About the General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) is a privacy law enforced in the European Union (EU) and also applicable to businesses outside the EU that process personal data of EU citizens. While the GDPR primarily applies to EU-based businesses, it may have an impact on organizations worldwide, including Mediainfini, as we handle personal data of EU citizens.
To process personal data of EU citizens, including through Mediainfini, it is important to have a legal basis, with consent being one of them. Under the GDPR, users of Mediainfini must rely on explicit and verifiable consent as the legal basis for processing personal data. This means that individuals must provide clear and unambiguous consent for the specific purposes of data processing.
Verifiable consent involves maintaining a written record that demonstrates how and when individuals authorized the processing of their personal data. Within Mediainfini forms, we collect and store the IP address, email address, and timestamp of form submissions to ensure verifiable consent.
Actions to Ensure Compliance with GDPR
To comply with the GDPR and handle personal data of EU citizens appropriately, the following actions should be taken:
1. Obtain Explicit Consent: Use Mediainfini’s subscription forms with a clear and unambiguous opt-in checkbox, ensuring that individuals actively consent to receive emails from you. The checkbox should not be pre-selected, and subscribers should be informed about the purposes of data processing.
2. Right to be Forgotten: Provide a simple and easily accessible unsubscribe mechanism in all email communications sent through Mediainfini. This allows subscribers to opt-out and have their data removed from your mailing list. Include an UNSUBSCRIBE link in the footer of your email campaigns.
3. Right to Access/Rectify: Enable subscribers to update their profile information and manage their data preferences. Include a link to update profile information in the email footers of your campaigns. Act promptly upon requests from subscribers to modify or delete their data.
4. Privacy Protection: Safeguard the security of subscriber data by implementing appropriate technical and organizational measures to prevent unauthorized access, loss, or misuse of personal data.
5. Data Portability: Allow subscribers to export their personal data from your Mediainfini account, facilitating their ability to access and transfer their data.
6. Provide Breach Notification: In the event of a data breach that poses a risk to individuals’ rights and freedoms, notify the affected subscribers and relevant authorities promptly. Utilize your Mediainfini account to send mass email notifications to your subscriber base.
Under the GDPR, EU citizens have various rights regarding their personal data, including the right to access, rectify, restrict processing, and erasure of their data. They also have the right to object to processing and data portability.
Mediainfini’s Preparation for GDPR
As an organization based in India, we understand the importance of complying with data protection regulations. While the GDPR primarily applies to EU-based businesses, we are committed to aligning our practices with GDPR principles to enhance data privacy and protection for all our users, regardless of their geographic location. We have reviewed and modified our internal policies and practices to ensure compliance with applicable data protection laws.
Please note that this information is not legal advice, and it is recommended to consult with legal professionals for specific guidance on GDPR compliance.