This page explains the impact of GDPR on the use of INBOX only and is not applicable for any other aspects of your business. It should not be considered as legal advice.
What is GDPR?
The GDPR is the new European legislation meant to replace the 1995 Data Protection Directive
This regulation, which can be read in full on the CNIL website, is the new Europe-wide law governing the use and handling of individuals’ personal data.
It has 3 objectives:
Who does the GDPR apply to?
When should you be ready for GDPR?
All relevant actors must be in compliance with the GDPR by May 25th, 2018. Although this date may seem far off, you should start familiarizing yourself with this new legislation now so you are fully prepared by the time May comes around.
What penalties will be applied within new regulations?
Companies that are not in compliance with the GDPR could be fined anywhere from 2-4% of their annual revenue, or up to 20 million dollars, whichever is the higher amount.
What penalties willaHow is the GDPR different from the current regulations? be applied within new regulations?
One of the main goals of the GDPR is to extend the rights of European residents in regards to the handling of their personal data. This can be summarized as follows:
The GDPR has created new rights of access and data protection for “data subjects”:
One of the big changes in the GDPR is the new definition of consent, which should now be “given freely” and provided in the form of a “positive action” for each planned use case involving the subject’s personal data.
Opt-out practices (whereby subjects are automatically subscribed to a list, leaving it up to them to unsubscribe) and passive opt-in practices (pre-checked boxes in subscription forms) are now prohibited under the new regulation.
Opt-in is now the only way to get explicit consent, and therefore the only legal way to obtain and use your customers’ contact information.
This means that from now on you must:
It is important to note that this new definition of consent also applies to the personal data of European residents collected before May 28th, 2018.
If you have already received consent for the use of this data, you do not need to ask for it again. However, if your current lists do not comply with the GDPR, you must ask for explicit permission from your contacts with the use of an opt-in form.
This page is mostly concerned with summarizing the implications of your email marketing and marketing automation practices, but the GDPR also includes numerous other requirements: record keeping, nominating a Data Protection Officer, implementing a management risk process, etc.
Depending on your business and the nature of the personal data you process, the implications of the GDPR can be extremely far-reaching.
To better understand the requirements and legal ramifications for your organization, we recommend you consult a legal advisor specializing in personal data regulations.