What is GPDR?
The EU General Data Protection Regulation (GDPR) is European legislation designed to increase protections around the processing of personal data of data subjects in the European Union.
When did the GDPR take effect?
The GDPR took effect on May 25, 2018.
To whom does the GDPR apply?
Subject to certain exceptions, the GDPR applies to any organization with an establishment in the European Union that is processing personal data. It also applies to any organization that processes the personal data of EU data subjects, regardless of whether the organization has a presence in the European Union or the processing is conducted within the European Union.
If you have a presence in the EU or collect, store, manage, analyze, or otherwise process personal data of EU residents, including email addresses, the GDPR's requirement may apply to you.
What did the GDPR change?
Note: This section covers many of the changes of the GDPR, but it is not intended to be exhaustive. We highly recommend seeking independent legal counsel to determine how GDPR affects your business.
The GDPR lays out a range of requirements related to consent, individual rights, and data processing. The below overview is a non-exhaustive summary of some of the important requirements of the GDPR.
Get ready to collect GDPR-friendly consent.
GDPR must be both informed and explicit. We created a guide to GDPR-friendly consent to help you understand the requirements and prepare accordingly.
Learn more about explicit consent, and find suggestions for using eduCRM to collect consent from new contacts, ask existing contacts to re-consent, and record and track proof of consent.
Learn how to set up opt-in confirmation.
Enabling double opt-in is a best practice that may help you comply with the affirmative consent requirements of the GDPR. When double opt-in is enabled, contacts must confirm their email address before receiving further communications.
You can learn how to enable double opt-in in this help center document.
Familiarize yourself with how to edit and delete contacts.
Under the GDPR, contacts have the right to request correction or deletion of their data. Familiarizing yourself with how to edit and delete contact information may help you comply with such requests once the GDPR takes effect.
Familiarize yourself with how to export contact data
The right to data portability and right of access enable contacts to request their personal data. Exporting contact data can help you comply with these requests.
You can learn how to export contact data in this help center document.
Learn how to add personal data usage statements to your opt-in forms
The GDPR requires you to tell people how you will use their data when you collect it - part of the new affirmative consent requirements.
Although the exact statements you need to include depend on how you use the data, you can include any statements you like using an HTML block in your eduCRM forms.
You can also use custom fields to add a check box indicating explicit consent.
Obtain proof of consent from existing contacts
The GDPR requires proof of explicit, affirmative consent from data subjects. Significantly, the regulation also applies to contacts from whom you have already collected personal data.
If you cannot demonstrate proof of affirmative consent for your contacts, you may need to contact existing contacts to obtain permission before the GDPR takes effect.
Delete contacts and lists you no longer need
The GDPR is intended to protect the privacy of data subjects, which includes minimizing the risk that data can be misused. Deleting unsubscribed contacts and lists you no longer use may make sense to reduce risk.
Consult a legal professional.
The contents of this page are informational and do not constitute legal advice. To fully understand the effects of the GDPR on your organization, we strongly recommend you seek counsel from your institution's legal department.