The General Data Protection Regulation (GDPR) is a regulation in the EU law on data protection and privacy for all individuals within the European Union and the European Economic Area that comes into force on May 25th, 2018. It is considered to be the most significant piece of European data protection legislation to be introduced in the European Union (EU) in 20 years and will replace the 1995 Data Protection Directive.
The regulation contains requirements and provisions in reference to the processing of personally identifiable information of data subjects inside the European Union.
How does that affect me?
When you collect data from your website you need to be transparent about what information you collect from the visitors, how you do it and how you use the collected data. In addition to that, your visitors must have a way to request all data collected from you and have the option to delete it. Failing to meet these requirements, you might be subject to big penalties from the appropriate authorities. That's why we prepared a few tips for you to follow when building your website.
Note: You are solely responsible for the compliance of your website to the GDPR regulations. Any information contained herein is not a legal advice and you should not rely upon it as such. We recommend that you consult with a legal representative for additional steps you need to follow.
Keep in mind that all these are just recommendations and not a legal advice.
Always ask for consent
You need to establish a legal basis for processing your visitors' personal data. There are different ways in which you can do it and requesting a consent is only one of them. To be fully compliant we recommend you seek legal advice.
Or if integrating with Mailchimp, you might want to enable double opt-in through Dashboard -> Applications -> Mailchimp settings -> Enable double opt-in.
The right to access your data
With the new regulation, all customers have the right to receive a copy of all their personal data stored and processed by you. You should give your users a way to request or delete their data. For example, create a form on your website where customers can request their data (have a look at ours)
When a customer requests his data, you should give him a copy of all personal data that you have of him. This can be data stored in different locations (like your autoresponders, information in CRMs or his data in our platform). To request the available personal data that is stored on our servers, go to Website Settings -> Advanced -> Request Customer Data at the very bottom. Within 72 hours we will provide you with all the data that we have for the specific customer (identified by email) on your website. You can then provide that data in addition to all other data that you might have collected via third-party services.
Note: When requesting a data deletion it might take up to 60 days for the complete removal from all Simvoly's systems.