What is GDPR? And The Impact of Email Marketing?


This article describes the impact of GDPR on KIRIM.EMAIL users and doesn’t apply to other aspects of your business. So, it should not be considered as legal advice.

Lately, there has been a lot of news about the leaking of personal data of certain platform users. Unfortunately, the data is traded by someone who is not responsible. As a result, the information is misused for the benefit of certain parties.

It can’t be done in European Union (EU) countries because there are laws that regulate personal data on the internet. This law is known as the General Data Protection Regulation (GDPR).

Those who are determined to violate these rules will be subject to sanctions according to applicable law.

If you have a website and there are activities to collect, process, and use personal data from Europeans, including the use of cookies, then you need to read this article to the end.

What Is GDPR?

GDPR is General Data Protection Regulation. The regulations governing the use and handling of personal data of Europeans.

GDPR has three main goals:

  1. Standardize the European data protection regulations and access to personal data
  2. Giving the citizens control over how their information is used.
  3. Make Sure the company is aware of its responsibilities to personal data.

What is Personal Data?

In the discussion of GDPR above, the term personal data is mentioned a lot. What is personal data?

Personal data is any data related to an identifiable person. Therefore, email address, phone number, profession, age, and gender are included in personal data.

What is Regulated in the GDPR?

Many things are regulated in the GDPR. You can read here to know more.

Here is the most regulated in the GDPR we should know:

  1. Service providers and subcontractors (such as cloud software services) may be held liable.
  2. Businesses are required to communicate to customers how they plan to use their data.
  3. Businesses should be transparent about customers’ rights to request access restrictions, corrections, or deletion of their data.
  4. Customers should easily withdraw their consent and request the deletion of their data as quickly as possible.
  5. Businesses must implement precautions to protect customer data.
  6. Businesses must notify customers of possible data breaches or leaks.
  7. If a business breaches the GDPR, they can face fines ranging from 2% – 4% of their income and up to 20 million euros for the most severe offenses.

How Does GDPR Impact Email Marketing?

One of the main goals of the GDPR is to minimize the risk of data breaches or leaks and prevent the misuse of Europeans’ data. So inevitably, this will have a direct impact on businesses that use email marketing.

One of the activities in email marketing is collecting customer personal data.

Wherever your business location is, if your customers are not European, you don’t have to worry about violating GDPR or not.

But if your customers are in the European Union area, you must comply with GDPR in carrying out email marketing activities.

Here are the forms of compliance with GDPR in email marketing activities:

  • You must ask your subscribers’ permission to collect and process personal data (such as customer email addresses and cookies). This process is known as opt-in.
  • Permission for the processing of personal data must be “freely granted” and “clear.” There is no coercion and conveyed; nothing is covered up and can be understood literally.
  • You can legally process your subscriber’s data after the customer gives permission.
  • The subscribers also have the right to unsubscribe if they don’t want to be on your list.
  • Your business will be responsible for showing the proof that the contact permitted you to process their data.
  • In other words, participation should concern GDPR.

The GDPR mandates certain businesses and organizations to be “Data Privacy Officers” (DPO).

These requirements apply to certain organizations. You are required to recruit a DPO if your company falls into one of the following categories:

  1. Public Company
  2. Companies whose core function is regular and systematic data processing.
  3. Companies that handle sensitive data about past criminal convictions.

What is the KIRIM.EMAIL Policy on GDPR?

For international users especially the European Union, KIRIM.EMAIL is GDPR compliant.

However, for other users, KIRIM.EMAIL complies with the applicable laws and regulations in each user’s country.

Your rights as a KIRIM.EMAIL user:

As a KIRIM.EMAIL user, GDPR gives you new protection rights and ensures better access to your data.

  1. The rights to rectification – Rectify your personal information at any time from your account settings. You have the right to request without undue delay the rectification of any inaccurate personal data concerning you and, where applicable, the completion of any incomplete personal data. You also have the right to delete your personal data..
  2. Right to be forgotten: Cancel your KIRIM.EMAIL subscription and close your account at any time. You can also send us a request to delete all of your data, which we will complete within 30 days.
  3. Right to portability: According to request, we will export your data and then you can transfer this data to a third party. You also have the right to receive the personal data concerning you in a structured, commonly used, and machine-readable format..
  4. Right to object: You have the right to object to the processing at any time for reasons arising from your particular situation. We will then no longer process the personal data unless there are demonstrably compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject, or the processing serves to assert, exercise, or defend legal claims.
  5. Rights of Access: You have the right to request confirmation as to whether personal data concerning you is being processed or not. We are transparent about the data we collect and what we do with it. Please read our privacy policy to familiarize yourself with this. You can contact us at any time to access and change your data.
  6. Right of appeal to a supervisory authority : You have the right to lodge a complaint with a supervisory authority if you are of the opinion that the processing of data concerning you violates data protection regulations.

Your subscribers’ rights to the data you have a process:

Your subscribers also get protection rights from GDPR. Here are the rights of your subscribers:

  1. Right to rectification: Your subscribers can rectify their contact information at any time. They can also contact us directly to ask us to rectify or delete their data.
  2. Right to be forgotten: If one of your contacts wants to be forgotten, you can remove them from your list at KIRIM.EMAIL. It will also delete all their data. If one of your contacts sends us a valid request directly, we will notify you and delete their data from your account, as well as from any other KIRIM.EMAIL accounts that have personal data on these contacts.
  3. Rights of Access: Make sure you describe how you plan to use the personal data you have collected in your privacy policy. If your customer requests their access rights, you can export their data to a CSV file (read rights to portability).

How to ensure you are compliant and compliant with the GDPR?

You can ensure that you are GDPR compliant in the following ways:

  1. Check your form. Make sure the words in the form are clear and easy to understand. Use affirmative language to clearly state that the user agrees to the terms and conditions.
  2. Use different forms for different purposes. For example, distinguish between a form to get a newsletter and a form to get promotional emails and discount vouchers.
  3. Always use the Double Opt-in form.
  4. Using ZER, delete contacts and lists that you no longer need. ZER is Zombie Email Removal, a feature of KIRIM.EMAIL that removes email addresses that have been inactive for a specific time regularly and automatically. To learn about ZER, please click here.
  5. Contact Legal Adviser. Make sure everything is GDPR compliant. It’s a good idea to start to contact a legal advisor who is GDPR compliant. The goal is to determine what compliance you need to do to be fully GDPR compliant.