Update on GDPRby Seb
In the last few months, we've been busy together with our legal advisors to make SpecificFeeds fully compliant with GDPR, the new EU regulation. This post provides a brief update on the subject.
What is GDPR?
GDPR (General Data Protection Regulation) is a new regulation affecting all EU/EEA countries and Switzerland, aiming to make the processing and storage of confidential information (esp. data which identifies persons, such as emails, IP addresses etc.) better regulated and safer. It replaces the outdated Data Protection Directive and can be considered the biggest change in data privacy protection in 20 years.
Does GDPR affect me?
If you're a publisher, using SpecificFeeds to update your followers about your new posts (which has many advantages), then the answer is a very, very likely "Yes!". That's because even if you or your company is not based in an EU/EEA country or Switzerland, at least some of your followers are, and the handling of their data falls under GDPR.
What changes does GDPR bring?
Some "highlights" of GDPR include:
Importance of getting consent explicitly: It has to be unambiguous that followers provided the consent to be emailed (or contacted in other ways) for the purpose you're contacting them for.
It will not be permitted anymore to collect users' contact information for a certain purpose (e.g. for sign up) but then send them marketing emails not related to their sign up, i.e. emails to which they didn't agree to.
And: their agreement has to be explicit. If you ask for their email so that they can download your e-book, then it is not sufficient to state at the bottom of the subscription form something like "By signing up, you agree to receive marketing emails from us". The user needs to agree to it explicitly, e.g. by clicking a checkbox.
Possibility to withdraw consent (easily): After consent has been given, the user must have the option to easily withdraw it again (e.g. by clicking an unsubscribe-link in the email he received, which doesn't require any login).
Right to rectification: The "data subject" can request that incorrect data gets corrected.
Right for deletion: Users have the right to ask for a complete deletion of their data (also called "right to be forgotten")
- Right for moving of data: The data subject will have the right to received the personal data conserning him.
If you want to know more about GDPR, visit the official GDPR homepage, or, if you prefer a layman's explanation instead of too much legalize, have a look at this easy-to-understand explanation of GDPR.
What are next steps?
We are working on finalizing our GDPR-readiness and will provide an update before GDPR comes into effect on May 25th, 2018.
If you have any questions about GDPR or related topics in the meantime, please don't hesitate to contact us.
Note: This article does not provide legal advice. If you have any legal questions about GDPR, please seek professional legal counsel.