Under GDPR, there are two different entities - data controllers and data processors. Data controllers own and control what information is being collected, and why the data is being processed. Processors are responsible for exercising control of the data they process and the security of that data.
In the case of Terminus' email signature marketing platform and its customers, Email Experiences acts as the data processor and customers act as the data controllers.
How does Email Experiences handle GDPR?
To meet GDPR and specific customer needs, Email Experiences offers a variety of data management features, including tools to view and delete user information on demand from within the application.
To find these features, login as an admin and navigate to your Email Experiences Settings. Locate the tab labeled Privacy & Data.
The Privacy & Data tab has 3 key features to help with GDPR compliance:
- Export Recipient Data
- Delete Recipient Data
- Company Data Retention
Export Data Archive & Delete Individual Recipient Data
If you have a user that has requested all information you have about them, Email Experiences can provide any data that we have about that user. Add his or her email address to the “Export Data Archive” section, select which data you would like to have exported (contact record and/or engagement data), and click Export Data.
Similarly, if a user requests to have their information deleted, enter his or her email address into the Delete Individual Recipient Data section. Please note that these requests take 1-2 business days to process, and will be sent to the Email Experiences admin upon completion.
Along with exporting and deleting user data, GDPR stipulates that you can only keep user data for as long as it is necessary. Because of this, Email Experiences admins can set how long engagement data will be stored in Email Experiences. Just select a timeframe from the drop-down menu and click Save! Data that is older than the stated timeframe will be deleted from the application automatically.
Data Protection Agreements
A large part of GDPR is documenting what data is being processed and why. Data Processing Agreements (DPAs) outline and set expectations between Terminus and its customers when it comes to processing data. This allows for transparency and, as a data processor under the new GDPR, Terminus is willing to sign DPAs with our customers. Every industry has a different set of regulations and Terminus will ensure that we align to those requirements.
Not sure what a DPA should look like? Reach out to us at firstname.lastname@example.org and we can help provide examples of what one should look like.
Why is this important to you?
One of the biggest changes under GDPR is joint responsibility for data processing and privacy. Companies are now responsible for the data they send to their third party vendors, and what the vendors do with that information. Terminus’ GDPR features and transparency make us one less thing to worry about with the sweeping privacy changes outlined by GDPR. As the new regulations continue to evolve, Terminus and Email Experiences will be ready for them!