I posted this query a month ago but we have still not received any reply on how AC will enable us to comply with GDPR. We are now only a month away from this legislation coming into law in Europe and there are potentially very significant fines for any organisations which have not taken steps to comply - up to 4% of the global annual revenue for any organisation found to be non-compliant.
Some of the specific questions I need to know answers for are:
-
Are there any plans for a European Active Campaign data centre so that the data does not go outside of the European Economic Area ? If not what protection is provided for personal data of EU/UK citizens held in a US data centre?
-
Is there any automated retention functionality planned to assist in removing records which are no longer needed, or is this down to us to implement automations to do this?
-
The legislation supports the ability to forget an individual on request. How will this be supported? Is it simply be deletion of the record associated with an email address or will there be a way to mark an ‘individual’ as forgotten? Also does any deletion apply to backups/archives ?
-
Is any encryption functionality planned for enabling the protection of sensitive personal data?
-
I assume that the preferences requirements will be achieved through the opt-in functionality associated with lists? Will there be any further help here ? It would be useful to have an article explaining how to use various features to comply.
The charity I work for is still trying to ensure we are compliant before the legislation comes into law in a month’s time and we haven’t yet gone live with our Active Campaign database. At the moment I am uncertain whether it is safe to do so until these questions are answered.
I would be grateful if some answers could be posted.