The General Data Protection Regulation (GDPR) was introduced by the European Union (EU) in 2018 to protect the personal data of EU citizens. The new legislation enshrines the principle that a citizen’s personal data belongs to them and not to the organisation collecting it.
Replacing the Data Protection Directive 95/46/EC, GDPR has been designed to protect the data privacy of all EU citizens. It empower them to control the what, when, how, where and why their personal data is used, stored, processed or deleted.
The scope of the GDPR goes beyond the borders of the EU, creating implications for any organisation that works with the personal data of any EU resident and making them responsible for the protection of that data.
High Standards Of Data Security
GDPR compliance and data protection are fundamental to our business. We understand that we have a high duty of care to protect our customers’ data, and our internal policies and procedure reflect this. Our approach is open and honest, aiming to give confidence to our customers on our integrity.
Spotler complies with the provisions of GDPR both in our capacity as a Data Controller of our customers’ personal data and as Data Processor for customers of our CRM. See our CRM GDPR Compliance Statement.
All customer data is stored within the EU in data centres that are ISO27001 compliant, with data on our production servers encrypted at rest.
All our sub processors, where we store or pass personal data, are GDPR compliant.
We have in place a Data Protection Officer, a Breach Notification Process and policies for Right to Erasure & Data Portability.
All our staff are subject to our Customer Data Access Policy enforced in their employment contracts.
Supporting Our Customers
GDPR is the biggest marketing and compliance challenge businesses have faced for some time. It’s important to us to support our customers as they adapt to the changes. Over the last couple of years we have written several articles and presented monthly webinars explaining what GDPR compliance is about and what organisations need to do to prepare for the legislation.
Whilst we stress that we are not qualified to give legal advice, we are happy to help interpret the legislation and give our opinions on what is needed.
We have also made developments to our integrated Marketing Module to include compliance tools for email marketing.
CRM GDPR Compliance Features
Our integrated Marketing module includes built-in GDPR compliance features, that allow users to capture and store consents. Our compliance features enable customers to collect mailing consent from new leads via a website form and from an existing contact database. The Mailing & Consent Lists features records consent opt-ins and keeps an auditable log of when, how and from what IP address the consent was granted.