What is GDPR?

The General Data Protection Regulation (GDPR) is the European Union’s new set of data privacy and protection rules.

Beginning May 25, 2018, all organizations that process the personal data of EU citizens are expected to be compliant with GDPR requirements.

GDPR affects all entities that send email to data subjects in the EU.

PostUp and GDPR compliance

PostUp is compliant with the EU-US Privacy Shield Framework. PostUp’s Privacy Shield Certification meets GDPR’s requirements for securing data transferred outside of the EU.

To learn more about PostUp’s Privacy Shield commitment:

Email and Audience Development Program Compliance

As the owner of your email program, GDPR compliance is your responsibility. You should consult with legal counsel on your obligations. PostUp cannot provide legal advice on GDPR compliance, and as a technology provider we cannot be held liable for GDPR compliance problems due to your use of our technology.

However, consider the following guidelines when planning for GDPR:

  1. Email senders need to ensure that European email subscribers have a recorded affirmative opt-in. Per GDPR you should not send emails to European email subscribers in your database after May 25th 2018 unless you have an affirmative opt-in during which you disclosed how you use subscriber data.
  2. User experience for email collection forms presented to Europeans should have a clear affirmative opt-in, typically in the form of a checkbox and link to a privacy page explaining how their data is used and how they can opt out.
  3. Users need to be able to opt out of data storage/usage. Some senders are creating preference centers that allow email subscribers to manage your use of their data. However, a simple viable option here is to make email opt-out a hard unsubscribe that deletes or overwrites the user’s data entirely.

Contact your Account Executive for more information about how we can help with GDPR.