The General Data Protection Regulation (GDPR)
We have prepared our business and services to be in compliance with
the
GDPR, which became enforceable
on May 25, 2018.
Please note that the information we provide here should not be
relied upon as legal advice. We also do not intend to provide a
thorough analysis of the GDPR. Such analyses are plentiful and
available elsewhere on the Internet.
We suggest that you review the GDPR in its entirety to fully
understand its requirements if and as they apply to you.
Background
To begin, the territorial scope of the GDPR is broad, including not
only controllers and processors in the EU, but also controllers and
processors
not in the EU who process personal data of EU data
subjects.
See
GDPR, Art. 3: Territorial scope.
In most cases, BIGLIST is a processor, processing data on behalf
of clients, who are the controllers. Subscribers to our clients'
lists are data subjects. See
GDPR, Art. 4: Definitions.
Consent
From
Art. 7 GDPR:
"Where processing is based on consent, the controller shall be able
to demonstrate that the data subject has consented to processing
of his or her personal data."
BIGLIST sign up forms are available to enable clients to obtain
consent.
See
GDPR, Art. 6: Lawfulness
of processing.
For each email address (and associated information, if any) otherwise
entered into the system via either batch file upload or API submission,
consent data (e.g., email address, IP address, timestamp, and/or
user agent) may be stored by each client in its BIGLIST account. Such
information is not directly acquired by BIGLIST, but can be stored
in the custom data fields for convenience.
Withdrawing consent
Subscribers can unsubscribe or change their preferences at any time.
The trailer on each list message includes an unsubscribe link whose
landing page includes a preference settings link. The html trailer
on each list message includes an unsubscribe link and a preference
settings link.
Consent data
BIGLIST records the email address, IP address, timestamp, and user
agent associated with every instance in which a BIGLIST sign up
form is completed and submitted. This information is available to
each client to assist the client in proving consent.
Subscriber Rights
See
GDPR, Ch. 3: Rights of the data subject.
- Right of access
Any of your subscribers may contact BIGLIST to request access to
information BIGLIST holds about them. See
GDPR, Art. 15.
- Right to rectification
Any client may access and update its BIGLIST email lists to correct
or supplement subscriber information at any time. See
GDPR, Art. 16.
- Right to be forgotten
Any client may delete individual subscribers at any time. In
addition, subscribers may contact BIGLIST to request deletion of
their data on any or all client email lists hosted by BIGLIST.
See GDPR, Art. 17.
- Right to data portability
Any client may export any of its lists at any time.
See
GDPR, Art. 20.
Conclusion
Again, this is not intended to be an exhaustive analysis, but rather
an explanation of the BIGLIST features that will assist our clients
in meeting the requirements of the GDPR. We recommend that our
clients review the GDPR as part of their own due diligence.
If you have any questions, please contact
info@biglist.com.