The General Data Protection Regulation is a European-wide law that replaces the Data Protection Act 1998 in the UK. It places greater obligations on how organisations handle personal data. The GDPR applies to ‘personal data’, which means any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.
The departure of the UK from the EU on 31 January 2020 has not led to dramatic immediate changes in UK data protection law. The GDPR has been enacted into UK law as the UK GDPR and will continue to sit alongside the Data Protection Act 2018. Continue reading to learn about how Campaign Master (UK) Ltd. can help you comply with GDPR.
Does the GDPR Law Only Apply to All EU Organisations?
The GDPR applies to processing carried out by organisations operating within the EU. It also applies to organisations outside the EU that offer goods or services to individuals in the EU.
Will Campaign Master (UK) Ltd. Co-Operate with Data Protection Acts?
Yes, we will co-operate with the Data Protection Acts. Our T&Cs ensure correct contract terms are in place for ongoing compliance.
Who Is the Data Processor?
Campaign Master (UK) Ltd. is the Data Processor. The Data Processor will be permitted to process the Personal Data on behalf of its clients for email marketing purposes. The processor acts on the controller’s behalf.
Who Is the Data Controller?
Our client is the Data Controller. The controller states how and why personal data is processed.
How Is Client Data Uploaded into CM Email Marketing?
Users are able to upload data via Microsoft Excel CSV spreadsheets or via more automated methods, such as APIs or SFTPs into their accounts. The frequency for manual uploads is down to the client’s discretion.
What Data Is Held in CM Email Marketing?
The user determines what data they upload, an email address is required if this is the primary key in use, but other data is at the discretion of the user for example first name, last name etc. Our clients determine what data they will upload to use for their email marketing campaigns. CM Email Marketing, will by default, store the date a record was created and/or modified.
How Is Data Secured in CM Email Marketing?
CM Email Marketing is a secure HTTPS platform. All users have a unique username and unique, sensitive passwords are issued to all new users created. Our data-centre benefits from high security procedures and disaster recovery plans. Clients can restrict access to their accounts by IP address if required. We do not sub contract any work – it’s processed in house.
Who Can Access Client Data?
Data contained within client accounts is managed directly by our clients. Campaign Master (UK) Ltd. staff will not access the data unless the client asks for assistance from our support team in the event of a query. No data is shared with any third parties.
How Long Is the Data Stored For?
Clients manage their own data e.g. add, edit and delete. Campaign Master (UK) Ltd. will not delete client data until the account is terminated, which will be done in accordance with the agreed upon T&Cs.
Where Is Data Stored and Processed?
Our servers are based in Central London so your data never leaves the EU/EEA. The personal data is processed at our data centre based in Canary Wharf at CityReach, 5 Greenwich View Place, Cross Harbor, London, E14 9NN. In the event of any breach, we would contact our clients directly (the Data Controllers).
Is Campaignmaster Registered with the Information Commissioner’s Office?
Campaign Master (UK) Ltd. is registered with the Information Commissioner’s Office.
Are Any Locations for Hosting Data Located Outside of the EU/EEA?
No, our data centre is based in Canary Wharf, London.
How Does CM Email Marketing Comply Further with GDPR?
- All opt-ins are date and time stamped to ensure proof of consent is collected via our subscriber forms module
- Subscribers can opt-down and/or opt-out to comply with only relevant content being sent to them
- Compliance with the right to be forgotten rule in that any data can be suppressed and/or deleted
- Data can be moved or corrected at any time
Campaignmaster GDPR Seminars
GDPR is extremely important to us, which is why we like to educate all our exisiting and prospective clients on what this regulation means. Partnered with Bird & Bird LLP, we host seminars which outline the importance of GDPR and how our clients can manage their data in order to comply.
Don’t worry if you haven’t been able to attend our previous seminars as our next GDPR event will be announced soon.
