Unless you have lived under a rock for the last 6 months you have probably heard about GDPR, a piece of legislation that is designed to strengthen and unify data protection laws for all individuals within the European Union.
In this post, I’ll talk about what Maître has done in order to be compliant, how GDPR affects our users and the changes we have made to our tools to make sure you are compliant when you use Maître.
We take data privacy and security VERY seriously at Maître.
Being a company whose business model revolves around handling sensitive data (email addresses), we have always taken extra precautions to make sure all data you store in our databases is handled with the best possible care.
We announced our commitment to be fully GDPR compliant almost 6 months ago and since then we have added dozens of product changes to make sure all our tools are compliant and, more importantly, you are compliant when using them.
Product changes to support GDPR
Since Maître is a Data Processor, we have put in place several ways in which you can run GDPR compliant campaigns.
Right to Access/Erase
One of the key points of GDPR is the ability for your users to update or erase their data.
Maître allows you to give them access to view and delete all or part of their data with a simple link that you can find by going to a subscriber’s page, opening the “Actions” drop-down and selecting “Profile link“.
You can then share that link with your subscriber so that they can change/update or erase their data.
Since the right to access/erase data is such a fundamental aspect of GDPR we have added the link to the footer of ALL emails that you send through our systems (Automation emails and Broadcasts).
Of course, you can, at any point, edit or delete subscribers information manually from your dashboard.
You can easily export a CSV of all your data by going to the Subscriber’s page on your dashboard. We have always had this feature, but now you can also go to a single subscriber’s page and export a CSV with just that subscriber’s data.
Since day 1 we have always enforced double opt-in for all subscribers. The only exception to that rule is if you use our API and manually disable double opt-in (but we record the call log).
This means that all your subscribers have already given permission to be emailed by you.
To take this a step further, all our widgets have an optional checkbox to clearly ask for consent (for example to confirm they accept the Terms&Conditions).
What do Maître Customers need to do?
There are two things that you might need to do depending on your situation and jurisdiction. Below are the only impactful changes that we can foresee that might affect you as a result of using Maître:
- If you are in the European Union you’ll likely want to sign a Data Processing Agreement with Maître. We’re happy to do so.
- You can review and digitally sign a copy of the Data Processing Agreement here. After you sign our DPA you will be able to download it in PDF. If you have any questions about its contents simply email firstname.lastname@example.org.
As always, I welcome your direct feedback. Let me know if you have any questions by sending me an email or directly in the comments section below.