The new general data protection regulation (EU GDPR) has a direct impact on marketing practices, including email marketing. With GDPR effective date coming on 25 May 2018, all marketers concerned with GDPR need to change rapidly how they seek, obtain and save consent. Mailjet being an Email Marketing actor, we gathered precious information for you to create this GDPR toolkit. Let our guide help you to understand, prepare and comply to the European regulation before the due date, and even after.
We are proud to announce our complete implementation of all GDPR’s rigid requirements as of December 2017. Due to our efforts, we have obtained the AFAQ certification from AFNOR Certification. See our press release for more information and also our compliance road map on the steps we took over the 2017 year.
Here is a snap-shot of the steps that Mailjet took on its GDPR compliance journey.
We highly value our customers data privacy and protection. Please have a look at our Privacy Policy for more information on how we manage, process and store your data submitted in the context of providing our services.
We classified the policy in six parts :
We also provide specific Data Protection Agreements to our clients who would be the Data Controllers. You can contact us on privacy@mailjet.com should you wish to obtain this DPA.
We respect the rights to information, to modification, to data portability and the right to be forgotten and can treat these requests in a quick manner.
Our client or the data subject can open a support ticket through our website or can send an email request to us at privacy@mailjet.com. We respond directly to the request and will inform our clients if they are concerned.
It is important to us that all the actors involved in the data flow, including our third party providers, respect data privacy and we vet these providers closely.
We have in place contractual clauses ensuring the proper technical and organisational measures are in place with all our sub processors and also if necessary EU Model Clauses. We also send out third party questionnaires and include a right to audit in our contracts so that we can ensure their compliance with these obligations.
Here is a snap-shot of the steps we took in our vetting process:
Allowing your contacts to easily subscribe and unsubscribe are equally important in achieving compliance with EU GDPR.
We have specific data breach notification procedures in place when Mailjet is a controller and when Mailjet is a processor of the personal data and respect the deadlines of the GDPR in communicating any breach.
If an issue is detected on Mailjet monitoring or by the others teams working on the platform, it is directly reported to Mailjet IT team. The Incident Response Plan includes C-Level action in addition to real time messaging to define the issues and measures on the platform. Thanks to that, we can ensure a communication plan for our clients.
Mailjet reports any incidents to https://status.mailjet.com/ (email and SMS notification also available upon specific request). The client will be contacted if the incident has affected their data.