All about the General Data Protection Regulation (GDPR)
Posted: Sat Dec 07, 2024 8:21 am
02 August, 2019 @ 4:14 pmby Gonçalo Sousain Business Database , Email Marketing , Digital Strategy , Digital MarketingLeave a comment
Share this article
Before learning what the mandatory rules of the General Data Protection Regulation (GDPR) in Europe and applied in Portugal are , you should ask yourself a question: what is a Database for digital or traditional Marketing?
Having information about your customers, from contact france email list details to their personal preferences, allows you to:
Increase sales through techniques such as email marketing or telemarketing , etc.
Recover old or undecided customers and take advantage of remarketing strategies .
Offer personalized promotions, tailored to each customer, based on their registered profile – such as payment preferences, previous purchases, etc.
Keep current and potential customers informed about news, special offers, etc.
Provide quality service, possible thanks to the recording of the specific characteristics of each client.
Mandatory Rules of the General Data Protection Regulation (GDPR)
The National Commission for the Protection of Computerized Personal Data (CNPDPI) is the entity in Portugal that determines the laws in force, namely:
The New Personal Data Protection Law
The Law regulating the processing of personal data and the protection of privacy in the Telecommunications sector
The General Data Protection Regulation (GDPR) came into force on 25 May 2018 and replaced the current data protection directive and law.
Before proceeding with this text, please consult the link below:
But what are the main ideas behind the new General Data Protection Regulation (GDPR) ? Check it out below!
Information to data subjects
The regulation requires information about the legal basis for data processing, the retention period and the transfer of data. All privacy policies and texts providing information to data subjects must be reviewed.
Exercise of data subject rights
The regulation requires that the rights of data subjects be exercised. Therefore, requests to exercise this right must be monitored and documented with maximum response times, the right to data portability, the deletion of data and the notification of third parties about the rectification or erasure or limitation of processing requested by the subjects.
Consent of data subjects
The regulation requires monitoring the circumstances in which consent was obtained from data subjects when this is the legal basis for the processing of personal data. There are a set of requirements for obtaining this consent and failure to comply with them requires obtaining new consent.
Nature of data
The regulation defines the concept of sensitive data subject to specific conditions for their processing (rights and automated decisions). An example of sensitive data is biometric data. Depending on the size and context, it may be mandatory to appoint a Data Protection Officer, who, if it is not in the company's interest to hire or appoint one, may contract this service externally.
Documentation and registration
The regulation requires keeping a documented record of all personal data processing activities. Organisations are required to demonstrate compliance with all requirements arising from the application of the regulation.
Subcontracting
The regulation requires the processor to ensure that it has all the necessary authorisations from the data controllers. Subcontracting agreements will need to be revised to include a wide range of information to protect data subjects' information, which is often processed by multiple entities without the data subjects' knowledge.
Data Protection Officer (DPO)
The regulation introduces the role of a Data Protection Officer, who will be responsible for monitoring security processes to ensure data protection in the company's day-to-day operations. Although this is not mandatory for all companies, the existence of a Data Protection Officer or an external service that guarantees this function can add significant value to compliance processes.
Security and Data Processing Processes
The regulation requires strict control of the risk associated with possible information theft. This risk control must be guaranteed by effective security measures that guarantee confidentiality and data integrity and prevent accidental or unlawful destruction, loss and alteration, or unauthorized disclosure/access of data.
Data protection by design
The regulation highlights the need to assess future data processing projects in advance and with due care in order to assess their impact on data protection and adopt appropriate measures to mitigate these risks.
Security Breach Notification
The regulation requires that all security breaches that result in a risk to the rights of data subjects be communicated to the supervisory authority as well as to the respective data subjects.
Fines
The regulation establishes a uniform application framework based on two levels (depending on severity):
In less serious cases , the fine may be up to 10 million Euros or 2% of the annual worldwide turnover, whichever amount is higher.
In the most serious cases , the fine may be up to 20 million Euros or 4% of the annual worldwide turnover, whichever amount is higher.
What is the E-goi Free Plan like ?
Taking all these factors into consideration, E-goi's free plan (Social One) is probably the best solution for those who are just starting out in Email Marketing, as it is much more than a free tool. In fact, you get 4 tools, all at zero cost! See what these tools are in the article E-goi Social One Free Plan: Much more than Free Email Marketing .
