GDPR: Preparing You and Your Store

As you’ve probably heard by now, the GDPR (General Data Protection Regulation) comes into effect on the 25th of May 2018. In anticipation, the SmartrMail team have been working on changes to make sure we’re compliant with the new regulation and make it easy for your store to get ready too.

To help explain this, we’ve created this blog to walk you through all the changes.

Let’s Start at the Beginning: What is the GDPR?

The General Data Protection Regulation (GDPR) is a new digital privacy law that will come into effect on May 25th, 2018. It aims to provide all residents and citizens of the EU with new digital rights to give them greater control over their personal data.

The primary rights the GDPR guarantees EU residents are:

The right to access information a company has acquired about them, free of charge.
The right to be forgotten where, on request, all personal data is erased.
The right to be notified in the event of a data breach that may have compromised their personal data.
The right to only have their personal data used after providing unambiguous and clear affirmative approval.

How to Tell if You’re Affected by the GDPR

The GDPR guarantees these rights to all EU citizens and residents, regardless of whether the organisation is within the EU or not. So as soon as you process personal data of an EU resident, you are bound by the GDPR, even if your store is not located within the EU.

If your store deals with customers both within and outside of the EU, then you should grant the rights outlined in the GDPR to all of your customers.

Changes We’re Making

SmartrMail is making a number of changes and introducing new tools to ensure we and our users are ready for the GDPR.

The changes we will be rolling out in the lead up to the 25th of May 2018 are:

Implementing a user-friendly double opt-in feature when users sign up to a mailing list

By doing this we are able to ensure that people are engaging in an unambiguous and clear affirmative action in signing up to a mailing list. Additionally, it prevents people from signing others up without their consent as this process requires clicking on a confirmation link sent to a user’s inbox.

During this double opt-in process, the subscriber will also be shown a short explanation of how SmartrMail uses their personal data with links to our Privacy Policy and Terms for them to learn more. This ensures they are fully aware of how their personal data will be used if they decide to continue with the signup process.

As not all of the stores that use SmartrMail ship to the EU, this feature will not be default for those stores that don’t ship to the EU. However, these stores will be able to activate the double opt-in feature if they wish. Double opt-in will be default for stores that ship to the EU.

Deleting subscribers will now completely remove all their data from SmartrMail

Whenever you delete a subscriber from your mailing list, SmartrMail will now also completely erase all of their data on our end too.

This makes it easier for you if one of your subscribers requests you erase all of their personal data. To ensure all of the personal data related to that person that has been shared with SmartrMail has been erased, all you need to do is delete the subscriber from all your mailing lists on SmartrMail. In this situation, you would also need to ensure you erase all of the personal data you have related to the subscriber on your end too.

For more on what personal data is, check out our FAQ on GDPR here.

Giving subscribers the option to erase all their data when they unsubscribe from SmartrMail

Whenever a subscriber now wishes to unsubscribe from a mailing list with SmartrMail, they will now also be presented with an option to have all their personal data that SmartrMail holds related to them erased too.

Additionally, subscribers are also able to email [email protected] and we will ensure all their data is erased across all of our SmartrMail systems within 72 hours.

This makes it easier for those who wish to have their personal data erased and also further ensures that SmartrMail complies with the right to be forgotten.

Giving stores the option to export their lists from SmartrMail that contains all the information SmartrMail has about an individual user.

SmartrMail is adding a feature to allow our users to quickly and easily obtain all the information we have related to subscribers on their lists.

This means that when a user reaches out to your store requesting a copy of all the data your store has about them, you can now easily access a copy of all the data SmartrMail has collected about them.

All you need to do is simply export the mailing list or lists the user has been added to. This export will now include all the data SmartrMail has collected about users on the list. This includes all email engagement data such as open and click through rates.

What if a Data Breach Occurs?

In the event of a possible data breach, SmartrMail will notify via email all stores and users we believe may have been compromised as soon as possible. In the email to stores we will also include any additional steps, if any, you should follow to ensure compliance with the GDPR.

How You Can Make Sure You’re Ready Too

While SmartrMail is making sure all of your store’s actions through SmartrMail are compliant with the GDPR, you should also make sure all of your other actions with customers are compliant too.

For instance, while signing up with a SmartrMail email pop-up or footer form will be compliant, if you have also sign users up with a non-SmartrMail pop-up or footer form you should take steps to ensure you are compliant.

This means ensuring that subscribers added to your lists not through SmartrMail’s systems opted-in in a clear, unambiguous manner. This means no pre-ticked consent boxes.

If you store information about subscribers on your own computers, you should also erase this if a subscriber requests you to do so and inform them if you believe this data may have been compromised.