Compliance with European General Data Protection Regulations (GDPR)

SOLVED
Go to solution
Member

Compliance with European General Data Protection Regulations (GDPR)

From what I understand of the General Data Protection Regulations (GDPR), personal information on European citizens will need to be physically stored in EU data centers.  It seems to me that contact information (names, phone numbers, email addresses, etc.) stored in Constant Contact qualifies as personal information.

 

I cannot find any reference to the GDPR on the Constant Contact website or community forums.

 

What is Constant Contact doing to ensure that its customers will be GDPR-compliant when these regulations take effect in 2018?

 

1 ACCEPTED SOLUTION

Hello all,

 

Because Constant Contact has always been a permission-based email marketing system, we've already got many tools that will help our customers who may have GDPR obligations and we'll be adding more. We have developed a guide that goes over GDPR and covers tools they can use right away. Click here for the guide. This guide can also be found in our Help Center. As more information and tools become available we will update our customers here and elsewhere.


Nick S.
Social Media & Content Manager

You're not alone on your email marketing journey. Connect with a Marketing Advisor to see how they can help you develop the right strategy for your business and get the most out of your Constant Contact experience.

View solution in original post

81 REPLIES 81
Moderator

Hi @FrankS27

 

You ask a great question. I reached out to a couple of different teams here to see what I could find out about these regulations. Our teams are aware of the GDPR and will keep our European customers in the loop on any effects or changes that may occur due to these regulations. At this time I do not have any other details, but please know that if you're located in Europe then you will be hearing from us as we approach 2018 when the GDPR goes into effect. 

Natalie B.
Social Media Marketing Manager

Thanks Natalie. I notice you refer to "European customers."  I am a CC customer located in the United States, but my mail list has thousands of contacts in Europe.  Are you sure that I am not required to comply with the GDPR.

 

Also, since Constant Contact is holding my contact information, doesn't CC need to comply with GDPR?

 

Thanks in advance for your help.

 

--Frank

I am still waiting for a reply to my question in my previous reply. 

Hi @FrankS27

 

I'm sorry about the tardiness in my reply! I reached back out to our Compliance teams here and clarified that yes, we will be issuing a communication to anyone who may be affected by the European General Data Protection Regulations, not just our European customers. I do not have any other information about the GDPR and Constant Contact at this time, but our Compliance and Legal teams are working to prepare for when the GDPR goes into effect in 2018. 

Natalie B.
Social Media Marketing Manager

Hi Natalie, is there any update on CTCT's stance on the GDPR? 

Thanks.

Cornelia

Hello @Cornelia_C,

 

Thank you for following up. We will be reaching out to our Compliance team to see if there has been an update and if we learn anything new we will update here. 


Nick S.
Social Media & Content Manager

You're not alone on your email marketing journey. Connect with a Marketing Advisor to see how they can help you develop the right strategy for your business and get the most out of your Constant Contact experience.

Hello, everyone!  

 

Thank you for posting about this. We are working towards the GDPR requirements by the enforcement date set in the regulation - May 2018. As we get closer to this date, we can share more information on our progress. 

Occasional Participant

This response is entirely unnacceptable - i am leaving CC and cancelling my subscription - in my view this is entirely irresponsible.

Hello @TomP255,

 

I sincerely apologize for the lack of recent updates regarding compliance with European General Data Protection Regulations (GDPR). Please be assured that we will share the information as soon as possible not only responding in this community thread but in mass mailing overall.

I understand the need to plan for the future and I completely understand if this affects your organization negatively. I would hate to see you leave Constant Contact but I also understand if you needed to make the informed decision.  I apologize that I would not able to assist in cancelling account, but our billing team could help with that. See how to contact billing here.

 

Thank you,

Liz M.
Customer Engagement Specialist

If you find my post helpful, and it answers your question, please mark it as an "Accepted Solution" by clicking the Accept as Solution button in the bottom right hand corner of this post.

Increase your profitability by integrating your email marketing and social media. Download this guide and learn how you can achieve great results with email marketing and social media combined!

Hi CTCT,

 

Given the last correspondence on this thread was back in May, could I please request an update on Constant Contact's compliance with GDPR?

 

Does the EU-US Privacy Shield effectively cover this new regulation? We would need to enforce organisational changes ahead of May 2018 if this is not the case, so an idea of when information will be shared will be extremely helpful.

