information with Company A. This process allows FrescoData and the companies it works with to send email campaigns to individuals in EU countries, while also keeping personal data safe within its country of origin.

Right to be Forgotten

GDPR allows individuals to gain more control over how their data is collected and used. Individuals now need to have the ability to access it, update it, or remove it if they wish. FrescoData takes a practical approach to meet this standard. We include unsubscribe links in all of our email marketing campaigns, which individuals can click at any time to opt-out of communication with FrescoData and any affiliates. This allows EU citizens to feel confident that they have a choice in receiving email marketing from FrescoData.

FrescoData manages consent compliance by introducing double opt-in features to our subscription process. We are not moving personal information outside of its country of origin. Plus, we offer steps to edit, update or remove personal data from our email lists. FrescoData is committed to maintaining GDPR compliance.

For more information about GDPR, you can read the full text here. You can also learn about the legal terms in the provision here.