The General Data Protection Regulation (GDPR) regulates how you obtain, use and store personal data for European citizens and it goes into effect on May 25th 2018.
We've been working hard to ensure that we provide a GDPR compliant service to our clients and ensuring you have the necessary workflows to take action if you receive a request from an EU citizen exercising their rights under GDPR.
- If you require a signed Data Processing Addendum (DPA) please email your request to DPO@replyify.com
GDPR does not signal the end of cold emailing. It does, however, require you to make informed decisions that are compliant with the new regulation if you are prospecting and emailing citizens of the European Union and process their personal information like an email address.
For more information on how Replyify is prepared for GDPR and to learn more about your responsibility please refer to this blog post we wrote.
GDPR Rights for EU Citizens
- ERASURE: An individual will have a right to withdraw consent to store and use their personal data. They may request that the personal information be deleted. The Data Processor (Replyify) has the right to erase this data on behalf of the Data Controller if requested directly by the data subject.
- DATA PORTABILITY: You have the right to transfer your data from Replyify.
- RECTIFICATION: Replyify provides an accessible interface for our clients to update their information or information requested to be updated by a data subject.
- RIGHT TO BE INFORMED: With GDPR, companies must be transparent about how they gathered personal information. Replyify documents the process of data added to the system by the Data Controller.
- RESTRICTED PROCESSING
Individuals have the right to block and/or suppress the processing of their personal data. If suppressions is requested, an organization can still store personal information but they may not use it in any way.
- ‘STOP’ PROCESSING: Individuals (data subjects) have the right to object to you using and/or processing their personal data. If requested or demanded, you must cease processing the individual’s data immediately.
If you use our built-in unsubscribe links, you know that when a person clicks to unsubscribe they are directed to a confirmation page. We updated this page to include direction for an EU citizen ("Data Subject") who wishes to exercise any of their GDPR Rights.
They will receive an email to confirm their ownership of the email address. For security, the link expires in 1 hour but they can claim their email again in the future if the link expired.
When they click the confirmation link in the email, the Data Subject will be directed to a page where they can access all of the personal identifiable information Replyify has processed for that email address.
The Data Subject can exercise any/all of their GDPR Rights (see image above)
- Access - by confirming their email the Data Subject can access their information.
- Portability - the Data Subject can download a copy of their data.
- Rectification - the Data Subject can submit an edit to their data.
- Informed - be prepared to answer and justify how and why you gathered personal information for a Data Subject.
- Restricted Processing - the Data Subject can request to delete their information.
- 'STOP’ PROCESSING - the Data Subject can object to future processing of your information
*If a Data Subject Requests their data to be deleted, we will send you an email notification of our intent to automatically deleted the requested data. You have 72 hours to review this data here and make the necessary updates to other Data Processors who may also have this data.
Direct Request from an EU Citizen
If you (a Replyify customer) receive a direct request from an EU citizen to exercise any/all of their GDPR Rights, you are required to take documented action to fulfill the request in a timely manner.
You should direct the Data Subject to the workflow defined above if the Data Subject requests Access, Portability, Deletion or Objection to future processing.
You can use the existing Replyify contact management system to address Informing the Data Subject on how/why you process their data and Rectification. You can search for the contact in the Contacts Section of Replyify to export the contact record, unsubscribe, delete or make edits to the record.
ps - Check out The Cold Emailer's Guide to GDPR blog post that we wrote to help you work through the decision as to whether or not you are permitted to contact an EU citizen.
- The Replyify Team