Earlier this year, we committed to being ready for the European Union’s (EU) General Data Protection Regulation (GDPR), due to come into effect May 25, 2018. Today, we’re thrilled to announce new GDPR-ready features, set to roll out over the next week. These features are designed to help you in your privacy efforts, and to make the transition to GDPR-compliance easier.
Who needs to be GDPR compliant?
If you send emails to EU residents, the GDPR is relevant to you, even if you’re not based in the EU. It applies to any organization that processes the personal data of any EU citizen or resident — for example, customers, prospects, employees, and even someone who happens to visit your brand’s website.
If you’re an email marketer, it’s more than likely the GDPR applies to you.
Subscriber consent
The GDPR requires that any processing be done with lawful purpose. Of the options outlined by the regulation, consent is best suited to marketers and their subscribers. We’ve updated our subscriber-related features to take this into account.
Subscribe pages and preference centers
Soon, you’ll be able to ask for consent right from your subscribe page. You’ll also be able to link to your privacy and cookie policies if you have them, directly from the form. Existing subscribers can change their own consent settings in their preference center, providing you enable the option to do so.
File imports and adding subscribers manually
Before importing subscribers from a file or adding them manually, you can add a “consent to track” column, and set each subscriber’s consent to yes or no. After upload, you can then match this data to a “consent to track” field. If no consent to track value is provided, the field value remains unchanged — if there is no existing value, it is assumed the subscriber has given their consent to be tracked.
Subscribers added via API
A number of Campaign Monitor’s API endpoints will soon be updated to version 3.2. When working with email subscribers or transactional email recipients on 3.2, you will require an additional, mandatory consent to track parameter, with a value of yes, no, or unchanged. If you’re already using an older version of the API, nothing will change for you.
Account security
Data governance and security are incredibly important. In addition to new GDPR features, we’ve been working to make things safer and more secure for your account.
Stronger passwords
The minimum password length has been increased to eight characters for new accounts, and anyone who changes their password.
Two-factor authentication
You’ll soon be able to turn on two-factor authentication for your account, which requires both a password, and a code from your phone. It adds an extra step to the login process, but the security benefits are worth it. Depending on the version of Campaign Monitor you’re running, head to Account Settings or Manage team to make the change.
Session timeouts
To further protect your account, we’ve changed how long you can stay logged in to Campaign Monitor. After 12 hours of inactivity, you’ll be asked to log in again.
Wrap up
We’ll be rolling these updates out to all Campaign Monitor customers over the next week. They’re designed to make gathering subscriber consent easy, to provide more robust data security, and to build a more trusting relationship with your subscribers.
For more information, feel free to contact our team.