What is GDPR?
The European Union (EU) passed a set of laws that enhance the protection of personal data of EU citizens called the General Data Protection Regulation (GDPR) in 2016. It went into effect on May 25, 2018, and changed the way companies can interact with personal data from EU citizens. The new set of rules strengthen data privacy and security for individuals within the EU. GDPR also outlines harsh penalties for violations of this legislation.
FrescoData is focused on maintaining GDPR compliance. Because of these changes, we have created new systems that use personal data from EU citizens in a compliant way. We have taken the main areas of interest from the legislation and discussed how FrescoData is compliant with applicable law:
With GDPR, personal data from EU citizens can only be processed if an individual has given clear consent to do so. Clear and concise language must be used to in the consent process. Consent must also be obvious and easy to understand for individuals as well.
At FrescoData, we work closely with our data providers in EU countries to ensure they have taken measures to secure personal data information in compliance with GDPR. We are tackling consent by moving to a double opt-in subscription system for our email lists. Double opt-ins force individuals to confirm their email address before they can receive email communication from a company or individual. This type of opt-in in email marketing is how we maintain consent compliance under GDPR.
Under the GDPR personal data cannot be transferred outside of the EU. FrescoData already complies with this approach to email marketing.
- Here is an outline of our process:
Company A wants to send email marketing to their target market in Germany.
- They contact FrescoData to set up this campaign on their behalf
- Using an API, we connect to data lists from Germany to send out the campaign
In this scenario, neither FrescoData nor Company A sees the personal data targeted for the email campaign. This information is securely maintained by the FrescoData partner in Germany. The only way Company A can obtain the personal information of someone from that list would be if an individual responded to their campaign, consenting to sharing their personal information with Company A. This process allows FrescoData and the companies it works with to send email campaigns to individuals in EU countries, while also keeping personal data safe within its country of origin.