Home / , / How to help your subscribers exercise their GDPR rights

How to help your subscribers exercise their GDPR rights

GDPR (General Data Protection Regulation) laws are the European Union’s version of CAN-SPAM or CASL, giving users control over the collection and use of their personal data. We are committed to ensuring our customers are able to comply with the requirements under the GDPR. Here’s an example question you might get about GDPR and how you can answer it.

One of my subscribers contacted me about GDPR and their rights as a data subject. How do I facilitate this request?

We made updates and improvements to the application to help you facilitate requests from your customers. In GDPR language, you’re the controller of your subscriber’s data and we’re a processor. Here are some of the rights that your subscribers have under the GDPR:

  • Right of access
  • Right to rectification
  • Right to erasure (aka right to be forgotten)
  • Right to restriction of processing
  • Right to data portability

As a best practice, we recommend reviewing the legislation and consulting legal counsel regarding the rights of the data subject. The rest of this article will outline the ways you can facilitate these rights within your account.

The right of access

Your subscribers can make a request to access all of the information that you hold about them, which is exercising their right of access. You can provide any of your contacts with this information by exporting their contact data from your account. Here’s how to do it:

  1. Navigate to your Audience tab.
  2. Click on the Contacts section in the panel on the left.
  3. Use the search bar to locate the contact in question.
  4. Click on the contact’s email address to open their profile.
  5. Click on Export on the right.
  6. To access the exported file, click on Visit the exports page in the pop-up window that appears or close the pop-up window and navigate to your Exports page by following these steps:
    1. Tiered accounts: Navigate to the appropriate subaccount, click on the gear icon in the upper right corner of your screen, and choose Exports from the dropdown menu.
    2. Standalone accounts: Click on the gear icon in the upper right corner of your screen and choose Exports from the dropdown menu.
  7. Click on the dropdown arrow that corresponds to the file you just created and choose Download this export from the menu.

The file that will download to your device contains all of the data about that contact that we have in the application. It includes all contact field data, as well as all response interactions.

The right to rectification

Your contacts can also make a request to have any incorrect data that you have on them be corrected, which is exercising their right to rectification. You can edit a contact’s field data by editing their member profile. Here’s how to do it:

  1. Navigate to your Audience tab.
  2. Click on the Contacts section in the panel on the left.
  3. Use the search bar to locate the contact in question.
  4. Click on the contact’s email address to open their profile.
  5. Click on the Edit button.
  6. Scroll down and locate the fields that need to be modified.
  7. Make the necessary changes.
  8. When you are done, click on the Save button.

The right to erasure

The right to erasure is also known as the right to be forgotten, which means the subscriber would like all of their contact data removed from your database. You can facilitate any of your subscriber’s requests to be forgotten by following these steps:

  1. Navigate to your Audience tab.
  2. Click on the Contacts section in the panel on the left.
  3. Use the search bar to locate the contact in question.
  4. Click on the contact’s email address to open their profile.
  5. Click on Archive on the right.
  6. In the pop-up window that appears, follow the prompts to confirm that you want to archive this contact.
  7. Navigate to your archive:
    1. Tiered accounts: Navigate to the appropriate subaccount, click on the gear icon in the upper right corner of your screen, and choose Archived items from the dropdown menu.
    2. Standalone accounts: Click on the name in the upper right corner of your screen and choose Archived items from the dropdown menu.
  8. Click on the Contacts tab.
  9. Locate the contact in question. They should already by at the top of the list, but if not, you can sort the list or search by date.
  10. Check the box that corresponds to the contact that you want to delete.
  11. Click on the Actions button at the top of the page.
  12. Choose Delete from the dropdown menu.
  13. In the pop-up window that appears, follow the prompts to confirm that you want to delete this contact.

Once you’ve completed this process, the application will completely purge all information about this contact within 7 days.

The right to restriction of processing

When a subscriber wants to exercise their right to restriction of processing, it means that they can request to limit the way your organization uses their data. Upon this request, the organization must stop using that individual’s personal data, although it can continue storing it. You can provide your subscriber the right to restrict processing via the following steps:

  • Follow the steps for the Right of access above, but be sure to store the export on your computer.
  • Follow the steps for the Right to erasure, except you do not have to delete the contact data, so you could skip steps 7-13.

Please note: Contacts who are in the archive will be restored if they are on a spreadsheet that is imported into the account. As a result, if a contact has exercised their right to restriction of processing, it’s important that you ensure that they also removed from any files you import and any integrations that affect your contacts in your account. Otherwise, they may end up back in your audience.

The right to data portability

The right to data portability allows your contacts to obtain and reuse their personal data for their own purposes across different services. To provide this to one of your subscribers, you can follow the same steps as the Right of access, as detailed above.