Even before GDPR came into force in May, 2018, data protection was a core tenet of Emarsys and we were one of the first marketing platforms to be ISO 27001 certified.
With the adoption of GDPR, this has come more into focus and so we have prepared a series of articles for all our customers which lay out both what Emarsys does with regards to your data, and how we support you with regard to your customers' data.
Contents
Emarsys is not a law firm specializing in data security legislation, and we do not offer legal advice. We want to help you to understand how this legislation can affect you as an Emarsys customer, and this article assumes that you are using the Emarsys Platform properly, according to our documentation.
You should always refer to a qualified legal source when it comes to checking whether or not you are compliant in any given situation.
Our obligations to you as an Emarsys customer
It is important to distinguish between our obligations to you as a SaaS provider, your responsibilities as a user of the Emarsys Platform, and your obligations to your customers. You can find an overview of the first of these points here:
What is GDPR all about?
If you are new to GDPR, please read our comprehensive blog post for a good introduction to what GDPR means in the context of global e-commerce:
In case you still have any questions, please see:
If you are not absolutely sure that you have prepared yourself, read these articles:
- 9 Steps Marketers Need to Take Before the GDPR Goes Live
- Halfway to GDPR Application: What You Need to Know to Be in Compliance
Or watch this webinar from Emarsys and Return Path on how to Keep Calm, Take Action and Stay Compliant:
Where can I find the full text?
If you would like to see the full text of this law, you can find the official EU website here:
There are also some more general pages on data protection:
There are also a number of independent sites available which provide their own descriptions of the law, which you might find easier to digest, for example:
- General Data Protection Regulation (from Intersoft Consulting)
- Guide to the General Data Protection Regulation (from the UK Information Commissioner's Office)
How does GDPR affect the Emarsys Platform?
Here are some articles on GDPR and specific Emarsys products:
How does this affect my marketing campaigns?
Before GDPR came into force on May 25th, 2018, you should have set up re-permissioning campaigns to engage with any portion of your contact database who might have subscribed in the past using methods (such as pre-checked opt-in) which are not GDPR-compliant.
Here are some examples of these type of campaigns:
Now that GDPR is here, you should be thinking about regular re-engagement campaigns targeting customers who have not responded on a particular channel for a while, and offering them the chance to switch to a different channel. This is a great way to keep up with the changing taste and habits of your customers.
How does this affect my opt-in policy?
The basics have not changed: secure consent with a double opt-in campaign. What has changed is that the requirements to store the registration details have become more strict.
How does this affect my Privacy Policy?
You do need to include more details in your Privacy Policy, especially regarding methods to opt out of all the channels you use, and regarding the data you collect on your web shop.
How is sensitive personal data handled in the Emarsys Platform?
In the Emarsys Platform, Emarsys does not support the usage of any sensitive personal data and does not include any technical measures that support the processing of Special Categories of personal data. Sensitive personal data means information on (but is not limited to) racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, health or sex life, criminal convictions or offences, bank account and credit card data, genetic data and bio-metric data for the purpose of uniquely identifying a natural person.