 

Kind regards

 

 

Hello @World-Obesity. At this time, we are still working our way towards GDPR requirements by May 2018. I'm sorry that I am unable to provide any additional information but we will certainly update our customers once we have an update about these requirements. 


Caitlin M.
Community Manager
Did I answer your question? If so, please mark my post as an "Accepted Solution" by clicking the Accept as Solution button in the bottom right hand corner of this post.

You're not alone on your email marketing journey. Connect with a Marketing Advisor to see how they can help you develop the right strategy for your business and get the most out of your Constant Contact experience.
Occasional Participant

Hi.

 

It is concerning that Constant Contact is still unable to provide any additional information about how the platform will be compliant to GDPR. One of the requirements for companies not be fined is to make sure their partners are GDPR compliant and if Constant Contact does not attend the requirements in time, I'm sure not only our company will not be able to work with Constant Contact anymore, but also other companies that use European data.  

I hope to hear an update as soon as possible.

 

Thanks

I wanted to share the latest information I have regarding GDPR as I know you are keen to understand our status. Constant Contact's compliance team is currently running a program to ensure we will be ready for GDPR. We will keep you updated as we have more visibility in the coming months.

Best
Cornelia

Hello @KarenC3502 & @World-Obesity

 

Thank you for bringing your concerns to us about the data privacy regulation, GDPR. I reached out to our internal teams who are handling this and wanted to give you an update. This new regulation has many factors and our Compliance teams are working through the specifics.  As of right now, we can confirm that the Constant Contact GDPR compliance program will address compliance including updating 3rd party contracts with appropriate GDPR controller/processor obligations, being able to respond to data subject rights request, updated consent mechanisms and the ability to respond to security breaches within the defined timeframes. When we have finalized documentation and processes around this, we will make sure to keep our customers informed.

 

Thanks, 

 

This is hopeful news. Thank you.  Please continue to keep us posted.

 


@Samantha_O wrote:

Hello @KarenC3502 & @World-Obesity

 

Thank you for bringing your concerns to us about the data privacy regulation, GDPR. I reached out to our internal teams who are handling this and wanted to give you an update. This new regulation has many factors and our Compliance teams are working through the specifics.  As of right now, we can confirm that the Constant Contact GDPR compliance program will address compliance including updating 3rd party contracts with appropriate GDPR controller/processor obligations, being able to respond to data subject rights request, updated consent mechanisms and the ability to respond to security breaches within the defined timeframes. When we have finalized documentation and processes around this, we will make sure to keep our customers informed.

 

Thanks, 

 

Hi everyone, 

 

Today our teams released additional details in regards to the GDPR. I wanted to make sure you are all kept in the loop, so please take a look at this article for more information. The article addresses the following things:

 

gdpr.png

The article also provides contact information where you can direct additional questions should you have any. I hope that helps and please let us know if there's anything else we can do to assist. Thank you!

 

Natalie B.
Social Media Marketing Manager
Occasional Participant

Hi,

 

As a small business the requirements of GDPR Compliance are a major concern and we are looking forward to receiving copies of your policies on cookies and data protection. We have used Constant Contact for several years and are delighted with the service we receive. We would not be happy if we had to cease using you simply because you couldn't comply in time to reassure us that everything would be in place.

 

One of our major concerns is whether or not keep our customer data on an EU based server.

Please can you confirm that this is one of the steps you will be implementing before 25th May 2018.

Kindest Regards,

 

Diane Wass, Partner, The Acorn Gallery, Pocklington UK

Hello @DianeW60

 

Thank you for bringing your concerns to us around GDPR. I have sent your concerns over to our Compliance team, who are the experts on this topic. When I have more information, I will update you via this thread. 

 

 

Hello @DianeW60
 

After speaking with our Compliance and Privacy teams, they have assured me of a few things: currently, all data you upload to Constant Contact is stored in the US, Constant Contact is Privacy Shield certified, and Constant Contact will be GDPR-compliant by May 25, 2018. Our teams are working hard to ensure that our customers are able to stay within the regulations set forth in GDPR by using our services. With this being said, please understand that both you and Constant Contact have obligations and requirements for GDPR compliance. For more information, we encourage you to take a look at our article here. As more information becomes available, we will be keeping that Knowledge Base article updated. 
 
Occasional Participant

Hi Samantha,

 

Thanks for getting back to me. We are currently reviewing all our processes and systems with a view to implementing protocols which make us fully GDPR compliant before the deadline. Thanks for the link - I will continue to watch for updates :smileyface:

 

Kindest Regards,

 

Diane :smileyface: