Everyone has heard of it... Since the introduction of the General Data Protection Regulation – better known in Belgium by its English name GDPR – there has been a lot of talk about the compliant processing of personal data within the European Union (and the EEA). These regulations apply to companies and organizations that collect, store, and transmit personal data.
For a long time, it was unclear how data transfers to American organizations would proceed, until the European Court of Justice invalidated the Privacy Shield in July 2020. Since then, data transfers to marketing solutions from the US have been considered a violation of GDPR regulations.
Goodbye American marketing solutions!
In July 2020, the European Court of Justice invalidated the Privacy Shield, meaning that data transfers to US organizations no longer comply with GDPR regulations.
This has implications for the use of American marketing solutions such as Mailchimp, with concerns about data privacy and the access of American intelligence agencies to European data. This can lead to violations of European privacy legislation (GDPR) and the Dutch AVG, with potential fines as a result.
In this blog post, we want to make you aware of the legal risks of using non-EU email marketing software and provide an action plan to address this.
What does this mean for you and the personal data your company processes?
Simply put, it means that your personal data may no longer be processed in the United States, among other places. And the fact that your software is available in Dutch or that Dutch-language support is offered by the system does not change the fact that your data is stored on American mail servers.
We will not delve deeper into this matter in this blog post. We would like to use this platform to make you aware that your data is being processed unlawfully if you use a non-EU email marketing system, and what action plan you can implement to address this!
Welcome Dynamics 365!
Microsoft is continuously monitoring and adjusting GDPR legislation to ensure compliance. For each country, you can rely on the local branch, for example, Microsoft Brussels (Zaventem), with which Scapta has a close working relationship.
Curious about where the data centers for your solution are located?
Find out on this interactive map:
Figure 1: Dynamics 365 Customer Insights Data Center
The path to a GDPR-compliant data policy
Regardless of the solution you choose for your organization, the path to a GDPR-compliant data policy is best achieved through the following 4 steps:
- Identify: Identify the personal data you have and where you store it.
- ManagesInvestigate how personal data is used and accessed
- ProtectProtect, detect, and respond to vulnerabilities and data breaches using security controls.
- ReportRespond to data requests, data breaches, and manage your GDPR documentation.
Do you have any further questions about this topic or are you interested in implementing Dynamics 365 Customer Insights for your company? Don't hesitate to contact us using the contact form below. We're ready to help you!
author: Steven Seerden