Learn how GDPR will affect your organization and how you can ensure that your company’s email sending is compliant with the new regulation. Taking action now will help you avoid the significant fines for noncompliance. Hear practical advice from SparkPost and 250ok on steps your organization should take to get your email sending practices in line with GDPR’s requirements.
1. 1#emailpros#emailpros
Practical Advice on Aligning Email Sending Practices
with GDPR Requirements
GDPR Affects Email
Worldwide
This webinar is provided as a resource, but it’s not legal advice.
We encourage you to speak to your legal counsel to learn exactly how GDPR may affect your organization.
2. 2#emailpros
Legal Notice
The information contained in this presentation is
provided for general information purposes only and
should not be construed as legal advice from SparkPost,
250ok, the individual authors or presenters.
3. 3#emailpros
Today’s Panelists
Jason Soni
Deputy General Counsel & Data Protection Officer, SparkPost
Jason Soni is Deputy General Counsel and Data Protection Officer at SparkPost. He is a
commercial attorney with focused experience in international data protection and data privacy,
SaaS and software licensing, cloud computing, commercial transactions, intellectual property, and
risk management. Prior to joining SparkPost, Jason was an attorney at Hudson Cook, LLP where
he advised national and state banks, investment companies, mortgage bankers, and other
licensed lenders in various state and federal privacy laws as well as in the development and
maintenance of nationwide consumer finance programs. Jason received his law degree with
honors from the University of Maryland School of Law and is admitted to practice in Maryland and
the District of Columbia.
Matthew Vernhout
Director, Privacy & Industry Relations, 250ok
Matthew is a Certified International Privacy Professional (Canada) with nearly two decades of
experience in email marketing. He actively shares his expertise on industry trends, serving as
director at large of the Coalition Against Unsolicited Commercial Email (CAUCE), chair of the
Email Experience Council's (eec) Advocacy Subcommittee, and senior administrator of the Email
Marketing Gurus group. He is a trusted industry thought-leader, speaking frequently at email
marketing and technology conferences around the globe, and maintaining his celebrated blog,
EmailKarma.net. Matthew has contributed to several benchmark publications during his career
including DMARC Adoption Among e-Retailers, the eec’s Global Email Marketing Compliance
Guide, The Impact of CASL on Email Marketing, and more.
6. 6#emailpros
What is the GDPR?
• European privacy law approved in
2016
• Replaces a prior European Union
privacy directive known as
Directive 95/46/EC
• Strengthens, harmonizes, and
modernizes EU data protection law
and enhance individual rights and
freedoms
• Regulates how individuals and
organizations may obtain, use,
store, and delete personal data
• Enforced beginning 25, May 2018
7. 7#emailpros#emailpros
• All organizations established
in the EU
• All organizations involved in
processing personal data of
EU residents
• Citizen vs. resident
Scope
8. 8#emailpros
Key Changes from the Directive
• Expansion of scope
• Expansion of personal data definition
• Expansion of individual rights
• right to be forgotten
• right to object
• right to rectification
• right of access
• right of portability
• Stricter consent requirements
• Stricter processing requirements
• contact details
• purpose
• retention
• legal basis BEFORE
AFTER
10. 10#emailpros 10#emailpros
Other Important Concepts
• International Data Transfer
• Model Contract Clauses
• Privacy Shield
• Binding Corporate Rules
• ePrivacy Directive (soon to be ePrivacy Regulation)
12. 12#emailpros
10 Steps to GDPR-Readiness
1) Inform leadership and formulate a plan
2) Map your personal data
3) Examine the impact
4) Address the risks
5) Review the grounds under which personal data is being processed
6) Update your data governance
7) Implement new compliance systems
8) Review your supply chain contracts
9) Assess your international transfers
10) Appoint a Data Protection Officer
14. 14#emailpros
INPUT
• Point of Sale
• Call center
• Web forms
• Social channels
• Offline contests
• Events
• Third parties
DATA STORAGE
• Location
• Access
• Deletion
• Transfer
• Anonymize
• Pseudonymous
• Legal compliance
OUTPUT
• Corporate emails
• Email Service
Provider
• Mobile Marketing
Provider
• Web pages
• Ecommerce
solutions
• Social networks
Identify All Input/Output Sources
15. 15#emailpros
Who Needs to be Involved?
Legal Privacy Compliance
Security
Marketing
Product
Teams
Engineering
Database
Analytics
Deployment Sales
Third
Parties
Vendors Partners
Build a multidisciplinary “task force” with a checklist for each department:
16. 16#emailpros
Creating a Compliant Database
• Consolidate all email data into a master
CRM database – have a centralized
unsubscribe file
• Control access and use of data
• Flag new and existing contacts with the
proper permission levels
• Ensure all permission activity is date/
time-stamped
• Have a process for managing permission
expiry dates
• Be ready to prove compliance
17. 17#emailpros
Brand Protection Taken to the Next Level
• Are you sure you’re compliant?
• How can you be sure, if you can’t see all your email?
• Consider using brand protection tools.
18. 18#emailpros
Additional Recommendations
• Contact your legal counsel and Privacy Officer to
get their input and sign-off
• Educate all employees on the appropriate use of
email addresses
• Create a training program for all employees on
what it means to be GDPR compliant
• Create a GDPR compliance scorecard or
checklist
• Create a due diligence process and document it
• Update all forms and processes that document
consent
• Regularly schedule reviews of all documents and
processes
20. 20#emailpros
Learn More About SparkPost & 250ok
Have more questions about how GDPR will
impact your business and email? Speak with
our team: https://sparkpo.st/a4l7f
250ok.comsparkpost.com
Want to understand your competition better?
Ask for your custom Competitive Intelligence
report now:
https://s.250ok.com/CompetitiveReport
Click to Watch Webcast Replay