GDPR and Privacy Compliance | eMerge
 

GDPR and Privacy Compliance

Learn what eMerge is doing to comply with GDPR, and what it means for you.


In compliance with EU law, eMerge is becoming GDPR compliant by May 25th, 2018. We want to ensure that every one of our users and subscribers knows exactly what we're doing to meet GDPR compliance as well as how it pertains to them.

What is GDPR?

Going into law on May 25th, the General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union. The GDPR applies to any organization that uses the personal data of people located in the EU.

But I'm not in the European Union...

If you do any business with the EU, or have marketing campaigns which may be seen by EU residents, then GDPR compliance matters to you.

What is eMerge doing to comply with GDPR?

eMerge welcomes the GDPR as an important step forward to enhance data protection across the EU and the globe as an opportunity for us to strengthen our commitment to data protection and personal privacy.

As such, we have undertaken the following:

- Analyzed what personal data we process and confirmed our lawful basis for processing that data
- Updated our Privacy Policy
- Updated our Terms of Service
- Reviewed how we gather consent for marketing
- Implementing procedures related to data subject rights
- Improving our data breach response procedure
- Communicated with our customers about GDPR and how it affects our relationship with them and their role

What do eMerge users need to do to comply with GDPR?

Within the GDPR, there are two primary roles: Data "Processors" and Data "Controllers." As an eMerge user, you are a Data Controller - responsible for the personal data you collect in connection with eMerge (the Data Processor).

What are your responsibilities as a Data Controller?

You will typically act as the Data Controller for any personal information you collect in connection with your business. The Data Controller determines the purpose and means of processing personal data. When you choose to use eMerge's services to collect personal information, you are deciding the purpose and means.

Data Controllers are responsible for implementing appropriate technical and organizational measures to ensure and demonstrate that any data processing is performed in compliance with the GDPR. Controllers' obligations relate to principles such as lawfulness, fairness and transparency, purpose limitation, data minimization, and accuracy, as well as fulfilling data subject's rights with respect to their data.

eMerge recommends you seek advice from a GDPR consultant relating to your status and obligations under the GDPR, as only a qualified specialist can provide advice specifically tailored to your situation. Nothing on this page is intended to provide you with, or should be used as a substitute for, legal advice.

Where should you start?

As a Data Controller, the following are some tips on where to start with GDPR compliance:

- Assign a data protection business lead or appoint a Data Protection Officer.
- Create an inventory of personal data that you handle.
- Review your current data protection controls, policies, and processes to assess whether they meet the requirements of the GDPR, and build a plan to address any gaps. Again, it is recommended that you consult with a professional.
- Monitor updated regulatory guidance as it becomes available.

Getting Consent

If you are creating an email list with users from the EU, there is a requirement to collect explicit consent in a "freely given, specific, informed and unambiguous" way, which is reinforced by a "clear affirmative action."

In other words, your leads, customers, etc, need to physically confirm that they want to be contacted. Therefore, a pre-ticked box that automatically opts them is no longer sufficient. Opt-ins need to be a deliberate choice.

What is eMerge doing in-platform to help users comply with GDPR?

Alongside our recommended tips on GDPR compliance above, eMerge is adding a number of GDPR-focused features to our software to help our users ensure GDPR compliance:

Contact Unsubscribe Request
Contacts can automatically unsubscribe from receiving email communication from you. This tool can be found under Contacts > Compliancy Links in your eMerge account and is included by default in the footers of your eMerge emails.

Contact Delete Request
Contacts can request that their data be fully deleted from your eMerge account. This tool can be found under Contacts > Compliancy Links in your eMerge account and is recommended to be included in the privacy policy of your website.

Contact Data Request
Contacts can request that their stored data be exported from your eMerge account and sent to them. This tool can be found under Contacts > Compliancy Links in your eMerge account and is recommended to be included in the privacy policy of your website.

----------------

Where can I go for help?
Please contact support@easyeMerge.com if you need anything.