In May 2018, a European privacy law - the General Data Protection Regulation (GDPR) - took effect. The GDPR imposes new rules on companies, government agencies, non-profits, and other organisations that offer goods and services to people in the European Union (EU), or that collect and analyse data tied to EU residents. The GDPR applies no matter where you're located.
Following the UK’s exit from the European Union, the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019 came into effect. These provisions effectively mirror the EU GDPR in the UK, often referenced as the UK GDPR. References here to the GDPR refer to both the EU and UK GDPR.
What we're doing to keep you safe
Dotdigital has extensive expertise in protecting data, championing privacy, and complying with complex regulations. We believe that the GDPR is an important step forward for clarifying and enabling individual privacy rights. We want to help you focus on your core business while efficiently preparing for the GDPR.
Our commitment to you
We are committed to our principles of cloud trust, data protection, and data security. Not only have we introduced platform functionality to address the privacy demands of our customers, but we intend to continue to provide it. With GDPR enforcement underway, here's what you can expect from us:
Technology that meets your needs
You can leverage our specific platform functionality to meet your GDPR obligations for areas including deletion, rectification, transfer of, access to and objection to the processing of personal data.
Relationships with Dotdigital are supported by contractual commitments for our services, including security standards, support, and timely notifications in accordance with the new GDPR requirements.
Sharing our experience
We will share the information that we gather through various Data Protection Authorities and other reputable organisations so you can adapt what we have learned to help you craft the best path forward for your organisation.
GDPR compliance is a shared responsibility
While Dotdigital is fully committed to helping you successfully comply with the GDPR, it's important to recognise that compliance is a shared responsibility. New requirements – like greater data access and deletion rules, risk assessment procedures, a Data Protection Officer role for many organisations, and data breach notification processes – will mean changes for your organisation. When it comes to GDPR compliance, it's not just European organisations that are affected, but also those outside of the EU who process data in connection with the offering of goods and services to, or monitoring the behaviour of, EU residents. As such, it's important to understand your obligations related to GDPR regardless of where your organisation resides.
It will take time, tools, processes and expertise for you to comply with the GDPR. To do this, you need to make changes to your privacy and data management practices.
We have made our platform really easy for customers to comply with GDPR regulations.
To sum up
We understand that you must be able to entrust your chosen email and automation provider with one of your most valuable assets - your data. To gain that trust we continue to invest in technology and resources to build security and privacy into our platform. We operate a policy of transparency and aim to provide you with the information you need to feel confident in using us. You can view the full details on our Trust Center.