TrafficWave and GDPR
The General Data Protection Regulation (GDPR): What is it? What is TrafficWave doing? What should you do?
To that end, we felt it important to provide you with information about the new General Data Protection Regulation (GDPR) that takes effect May 25, 2018 for all businesses who maintain the data of EU residents.
What Is The GDPR?
The General Data Protection Regulation (GDPR) is a European privacy law approved by the European Commission in 2016. The GDPR replaces the Data Protection Directive 95/46/EC. Its purpose is to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy, and to reshape the way organizations across the region approach data privacy.
This new law is effective May 25, 2018.
What Is The Goal Of GDPR?
The goal of the GDPR is to protect all EU citizens from privacy and data breaches in an increasingly data-driven world. The GDPR protects the following key rights:
- Right to be informed: You or your subscribers can ask about your personal data, how it is used, and why it is being used at any time.
- Right of access: You or your subscribers can request a copy of personal information at any time.
- Right of rectification: You or your subscribers can update (or request updates to) personal information at any time.
- Right of erasure: You may cancel your TrafficWave account at any time and request that TrafficWave erase your personal data, cease further distribution of the data, and potentially have third parties halt processing of the data. Your subscribers may also request that you or TrafficWave do the same for their personal data.
- Right to restrict processing: You may cancel your TrafficWave account at any time.
- Right to data portability: You may export any of your lists, or selected information within any list, at any time by accessing your TrafficWave account.
- Right to object: Your subscribers may unsubscribe from any of your emails at any time by clicking a link that appears in the footer of every message your TrafficWave autoresponder sends on your behalf.
What is TrafficWave doing to comply with the GDPR?
Through previously determined polices, TrafficWave is already in compliance with existing laws including Canada’s Anti-Spam Laws (CASL), The United States Can-spam Act (CAN-SPAM), and laws regarding the transfers of EU/EEA personal data. Effective May 25, 2018, are also fully GDPR compliant.
Who Does The GDPR Impact?
The GDPR legislation affects any and all businesses using email marketing services (i.e., data controllers) as well as email service providers (i.e., data processors).
What is a Data Controller?
A data controller is a natural or legal person, public authority, agency or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law. (See Article 4, GDPR)
What is a Data Processor?
A data processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller. (See Article 4, GDPR)
What do TrafficWave customers need to do to be in compliance with GDPR?
The implications of GDPR compliance are similar for both Data Controllers and Data Processors.
Continue to be compliant with the TrafficWave Terms of Service:
If you collect EU resident data, you will probably be considered a Data Controller and may have other obligations. We recommend you seek legal advice if you believe it is necessary to be fully compliant with GDPR.
You can learn more about the GDPR by visiting https://gdpr-info.eu.