The General Data Protection Regulation (GDPR): What is it, what is AWeber doing, and what should you do?
To that end, we thought it important to provide you with information about the new General Data Protection Regulation (GDPR) that will take effect May 25, 2018 for all businesses who maintain the data of EU residents.
What is the GDPR?
The GDPR, a European privacy law approved by the European Commission in 2016, replaces the Data Protection Directive 95/46/EC. Its purpose is to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy, and to reshape the way organizations across the region approach data privacy.
When will the GDPR go into effect?
The GDPR took effect May 25, 2018.
What does the GDPR do?
The goal of the GDPR is to protect all EU citizens from privacy and data breaches in an increasingly data-driven world. The GDPR protects the following key rights:
- Right to be informed: You or your subscribers can ask about personal data, how it is used, and why it is being used at any time.
- Right of access: You or your subscribers can request a copy of personal information at any time.
- Right of rectification: You or your subscribers can update (or request updates to) personal information at any time.
- Right of erasure: You may cancel your AWeber account at any time and request that AWeber erase your personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data. Your subscribers may also request that you or AWeber do the same for their personal data.
- Right to restrict processing: You may put your account on hold at any time.
- Right to data portability: You may export any of your lists, or selected information within any list, at any time by accessing your AWeber account.
- Right to object: Your subscribers may unsubscribe from any of your emails at any time.
What is AWeber doing to comply with the GDPR?
AWeber is already self-certified with both the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield, and we comply with lawful transfers of EU/EEA personal data to the U.S. in accordance with our Privacy Shield Certification.
Who does the GDPR affect?
The GDPR legislation affects businesses using email marketing services (i.e., data controllers) as well as email service providers (i.e., data processors).
What is a Data Controller?
A data controller is a natural or legal person, public authority, agency or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law. (See Article 4, GDPR)
What is a Data Processor?
A data processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller. (See Article 4, GDPR)
What do AWeber customers need to do to be compliant with GDPR?
The implications of GDPR compliance are similar for Data Controllers and Data Processors.
Continue to be compliant with the AWeber Terms of Service:
If you collect EU resident data, you will probably be considered a Data Controller and may have other obligations. We recommend you seek legal advice if you believe it is necessary to be fully compliant with GDPR.
You can learn more about the GDPR by visiting gdpr.eu.