What is GDPR?
The General Data Protection Regulation (GDPR) was created to empower individuals with more rights and protection when it comes to how their data is collected and processed within the European Union (EU). It is the most stringent privacy regulation to date, exceeding both Canada’s CASL and the United States’ CAN Spam in breadth and scope. Under GDPR, individuals have the right to see any and all personal data collected about them by companies. In addition, they have the right to have all that data completely deleted.
Why does this matter to you?
Even if your business is not located in the EU, GDPR affects any company that collects or processes personal data within the EU or collects or processes data about residents of the EU. As a result, you have responsibilities under GDPR and so does iPost.
GDPR defines two roles regarding data collection: data controller and data processor. The data collector determines what information is being collected and why, while the data processor collects, stores and manages data on behalf of the data controller. iPost assumes the role of the data processor. It is our responsibility to ensure that your data is stored securely and in compliance with GDPR. As the data collector, your responsibility is to comply with the set of principles relating to the processing of personal data. Non-compliance can result in stiff penalties and heavy fines. It’s a complicated piece of regulation and you can learn more about it directly on the EU information page.
How do you comply?
Compliance can only be ensured by consulting your legal counsel. In addition, be sure to read through the GDPR requirements and then review your data collection or data processing structure to find any non-complaint practices.
To be in compliance, you will also need the ability to delete a contact record when required. Below are the instructions for deleting a record from iPost:
- First, delete the email address and all related fields from your systems. Otherwise you run the risk of re-uploading the address back into iPost. Fines for violations are exceedingly high, so great caution and diligence is needed on this point.
- Next, send a message requesting that the email address and all related data be deleted from iPost to our dedicated GDPR service address: firstname.lastname@example.org. Use the subject line Request: Erase email address(es) and include the following information in the body of the email:
- Your name
- Your company name
- Address(es) to be deleted
A single request may include multiple email addresses.
What is iPost doing to help me comply?
We have taken steps to ensure iPost is GDPR compliant. Your compliance with GDPR is your responsibility, and we encourage you to work with your legal counsel to ensure you are complying. In addition to our own compliance, we are doing all we can to safeguard your data. We continually review security around the collection and storage of your data in order to ensure that it is protected. We are also registered in the Privacy Shield program to help with this ongoing process.