What is GDPR
GDPR – General Data Protection Regulation is the set of rules designed to give citizens of European Union more control over their personal data. The GDPR framework applies to organizations in all member-states and has to be implemented by businesses and individuals across Europe and beyond.
GDPR applies to all the companies processing the personal data of subjects residing in the EU, irrespective of company’s location. Companies outside the EU processing the data of EU citizens need to appoint a representative in the EU.
Impact of GDPR on your business
GDPR affects all businesses worldwide and not only European.
Companies failing to comply with GDPR may face a significant fine. Whether your company is running a European business or it handles the personal data of European citizens, it must comply with the regulations to avoid being fined. Non-compliance or breach of GDPR can attract a fine up to 4% of annual global turnover or approximate $24.5 million, whichever is greater.
Who needs to comply with GDPR
GDPR dictates the set of rules and regulations for handling European personal data and it is enforceable since May 2018. The European Commission has exported data protection principles to the rest of the world.
GDPR compliance is must if:
- A European business controls or processes the personal data.
- A business irrespective of its location controls or processes personal data of EU citizens regardless of where they live.
For e.g., If you are a company based in the US, and all your customers reside in the US, compliance with GDPR is must if any of your customer(s) is a European citizen.
If your business collects personal data like name, address, email address, telephone numbers etc, and any them happens to be the citizen of EU then GDPR compliance is the must.
Privacy shield framework is no guarantee for GDPR compliance
Details regarding Privacy shield framework disclosed by the Email verifiers is mere a self-certification method for US companies. However, it is not necessary that a US company with Privacy shield certification is GDPR compliant. Also, there are no signs showing that a US business with privacy shield certification can be trusted in terms of GDPR.
There are certain loopholes that are still to be addressed as far as Privacy shield certification is concerned one of them being “False Self-certification”.
How to choose an Email Verification service to avoid being fined.
Having your business GDPR compliant is not enough, the email verification service you are going to use also must comply with GDPR. Sharing data with non-GDPR vendors can land you in big trouble and might take out your business as well.
Before sharing personal data you must make sure of the following
1. The legitimacy of business – Having a good presence over the web does not prove the legitimacy of the company. Prior research regarding company name, registered address and it actually exists is the must.
2. Written contracts – Written contracts ensure that both data controller and processor understands their responsibilities and liabilities. As a data controller, the customer is liable for the email verifiers compliance with the GDPR and must only appoint an email verification service who can provide “sufficient guarantees” that the requirements of the GDPR will be met and the rights of data subjects will be protected.
4. Data protection officer – Under GDPR set of rules, businesses that carry out large-scale processing of special categories of data must appoint DPO. All the email verification services process large-scale data, if they have not appointed a DPO, they are not allowed to process data of European Union citizens.
How to identify illegal Email Verification services
1. Published company name and address – Before signing-up it is really necessary to check whether company name and address is published on the website. Also, the responsible person for data protection needs to be checked. If any of the details are missing it would not be feasible to take services of such email verifiers.
2. Privacy and data protection policy – If either of the policy is not published on the website, then a company can’t be entrusted for GDPR compliance.
3. Data protection officer – Email verifiers are required to hire a DPO by law, stay away from the vendors who operate with a dedicated data protection officer.
1. Personal Data – Personal data under GDPR means any information relating to an identifiable person who can be directly/indirectly identified in particular by reference. Email address is the personal data here, you must have a significant basis in order to process personal data, such as rock-solid opt-in process and means to secure data.
2. Data Controller – Here customer or the user of email verification services is termed as Data controller. Data controllers are not relieved from obligations where an email verification service is involved. GDPR places further obligations on the Data controller to ensure all the contracts with email verifier is GDPR compliant.
3. Data Processor – A processor is one who is responsible for processing data on behalf of a controller. Here, the email verification service is the data processor. Email verification services are required to maintain records of personal data and processing activities. Email verifiers have legal liability if responsible for the breach.