It took the European Union four years to prepare a new set of standards for data protection. Finally, the General Data Protection Regulation (GDPR) is ready to take effect in upcoming May.
SendPulse is a company with a worldwide clientele, so we are preparing a list of measures to be taken to adhere to the latest data privacy and protection standards.
Data processing consent and its revocation
Our subscription forms are already underway. We are going to add extra checkboxes for user consent to each form. Moreover, our users will be able to update their subscribers’ consent via email.
According to the Regulation, the user consent must be expressed by a clear affirmative action. This means that it won’t be valid if there was no option for a user either to decline the request to process their personal data, or to revoke such consent.
If the user agrees to the processing of their personal data, the controller must be able to prove that. Pre-ticked “agree” boxes or other methods that provide a passive consent or consent “by default” will no longer be used.
Furthermore, we will offer an option to withdraw clients’ consent easily.
Tracking Cookies
SendPulse will notify its users about tracking cookies. The language of the message will be adapted to each user based on their location to ensure they can fully understand the notification while agreeing to the policy.
Data storage security
Our team of developers is verifying the data security system to prevent leakage of sensitive information and protect it against any manipulations by third parties. In case of any data leakage, SendPulse users must inform the regulator, European Data Protection Supervisor, within 72 hours.
Personal data editing
SendPulse users will be able to edit and export personal data of their subscribers directly in their accounts.
Summing up
On the one hand, implementation of the GDPR is a challenge for every company which has clients with EU residency, let alone high penalties for its violation. On the other hand, it is a great opportunity for a company to revise and improve its security policies and procedures. More importantly, the new regulations are to ensure uniform data privacy standards leading to the simplified economic relations between international companies.
In light of these regulations, SendPulse is going to revise its subscription forms, provide an option for users to edit and export personal data, as well as withdrawing the consent given earlier.
The listed measures will not only avert any possible conflicts with the new supervisory authority but also improve mutual trust between the customer and the company which is storing their confidential data.