GDPR is a legalisation that is going to affect email marketers. Businesses failing to comply may face huge fines.
Learn here how to choose an email verification service to avoid being fined!
GRPD (General Data Protection Regulation) is a legalisation approved by the European Parliament in 2016 that clearly defines how European personal data must be handled. European Parliament provides 2 years for businesses worldwide to comply with its regulation. The GDPR becomes enforceable in May 2018.
It affects all businesses worldwide, not only European!
GRPR comes with the extended jurisdiction, as it applies to all companies processing the personal data of data subjects residing in the Union, regardless of the company’s location. Non-Eu businesses processing the data of EU citizens will also have to appoint a representative in the EU.
The 28 EU countries are: Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden and the United Kingdom.
Well, first of all it is to protect personal data, it is in everyones interest. But to make sure the regulation is absolutely followed to the letter, companies not complying with the regulation may face a significant fine. Whether you are running an European business or you handle (control or process) European personal data, you must comply with the regulations to avoid your business being taken out.
Under GDPR organisations in breach of GDPR can be fined up to 4% of annual global turnover or €20 Million (approximately 24.5 Million USD) (whichever is greater).
For the first time, the European Commission is exporting European data protection principles to the rest of the world.
So if you are a company based in the US, and all your customers live in the US, you still have to comply with GDPR if any of your customers is an European citizen.
If you collect personal data, such as name, address, phone number, email address, picture of customers or subscribers, and any of them happen to be European you must comply with GDPR.
If you use email marketing, or direct mail, or have a call centre reaching out to your EU customers you must comply with GDPR.
Approximately 95% of our customers must comply with GDPR, whether they are running a business in the EU, US or anywhere in the world.
PrivacyShield provided a self certification method for US companies to provide services even if dealing with European data.
However, at the time of writing this article (February 2018), it does not automatically guarantee, that a US company with PrivacyShield certification comply with GDPR. And there are no signs showing that PrivacyShield will ever provide guarantee that a certain US business can be trusted in terms of GDPR.
In October 2017 the European Commission has conducted a review of PrivacyShield and found major gaps that requires immediate action. E.g.:
Most of these concerns are still awaiting to be addressed.
Until false self-certification is prevented in the US, a PrivacyShield logo doesn't provide any proof for the company complying with European standards of data protection.
The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.
Email address is personal data.
You must have a valid lawful basis in order to process personal data, such as a solid opt in process, and to make sure you keep data secure.
In terms of email verification service the user / customer who verifies email addresses is the data controller.
If you are a controller, you are not relieved of your obligations where an email verifier service is involved – the GDPR places further obligations on you to ensure your contracts with the email verifier comply with the GDPR.
A processor is responsible for processing personal data on behalf of a controller. In our case the email verification company is the data processor.
Email verification services are required to maintain records of personal data and processing activities. They have legal liability if responsible for a breach.
It is not enough if your business complies with GDPR, but the email verification service you use must comply with GDPR too.
Watch who you share your data with, it can get you into bigger trouble, than not having proof for opt in.
Your business may face up to 20 Million Euro (24.5 Million USD) fine if you fail to comply with GDPR, even if you are a non-EU business.
Whether you are based in the US, India, Brazil, or anywhere else in the world, you must make sure you follow GDPR.
Let's say you don't have proof for opt in and there are hundreds of complaints on you. You are likely to get a fine. Probably a small one.
But if you upload tens of thousands of EU personal data into a shady website, and they sell those details. You will get the big fine. The €20 Million ticket will be given to those who committed or cooperated in a data breach.
Don't risk your entire business by using shiny but shady email verifiers.
There are hundreds of email verification services online. Some better than others, but most of them are illegal! Be careful, who you choose.
Remember, it is your responsibility as a data controller to use data processors (e.g. email verifiers), that comply with GDPR.
Before choosing an email verifier you must ask the following questions to avoid being scammed:
Whether you are European or not, you can trust a well regarded British email verification company.
We will never sell or use your contacts. Our servers are based in the European Union. And we follow European data protection principles.
In our Data Protection Policy you can find the most important information you need about HubuCo and GDPR.
Should you need any further information or you need us to sign a GDPR contract, feel free to contact our support.