GDPR (General Data Protection Regulation) is applicable from May 25, 2018.
SalesHandy is committed to putting in place all required changes in the app, on the website, and on the blog by May 25, 2018. We have presented below, what SalesHandy will do to comply with the regulation, and what users of SalesHandy should know about GDPR.
1. What are the actions that SalesHandy is taking to comply with GDPR?
SalesHandy is dedicated to meet all the GDPR requirements and is committed towards protecting the privacy concerns of our app users, website and blog visitors, as well as email lists subscribers.
Below is a list of actionables that we would be doing before the regulation comes into effect:
- Familiarize ourselves with the full text of the regulation (COMPLETED)
- Refer legal communities that cover GDPR related topics (COMPLETED)
- Nominate Data Protection Specialist: We’ve nominated Mohnish Thakur, Project Manager for the role (COMPLETED)
- Make a list of all the in-app areas that need to be managed and organized to comply with the regulation (In PROGRESS)
- Update necessary changes in the app to ensure that all users can comply with GDPR when sending emails from SalesHandy (IN PROGRESS)
- Make a list of all the areas on the website and blog that need to be updated to get in-line with the regulation (IN PROGRESS)
- Execute changes on the website and blog to make sure they are in-line with the GDPR rules (IN PROGRESS)
- Implement pseudonymization to protect the users’ data which do not have a compulsion to be kept in its original form (IN PROGRESS)
- Ensure protection of personal data of SalesHandy users and email lists subscribers (COMPLETED)
- Create a standard Data Breach Response plan (IN PROGRESS)
- Update the users about GDPR in relation to email outreach (IN PROGRESS)
2. Role of SalesHandy in data protection?
SalesHandy is defined as:
1) data administrator in relation to SalesHandy users and email lists subscribers;
2) data processor in relation to the data owners whose personal data is uploaded to SalesHandy and used in emails sent from SalesHandy by its users.
It implies that as a company, we superintend a couple of matters:
- SalesHandy needs to update its users and email lists subscribers whenever a third party takes part in processing their personal data.
- SalesHandy is liable to immediately inform the data administrator (the user) in case someone from the user’s prospect list, contacts SalesHandy to stop the outreach.
- SalesHandy permits the ‘right to be forgotten’ and the ‘right to assist in data deletion’ on a special request. As SalesHandy user or email list subscriber, you may request your personal data change or deletion. The detailed instruction on how to exercise those rights can be found below in the section Adequacy, relevance, limitedness of the GDPR Compliance.
- SalesHandy will address any violation of GDPR reported at support[at]SalesHandy.
3. What is GDPR?
The General Data Protection Act (GDPR) is being introduced by the European Union to regulate how personal data can be processed. Its goal is to ensure data protection of the people who live in the EU.
4. Why is there a need for GDPR?
EU data protection rules have not been changed over last two decades. There are two main reasons why the EU legislative branch decided to upgrade the existing regulations.
- The reach of technology is global in today’s era – personal data processing is present everywhere in today’s digital world making existing regulation outdated;
- According to a survey taken by Eurobarometer in 2011, 75% of people want to exercise their right to be forgotten. 90% believe that it’s necessary to standardize the rights related to personal data protection (source).
5. Kinds of information under protection?
The scope of GDPR covers natural persons and their rights. It excludes business entities or organizations and processing of their data.
It protects processing of below mentioned personal data:
- Phone number
- Also indirect identifiers including physiological, mental, physical, genetic, economic, cultural and social identity.
Hence, it protects any information using which one can identify the individual.
6. What does ‘processing’ mean?
‘Processing’ relates to personal data “collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction,” as in Article 4 (2) of the regulation.
7. Lawful basis for data processing
Processing personal data, in compliance with GDPR, requires one to follow the principles below:
Here is how SalesHandy falls in line with these principles and what all you should know to use SalesHandy in accordance with GDPR.
7.1 Lawfulness, fairness, and transparency
As data administrator, users must ensure that their actions have a clear and legitimate purpose to it. It is a must to have a valid reason to process personal data of EU citizens. One should also be able to explain the entire process of collecting the required data.
7.2 Adequacy, relevance, limitedness
SalesHandy only processes the data necessary with respect to the purpose of the of the objective and does not collect any sensitive data such as gender, ethnic background, race, political views, etc.
A given user data is processed till the user has a SalesHandy account, or they report a request to avail their right to erasure, which initiates a process to removes their data from our user base.
SalesHandy processes its email subscribers’ list from the moment they submit their consent for it and is processed until a user requests to be removed from the same.
SalesHandy emailing lists include:
- Product Newsletter list,
- Blog Newsletter list,
- a few lists of people who subscribed to specific pieces of content or specific courses.
While ending a subscription, a user can request immediate deletion of their data from the application and all lists, availing their ‘right to be forgotten’. A user can also view and change their data in their SalesHandy account or on the email subscribers list.
7.2.1 How SalesHandy users can change or remove their personal data?
SalesHandy users can edit their account name or change their password by visiting “My Profile” section in the web app, after logging in. To request deletion of their data, a user can contact the support team at support[at]saleshandy.com.
7.2.2 How we apply GDPR to cold email campaigns
If we decide to contact an EU citizen, who is not a user or on our email list, then we will ensure that the person is relevant to our business purposes and would be benefited by our contact.
If a contact requests us to stop communicating with them, we would respect his request and stop all future contact immediately.
As data administrator, one can process personal data of EU citizens, of people who have given consent to process their data by subscribing to an emailing list. As long as you follow the data processing rules covered by the regulation, GDPR does not forbid the practice of cold emailing, read out the blog to know more: Email Marketing after GDPR
Whenever you contact an individual who is not a customer or a subscriber of an email list, then you need to have a clear reason to claim that the connection is related to your business purpose and would be benefited by it. A rational offer connected to the specifics of your recipient’s business can be placed in the cold email.
Informing the cold email prospects about the details of how you are processing their data is important. There should also be a clear placement of a section/link in the email, from where a recipient can request change or removal of his or her personal data.
As a data administrator, you are required to immediately stop sending emails to a person who has wished not to be contacted again. Also, you need to respect if a prospect requests to get their data removed from your emailing lists, availing their right to be forgotten.
Personal data that only have a clear purpose for which you process it should be collected and used. It implies that all additional data that are not related to your email campaign should be removed. You should be able to defend all the fields of data that you collect from your prospects are necessary to be collected, for the objective you are aiming to achieve.
As data administrator, you need ensure that the data that you process is updated and current. Personal data that is imprecise should be removed or updated immediately.
7.4 Storage limitation, Integrity and confidentiality
SalesHandy will never store personal data for a duration longer than necessary, for the objective for which the personal data is processed.
As data administrator, you need to ensure that you do not store personal data longer than it is required for achieving the end goal, for which the data is required. While sending cold emails it is important to ensure that you do not follow-up on a non-responsive recipient longer than it may be assumed necessary, like a month after you have tried to contact the person for the first time. Hence, it is important to keep your data updated at all times.
SalesHandy processes users personal data, ensuring proper security of it. To know more details you can refer our Privacy & Security document.
As data administrator, in case you share the personal data you process with third parties, you would be required to update and take consent of your data subjects to do so. You are obliged to take a proper care of the security of the personal data you process.
Our support team is available 24X7 in case you need any help. For any queries email us at firstname.lastname@example.org to get instant help.