Share this article
Before learning what the mandatory rules of the General Data Protection Regulation (GDPR) in Europe and applied in Portugal are , you should ask yourself a question: what is a Database for digital or traditional Marketing?
Having information about your customers, from contact france email list details to their personal preferences, allows you to:
Increase sales through techniques such as email marketing or telemarketing , etc.
Recover old or undecided customers and take advantage of remarketing strategies .
Offer personalized promotions, tailored to each customer, based on their registered profile – such as payment preferences, previous purchases, etc.
Keep current and potential customers informed about news, special offers, etc.
Provide quality service, possible thanks to the recording of the specific characteristics of each client.
Mandatory Rules of the General Data Protection Regulation (GDPR)
The National Commission for the Protection of Computerized Personal Data (CNPDPI) is the entity in Portugal that determines the laws in force, namely:
The New Personal Data Protection Law
The Law regulating the processing of personal data and the protection of privacy in the Telecommunications sector
The General Data Protection Regulation (GDPR) came into force on 25 May 2018 and replaced the current data protection directive and law.
Before proceeding with this text, please consult the link below:
But what are the main ideas behind the new General Data Protection Regulation (GDPR) ? Check it out below!
Information to data subjects
The regulation requires information about the legal basis for data processing, the retention period and the transfer of data. All privacy policies and texts providing information to data subjects must be reviewed.
Exercise of data subject rights
The regulation requires that the rights of data subjects be exercised. Therefore, requests to exercise this right must be monitored and documented with maximum response times, the right to data portability, the deletion of data and the notification of third parties about the rectification or erasure or limitation of processing requested by the subjects.
Consent of data subjects
The regulation requires monitoring the circumstances in which consent was obtained from data subjects when this is the legal basis for the processing of personal data. There are a set of requirements for obtaining this consent and failure to comply with them requires obtaining new consent.
Nature of data
The regulation defines the concept of sensitive data subject to specific conditions for their processing (rights and automated decisions). An example of sensitive data is biometric data. Depending on the size and context, it may be mandatory to appoint a Data Protection Officer, who, if it is not in the company's interest to hire or appoint one, may contract this service externally.
Documentation and registration
The regulation requires keeping a documented record of all personal data processing activities. Organisations are required to demonstrate compliance with all requirements arising from the application of the regulation.
Subcontracting
The regulation requires the processor to ensure that it has all the necessary authorisations from the data controllers. Subcontracting agreements will need to be revised to include a wide range of information to protect data subjects' information, which is often processed by multiple entities without the data subjects' knowledge.
Data Protection Officer (DPO)
The regulation introduces the role of a Data Protection Officer, who will be responsible for monitoring security processes to ensure data protection in the company's day-to-day operations. Although this is not mandatory for all companies, the existence of a Data Protection Officer or an external service that guarantees this function can add significant value to compliance processes.
Security and Data Processing Processes
The regulation requires strict control of the risk associated with possible information theft. This risk control must be guaranteed by effective security measures that guarantee confidentiality and data integrity and prevent accidental or unlawful destruction, loss and alteration, or unauthorized disclosure/access of data.
Data protection by design
The regulation highlights the need to assess future data processing projects in advance and with due care in order to assess their impact on data protection and adopt appropriate measures to mitigate these risks.
Security Breach Notification
The regulation requires that all security breaches that result in a risk to the rights of data subjects be communicated to the supervisory authority as well as to the respective data subjects.
Fines
The regulation establishes a uniform application framework based on two levels (depending on severity):
In less serious cases , the fine may be up to 10 million Euros or 2% of the annual worldwide turnover, whichever amount is higher.
In the most serious cases , the fine may be up to 20 million Euros or 4% of the annual worldwide turnover, whichever amount is higher.
What is the E-goi Free Plan like ?
Taking all these factors into consideration, E-goi's free plan (Social One) is probably the best solution for those who are just starting out in Email Marketing, as it is much more than a free tool. In fact, you get 4 tools, all at zero cost! See what these tools are in the article E-goi Social One Free Plan: Much more than Free Email Marketing .