The General Data Protection Regulation (GDPR) is being introduced to harmonize data privacy laws across Europe. It aims to protect all EU citizens from privacy and data breaches and give citizens greater control of their data. It comes into effect on 25th May 2018 and will be enforced by the Information Commissioner's Office.
The GDPR applies to any organisation processing personal data of EU citizens. This can be a name, email address, address, phone number, social media account or even an IP address. It also applies to all industries and sectors.
- How does GDPR affect EKM?
- What has EKM done so far?
- Changes to EKM Response
- Changes to EKM Domains
- What should I do next?
- What's next from EKM?
The GDPR features an expansion of individual rights including:
- Right to be forgotten: An individual can request that an organisation remove all personal data they hold without delay.
- Right to object: An individual can prohibit personal data being processed in certain ways.
- Right to rectification: An individual can request incorrect personal data to be corrected.
- Right of access: An individual has the right to know what personal data an organisation has about them and how it is processed.
- Right of portability: An individual can request that personal data be transported from one organisation to another.
- Right to fair and transparent processing: An individual has the right to information about the processing of their personal data.
The GDPR outlines stricter consent requirements and organisations must ensure that consent is obtained for every usage of personal data. Consent must be specific to a distinct purpose, pre-ticked checkboxes and silent consent will no longer constitute consent and you must be clear about the processing activities consent is given for.
How does GDPR affect EKM?
Since GDPR was announced, EKM has and continues to take steps to review our current privacy policies. The good news is that our current and existing privacy policies are already compliant with the terms set out by the Information Commissioner's Office. Some changes have already been made to EKM Response (detailed below). There will be an amendment to the current EKM Terms & Conditions to include a Data Processing Agreement clause which will be introduced prior to May 2018.
What has EKM done so far?
- We have appointed a dedicated team member to deal with GDPR and ensure compliance.
- We have an internal focus group dedicated to ensuring EKM’s terms of service will be continuously reviewed and to ensure any new policies or procedures are GDPR compliant.
- We have made updates to EKM Response to ensure that the platform and it's users are compliant.
- We are working towards updating our terms to include relevant clauses required by GDPR.
- Any new functionality or partnerships are built or entered into with GDPR compliance in mind.
Changes to EKM Response
The GDPR outlines stricter consent requirements for the processing of personal data. This affects the sending of email campaigns through EKM Response. In order to become GDPR compliant, we have had to make the following changes to EKM Response:
Storing of consent
We have updated our system to enable the storing of consent information for each contact. Contacts we don’t have stored consent for will be visible via the Non-Consented Contact Group option in the left-hand navigation menu of EKM Response.
Contacts are added to EKM Response in one of three ways:
- Sign up through a signup form: Contacts signing up in this method receive a confirmation email asking them to confirm they wish to receive campaigns.
- Sign up via the checkout of your EKM shop: Contacts signing up in this method actively check a checkbox during checkout.
- Manually added by the account holder: As the account holder, you are stating that you have permission to send the contacts you are adding your campaigns. This is stated on all input screens that are affected.
Up until the 21st May 2018 when GDPR comes into effect, we will allow you to continue to send campaigns to contacts we do not have stored consent for. After that date, the system will only allow you to send to contacts we have stored consent for.
Consenting Current EKM Contacts
There are several ways that you may set consent to your existing contacts, it is, however, important to note that by clicking the available consent buttons provided by EKM Response you are in fact stating that you have consent. You may give consent to your contacts in the following ways:
- Re-import from EKM online shop: As contacts from your EKM online shop have provided consent, re-importing them into EKM Response will ensure that the correct consent is stored and they can be contacted in future campaigns.
- Non-Consented Contact Group: In this group, you are able to give consent to all of your non-consented contacts simply by clicking the ‘Consent All’ and confirming your decision. If you do not want to Consent all your contacts you are able to give consent to each contact individually.
- GDPR Information Modal: The model will appear when you first log into EKM Response after the GDPR code has gone live. This gives you the opportunity to give consent to all of your contacts immediately. This modal will re-appear shortly before the GDPR legislation comes into effect.
- Re-Permission Campaign: You may send a re-permission campaign to your contacts by simply creating a campaign as normal and then adding the RePermission tag. Once the recipient has received this email they can then click the link which will take them to a consent form (in a new browser window) and once they click the button EKM Response will be automatically updated.
Within the GDPR legislation is the need to provide a route that will allow recipients to update their personal details. To achieve this we have added a new Preferences link in the footer of each email that allows the recipient to update their personal details (except their email address) that is held by EKM Response.
Changes to EKM Domains
There are no changes to the ekmDomains system and your domain will continue to function as normal, however, GDPR has an impact upon the whois data for all registered domains. Currently, personal data such as name, address and email address is visible for all whois lookups.
Whilst it is not a legal requirement to display personal data in a whois lookup, our domain providers will be taking steps to ensure that access to personal data is given to only those with a legitimate reason for accessing it for domain types where displaying this information is not a legal requirement.
What should I do next?
Not a lot from a website point of view; we are taking steps to ensure that EKM and subsequently our merchants are compliant when it comes to data storage on the EKM platform. Should you have any other questions regarding GDPR, we recommend you contact your legal representative for clarification, any information we provide is for information purposes only.
What’s next from EKM?
We will be releasing an easy-to-follow guide to GDPR and how it could affect you very soon. It will also contain some handy resource material that you can refer to for your own peace of mind.
[more] Details about GDPR can be found at the following sites:
The European Union’s GDPR portal.
The full GDPR legislation.
The Information Commissioner's Office (ico) Guide. [/more]
[caution]Please note that this guide is for informational purposes only, and should not be relied upon as legal advice. We encourage you to work with legal and other professional counsel to determine precisely how the GDPR might apply to your organization.[/caution]
[contact] If you need our help with your EKM online shop, contact your Account Manager or Customer Support, who will be able to point you in the right direction. We're open from 8am-6pm weekdays and 9am-5.30pm on the weekends.[/contact]