Learn more
Guide – Tracking compliance within the framework of the General Data Protection Regulation (GDPR)
The guide ‘Tracking compliance within the framework of the General Data Protection Regulation (GDPR)’ is also available as a download in PDF format in German, English and French.
|
Leitfaden DSGVO |
|
GDPR Guide |
|
Guide RGPD |
The EU GDPR (EU General Data Protection Regulation) was agreed on by the EU Parliament on 14 April 2016. It came into force on 25 May 2016. As of 25 May 2018, application of the EU GDPR is mandatory for all EU member states.
GDPR Checklist
In addition to the ‘Tracking compliance within the framework of the General Data Protection Regulation (GDPR)’ guide, we also provide a ‘GDPR Checklist’ which provides a concise list of the adjustments you should make in connection with the provisions of the GDPR.
The GDPR Checklist can be found in the following section: GDPR Checklist
Personal data
The GDPR is of particular relevance to the processing of personal data of EU citizens. In your capacity as an email marketer or Inxmail Professional user, you process your recipients’ personal data, which means that you need to uphold the corresponding GDPR provisions. Very stringent data protection requirements for email marketing already exist in Germany, as stipulated by the German Federal Data Protection Act and the German Telemedia Act; these already cover many of the chief requirements set out by the GDPR.
Person-based tracking
The EU GDPR has accorded a new significance to the practice of tracking recipient behaviour on a person-based level, and stipulates stricter penalties and sanctions as far as this is concerned. Within the scope of email marketing, tracking recipient behaviour on a person-based level entails collecting opening and click information and the ability to create corresponding recipient profiles. Recipient profiles can be used as a basis for creating personalised newsletters, for example.
Until now, users gave their consent to person-based tracking by subscribing to a newsletter, or, as was frequently the case, they were simply not informed that person-based tracking would be carried out. If a recipient wished to be excluded from person-based tracking, they would have to entirely forgo subscribing to a newsletter, if applicable, or unsubscribe from a newsletter.
Email marketers such as yourself must now determine whether the declaration of consent you are currently using for newsletter subscriptions also covers consent to personal tracking, as well as whether recipients have the option to withdraw their consent.
In order to ensure a greater degree of legal compliance regarding person-based tracking, you must decouple consent to newsletter subscriptions from consent to person-based tracking and offer a separate option for recipients to provide consent to the latter. Moreover, you must ensure that recipients can withdraw this consent without having to unsubscribe from the newsletter in question, and that this withdrawal is logged in the status history for the consent.
What you will learn from this guide
Inxmail Professional 4.7 contains a range of new functions as well as changes to existing functions so that you can implement the requirements set out in the EU GDPR. For example, it includes options to obtain consent to person-based data processing from your recipients, options to withdraw consent and the option to store personal data in an anonymised and therefore GDPR-compliant form.
This GDPR Guide will provide you with an overview of all new and changed functions in Inxmail Professional 4.7. As such, it will also provide you with a detailed overview of what you need to bear in mind if you would like to process data and generally work in a GDPR-compliant manner.
At numerous points in this guide, you will be advised to refer to Inxmail Professional user documentation or online help for further, more detailed information.
Additional information
You can find further information related to the GDPR on our website.
