GDPR is nearly here. And Rocketseed is ready.
GDPR is everywhere. Personal data protection has become the hot topic amongst one-to-one marketers and far beyond. Why? Because it’s by far the most dramatic change seen in data protection, security and privacy…which can seem daunting.
You’ll find endless information on the details of GDPR (from 1-minute YouTube videos to 150-page paperbacks!) so here I’ll just outline the GDPR basics – the what, when, why and where – and highlight what Rocketseed are doing and what it means for you, our customers.
You’ll find our full GDPR policy here.
What is GDPR?
These 4 letters on every marketer’s lips stand for General Data Protection Regulation. It’s the new EU regulation designed to strengthen the digital rights of all EU citizens by creating a safer digital environment through simplifying, unifying and updating the protection of personal data. In addition, ensuring safe management of that data through its lifecycle.
When does it come into force?
Soon. Very soon. GDPR will be enforceable from 25 May this year, having been originally approved by the European Parliament in April 2016. So the compliance clock is ticking!
Why is it needed?
Because everything’s changed. The digital economy, global data flows and the ever-increasing risk of (ever more dangerous) cyber-attacks. The data security stakes are getting higher and that needs stronger regulation of how data is gathered, processed, shared and stored.
Who is affected?
Nearly everyone…and this is where GDPR jargon kicks in. Basically, GDPR imposes higher data protection requirements on organisations responsible for owning (“Data Controllers”) and processing (“Data Processors”), and the penalties for any security breaches are high – very high – up to €20M or up to 4% of total global revenue!
Then there are “Data Subjects” – the individuals whose personal data is being handled – who will benefit from extended rights, especially of access to their personal data and information on how it’s processed, stored (and for how long) and who receives it, as well as the right to have it erased (“the right to be forgotten”).
If your organization relies on consent as the lawful reason for processing personal data, you must make sure that the data you hold is GDPR-compliant in order to continue using it.
Where does it apply?
GDPR doesn’t just affect companies based in Europe but all companies that handle the personal data (and GDPR widens the definition of ‘personal data’) of EU citizens. For the UK, ‘Brexit’ will not affect the adoption of GDPR into UK law. GDPR is here to stay.
How ‘Sensitive’ are Email Signatures?
In truth, they’re not – the information is usually easy to obtain from publicly available sources – but nonetheless they are ‘personal data’ and Rocketseed processes them with the highest security
A Question of Responsibility
Rocketseed, as the provider of email branding, signature, disclaimer and bulkmail software is a “Data Processor” (in GDPR-speak) processing personal data on behalf of our customers, who are “Data Controllers”. GDPR places obligations on both to ensure legality, transparency and security in data handling.
So, What is Rocketseed Doing?
Rocketseed’s strapline is ‘email signatures designed to do business’ and we’re committed to ensure that we and our customers “do business” in a completely GDPR-compliant way.
We’re proactively working to ensure the continuation of the very best personal data protection, that goes well beyond just GDPR compliance. We’ve invested in consultants and lawyers, and created partnerships with specialists in order to give you comfort in both our position as a “Data Processor” with regards to our primary tools (Signature, Signature +, and Campaign). We’re also committed to ensuring that you, as a “Data Controller” understand your position and will give you all the support that we can.
We’ve audited all our technical, legal and organisational processes and, with full senior management support, are implementing all the procedures, documentation and controls required by GDPR, namely:
- Updating our licence agreements, data processing agreements and employment contracts.
- Ensuring our sub-processors digitally and physically protect personal data from external attack or accidental destruction
- Ensuring data security by encrypting and pseudonymising data files and physically locking and fireproofing server facilities
- Ensuring proper policies for transfer of data
- Ongoing data protection / GDPR training for our staff globally
- Complying with all reporting GDPR requirements
We will also forward any “right of access” requests to you and will cease processing any data where consent is retracted.
All this will be evident in the new contractual arrangements including a data processing agreement.
What does GDPR mean for you as a Rocketseed customer?
As a Rocketseed customer, you are a “Data Controller” (in GDPR-speak) and as such you must:
- Comply with GDPR and demonstrate compliance
- Carry out due diligence on your Data Processors
- Enter into a written Data Processing Agreement detailing roles and responsibilities
You can find our full GDPR policy document here.
For any questions, please reach out, we’re happy to help in any way we can. And remember, whilst the detail might seem complex, the result is reassuringly simple…
Your data is completely safe with Rocketseed.
Eszter Nagy PhD
