WHAT IS THE GDPR?
The General Data Protection Regulation (GDPR) is an EU legislation that standardizes and strengthens data protection policies. It goes into effect on 25 May 2018.
WHO MUST COMPLY?
The GDPR applies to firms located in the EU and firms outside of the EU that offer goods or services to or monitor the behavior of EU residents.
WHY SHOULD I COMPLY?
The GDPR imposes administrative fines of up to €20m or 4% of worldwide revenue, whichever is greater.
EMAIL PROCESSING RISKS
Watch a 120-second primer on how MailControl helps you become GDPR-compliant.
A SINGLE EMPLOYEE CAN PLACE YOUR ENTIRE FIRM AT RISK OF GDPR NONCOMPLIANCE
“In order to carry out the data processing activity consisting in retrieving from the recipient of an email, whether the recipient has read it and when and whether it has forwarded it to third parties, unambiguous consent from the recipient of the email is necessary. No other legal grounds justify this processing. Therefore, the data processing that is performed secretly is contradictory to the data protection principles requiring unambiguously given consent, laid down by Article 7 of the Data Protection Directive.”
“Before sending the first message with tracking pixels, the individual must be informed about the collection of personal data through this technology.” Also, transfer of the data to the U.S. Based tracking server requires adherence to either Privacy Shield or based on exceptions provided by Article 30 of law no. 677/2001, or under the standard contractual clauses or the binding corporate rules which needs an authorization by the supervisory authority (article 29(4) of Law no. 677/2001). In all situations in which the data controllers transfer data abroad, they have the obligation to inform the data subjects on this matter.”
“Since embedded hidden tracking pixels are not necessary in relation to the initial purpose for which personal data of the email recipient are processed and having in mind embedded hidden tracking pixels’ purpose, it should be concluded that the only legal ground for use of such pixels shall be data subjects consent as provided in Article 6 (1a) of the GDPR.”
“Where terminal equipment storage is to be used or ‘web-bugs’ or ‘pixels’ are employed, specific consent under ePrivacy is required… Any personal data processing, including tracking, by the processing organisation for their own purposes will mean that the processing organisation is likely to become a data controller, and the full scope of The Acts would then apply to them. In any circumstance, tracking by an organisation must be proportionate and not excessive.”