What is GDPR?
The GDPR is a European Union law that imposes strict obligations on the way businesses use their contacts' personal data. Per GDPR regulations, every business is required to be transparent with their audience about how and why they are collecting data, and collect only the necessary information from them. Businesses are also liable for the safety of their contacts' information and are subject to penalization for any breaches.
In short, GDPR outlines a set of rights for data subjects (people whose data is managed by a business), with which every business marketer must comply.
Be GDPR-ready with Zoho Marketing Automation
Whether it's tracking visitor behavior on websites, collecting contact information through online forms, or targeting specific website visitors/contacts to send marketing campaigns, Zoho Marketing Automation's activities generate data that's considered personal under the GDPR.
Here's everything you need to know about how Zoho Marketing Automation helps you stay GDPR-compliant:
Maintain quality mailing lists with double opt-in
With a double opt-in process, you only let subscribers who are genuinely interested in hearing from you onto your mailing lists; i.e., every individual that submits data through a signup form will receive a confirmation email with which they can either accept or deny their subscription. Simply put, double opt-in is your way to build clean and healthy mailing lists. You can enable double opt-in via the Settings module whenever required.
Process personal data on the right lawful basis
You might have various purposes for processing your contacts' data, but to comply with the GDPR's data processing principles, you are required to determine the right lawful basis for each purpose. Whether you have one purpose for processing or many, Zoho Marketing Automation's GDPR-compliant marketing enables you to process data under one of these six lawful bases:
- Consent Required
- Legal Obligation
- Legitimate interest
- Public Tasks
- Vital Interest
Adopting this method helps you organize the way you collect and handle personal data. When you bring your contacts through any source to Zoho Marketing Automation, you can select one of these lawful bases for processing your data.
Note: We always recommend that you seek legal counsel for assistance with identifying the appropriate lawful basis for each of your data-processing activities.
Be transparent with personal data
Make your subscribers feel secure that you are using their information in the right way. The GDPR affords contacts a Right of Access, which means that they can access their personal data whenever they wish. Zoho Marketing Automation enables you to export contacts' personal data in machine-readable formats so you can email the data when they request it.
Note:We recommend that any file that contains contact information be password protected.
Allow contacts to choose what they want to receive
Target contacts with engaging and timely content based on their interests by including a Manage Preferences merge tag in your email. This makes it easy for your contacts to update what type of emails they'd like to receive, thereby increasing your engagement rates.
Keep your contact records up-to-date
Per the GDPR's Right to Rectification, contacts should be able to edit their personal data as needed. Zoho Marketing Automation facilitates this by including an update profile link in your email footer.
Enable contacts to delete their personal data
Contacts have the right to request that you delete their personal information, per the GDPR's Right to Erasure/Right to be Forgotten. Whenever a contact feels their information is no longer necessary for your organization, they can access the unsubscribe link from the email footer, where an option to erase personal data is provided.
Collect and process visitor data
Zoho Marketing Automation doesn't collect personal data from any website visitor who participates in any website activity. The cookie data used to map activities isn't associated with any IP address; all the tracked data of visitors is stored with anonymized IP addresses, so you can safely capture, process, and use it without infringing on your website visitors' data privacy.
Additionally, you can filter specific IPs at the portal level using the IP filter option, which you can use to specify a list of IPs to be excluded from all portal activities. This way, any visitor who accesses your test from the IP addresses you've excluded won't be tracked as visits in the report.
Access reports and configurations
Any user you invite to be a part of an organization or workspace will have access to reports and configurations, but their degree of access will depend on the type of role you've assigned to them. You can also export reports to any user you wish to by protecting the files with passwords.
If you're integrating with any other third-party tools, please take a look at how thoroughly they comply with the GDPR to ensure you're taking the right steps to be GDPR-compliant as well.