The General Data Protection Regulation (GDPR) is a privacy regulation that was enacted by the European Union (EU) in April 2016. Its purpose is to safeguard the privacy rights and control over personal data of citizens in EU member countries within the digital realm.
The landscape of the internet and its usage has undergone significant changes since the inception of privacy laws in the 1990s. The EU posits that by granting individuals greater control over their digital footprint, trust in online businesses will be fostered. This, in turn, is expected to enhance the likelihood of citizens engaging in online transactions and consequently boost the digital economy.
The GDPR came into effect on May 25, 2018, and non-compliance with its provisions can result in severe financial penalties. The following sections offer a concise overview of important terms, implications, and ConnectPlex's role in adhering to GDPR.
The glossary below provides clarity on essential terms employed in the GDPR:
One crucial aspect of the GDPR that can potentially pose challenges for businesses is the stringent requirement for consent from individuals. To collect and process personal data of Europeans, marketers and services like ConnectPlex must establish a "legal basis."
Two common legal bases are:
Consent of the data subject
A "legitimate interest" in utilizing the data that is not outweighed by fundamental "rights and freedoms," taking into account data subjects' "reasonable expectations" regarding data usage.
The GDPR identifies "direct marketing" as an example of a likely "legitimate interest." However, it is worth noting that the GDPR leaves certain questions unanswered, and the interpretation of these provisions may be subject to court rulings in the future. Based on current legal interpretations, ConnectPlex (and others) believe that most B2B marketing activities, such as newsletters and direct marketing, qualify as a "legitimate interest" if implemented thoughtfully.
Conversely, campaigns that lack targeted relevance based on industry or position may not fit the criteria for a "legitimate interest." Therefore, it becomes increasingly important for B2B marketers to utilize data wisely and tailor their campaigns and marketing efforts accordingly.
It is crucial to understand that these requirements only apply to prospects located within the EU. If you are emailing individuals outside the jurisdiction of the GDPR, there is no need to be concerned about these regulations.
ConnectPlex's Compliance with GDPR
At ConnectPlex, we are committed to maintaining compliance with GDPR for the benefit of our company and customers. Due to the complexity of our data handling processes, our compliance efforts are equally intricate.
Our Privacy Policy and Terms of Service include a Data Processing Addendum, which grants users control over their data and enables them to access or delete their information from our system, among other rights.
Data security plays a significant role in our GDPR compliance efforts. To maintain a high level of security, we have undertaken the following measures:
ConnectPlex has obtained SOC 2 and ISO 27001 security accreditations. These accreditations evaluate ConnectPlex's controls pertaining to data security, availability, and confidentiality. To achieve these certifications, ConnectPlex had to demonstrate the effectiveness of its controls and their ability to uphold security, availability, and confidentiality over a specific period.
ConnectPlex has implemented advanced data controls, including encryption of all user data. This measure is designed to protect customer data from leaks and malicious intent. Our team regularly conducts product testing to identify and resolve any potential issues, adhering to the highest standards of information security in the industry.
ConnectPlex has developed data incident response processes, which are regularly tested for ongoing effectiveness.
ConnectPlex has established procedures for data recovery and integrity to assist customers in the event of data loss or unintentional corruption.
ConnectPlex has implemented systems to safeguard customers' rights over their own data within our platform.
Key data sub-processors of ConnectPlex, such as Amazon Web Services (AWS) and Google Cloud Platform, have also achieved high-level security standards (SOC 2 and/or ISO 27001 certifications where possible) and have undergone rigorous security evaluations.
GDPR delineates distinct requirements for "Processors" and "Controllers" of data. In the case of ConnectPlex, we operate as both a data controller and a data processor. As a controller, we assist users in acquiring data and ensure our own compliance. As a processor, we facilitate communication with prospects on behalf of our users.
ConnectPlex is currently in compliance with the GDPR as a data controller according to the standards set forth in the regulation. We manage the data we collect to ensure compliance and consider it our responsibility to educate our users, enabling them to remain informed and compliant while utilizing our data.
Our users have the option to exclude citizens of EU member countries, thereby protecting themselves from inadvertently contacting individuals they shouldn't. This feature saves our customers the time and effort of manually reviewing prospect lists for compliance purposes during their prospecting activities.
ConnectPlex customers who sell or market to EU citizens must be transparent about their intentions regarding personal data collection and obtain consent from individuals before sending them any information. If any form of communication is sent, recipients must be provided with the ability to opt out of receiving future messages. If our customers use ConnectPlex as their sales engagement platform, they can incorporate opt-out links within their emails.
Additionally, ConnectPlex has the capability to enrich data related to EU citizens, provided our users already possess their contact information. For example, if a user has the email address and name of an individual working for L'Oréal Paris, we can enrich their data with title and company information. However, this enrichment is only applicable if it serves data hygiene and cleanliness purposes or if there is a good faith reason to believe that the recipient has a demonstrated interest in receiving the information or offer, such as information that aids them in performing their job.
As data controllers, ConnectPlex maintains our own compliance and supports users in their compliance efforts. Nevertheless, we highly recommend that all our customers familiarize themselves with the regulations and seek additional guidance from privacy advisors if they have any remaining questions.
In addition to the aforementioned precautions and measures, ConnectPlex has completed and will continue to undertake the following actions to ensure compliance as a data processor:
Collaborating with our legal counsel, as well as the legal counsel of our customers upon request, to ensure full preparation and compliance.
Evaluating every use case within our platform to provide comprehensive justification for each decision in the event of legal scrutiny.
Establishing internal workflows to promptly and thoroughly fulfill data subject requests.
Conducting a thorough review of all requirements and implications for data processors, including cases where we may be considered a joint controller.
Updating contact information and notices to facilitate communication between data subjects and customer data controllers, if necessary.
Acquiring all necessary resources to fulfill ongoing compliance requirements and documentations mandated by GDPR.
Updating and maintaining data security standards and workflows to meet all GDPR requirements.
Reviewing customer contracts, when necessary, to ensure clear articulation of a path to legal compliance and to outline our responsibilities to avoid any potential confusion that may result in penalties.
We understand that laws and regulations may continue to evolve, and we are committed to maintaining compliance and assisting our customers in doing the same.
If in ambiguity, it is recommended to consult with attorneys who specialize in data privacy or engage a dedicated data protection officer. For any questions related to ConnectPlex, we are more than happy to provide assistance.