Features Pricing Learning keyboard_arrow_down How It Works Video GDPR Blog Case Studies Managed Campaigns For Small Business Free Marketing Plan Resourceskeyboard_arrow_down Why It Works Open Account Building Lists What Are Bounces? Why UK Based? Email marketing mistakes Email best practices Free email marketing templates Google analytics Email browser compatibility Domain verification Company keyboard_arrow_down Contact About Us Meet The Team UK Based Reviews Email Marketing Open Your Free Account

GDPR: Can UK companies still use US based email marketing suppliers?

Published: 29th January 2018

GDPR and Privacy Shield



If you are a UK company using a U.S based email marketing supplier, then there are some big changes on the way this year.

On May the 25th this year, the law is changing regarding how you collect, store and use your contact's private information. This new law is called GDPR, this stands for the General Data Protection Regulation. One of the principle areas affected by this is email marketing.

There are quite a few web based email marketing software solutions that make it easy for you to log in, upload your contacts and send a mailer to them. Over the past few years these applications have become incredibly popular.

Lots of these are base outside of the UK and some of the most popular are based outside of the E.U. It is important to bear in mind that if you are using one of these that is based in the U.S for example, when you upload your contact to their servers that you are exporting your contact's private information to another country.

By exporting your data in this way, you are leaving the protection of UK and currently EU laws, designed to protect the privacy rights of your contacts.

What does the EU say about using offshore suppliers?



The E.U says:

"Transfers may be made where the Commission has decided that a third country, a territory or one or more specific sectors in the third country, or an international organisation ensures an adequate level of protection."

So, GDPR does not prohibit you from using a U.S supplier for example - but the destination country for your data needs to have a data protection regulation in place that has been ratified by the E.U

They also say:

"Individuals' rights must be enforceable and effective legal remedies for individuals must be available following the transfer.

This means that an adequate and approved framework must be in place so that legal channels exist that EU citizens can pursue if they feel that their personal data has been misused by the company holding it."


What view does the EU take on using US companies?



Well, it's been an interesting few years regarding the frameworks that the U.S have had in place to regulate the use and transfer of private data.

Up until a few years ago, there was an agreement called 'The Safe Harbour' agreement in place. This agreement did not adequately cover the rights of E.U citizens according to the E.U, so it was therefore not recognized as an adequate level of cover.

In the summer of 2016, the U.S launched Privacy Shield, this agreement would hopefully meet the approval of the E.U. At this point there was no formal agreement in place that met the agreement of the E.U, Safe Harbour had completely broken down over that period.



The E.U have said that they recognise Privacy Shield if it incorporates the following provisions:


  • Strong obligations on companies handling Europeans' personal data and robust enforcement

  • Clear safeguards and transparency obligations on U.S. government access

  • Effective protection of EU citizens' rights with several redress possibilities



To date these provisions specified by the E.U have not been confirmed by the U.S.

This means that at the time of researching this topic that Privacy Shield, whilst agreed in principle - does not offer the scope of protection that GDPR requires.

What does this mean for UK companies using US suppliers



Well, if nothing changes, then when GDPR goes live in May it means that any UK company storing personal data in the U.S will technically be in breach of GDPR.

The fines for this are pretty substantial: they are upto 20 million euros o4 4% of global turnover.

So, it's really worth any U.K business taking a look at where their suppliers are based. If these suppliers are storing you databases in the U.S then it's time to take a look at changing suppliers.

What are the problems that UK companies may encounter?



Well, if you are using a U.S based company then the route for protecting your data from potential misuse by your U.S supplier is practically non existent for E.U companies.

In this country we have the full protection of the ICO, any U.K email marketing supplier will be registered with the ICO. This means that an easy to access channel is in place should you wish to make a complaint if you feel your data has been misused.

The Daily telegraphs says:

"Even with full compliance, storing your data in a different country can add complication to your business. For a start, you have the added problem that your data is subject to foreign law enforcement agencies and laws.

This may mean that you have to deal with legal challenges and law enforcement agencies that you find it difficult to communicate with."


Check list for a new supplier



Ok, so if you are currently with a supplier based outside of the GDPR zone, then perhaps it's time to start looking for a GDPR compliant supplier.

Sometimes, even if a company is based in the U.K - they may use servers that are based in the U.S. This still constitutes a breach of GDPR as your data is leaving the country.

With that in mind we've put together a handy checklist of questions to ask:

  • Can you please tell me where your servers are based?

  • Can I see your certificate of GDPR compliance?

  • Do you subcontract any part of your service to a third party

  • Do you have an appointed data protection officer (DPO)

  • Are you registered with the ICO?

  • Does your data centre hold any kind of ISO accreditations?


Summary



Ok, so there we are. So at this time, the E.U do not have sufficient comfort that The America Privacy Shield covers the rights of E.U citizens or offers a recognised route should they feel that their data has been misused.

So in order to get ready for GDPR, perhaps it's worth double checking that your email marketing software provider is GDPR compliant.


Continue watching
play_arrow
tips
What email marketing features does Email Blaster have?
In this week's email marketing video, we take a look at a small selection of the key features contained within the email blaster email marketing software. If you are looking for a UK based email marketing software provider, then why not check out email blaster. Free to try today: ++++++++++++++++++++++++++++++++++++++ https://www.emailblasteruk.com/free ++++++++++++++++++++++++++++++++++++++ #emailmarketing #GDPR #UK
play_arrow
tips
How much does email marketing cost with Email Blaster?
Email Blaster is UK based Email Marketing software. We offer great feature rich email marketing software, backed up with friendly knowledgeable support. We are all about competitive pricing and value for money. In this video, we explore the two pricing models: 1. Pay As You Go 2. Standard Monthly Fully GDPR compliant and based right there in the UK. Why not open up a free email marketing account, with no obligation and find out why Email Blaster is fast becoming the number choice for UK business: +++++++++++++++++++++++++++++++++ Join FREE: https://www.emailblasteruk.com/free +++++++++++++++++++++++++++++++++ #emailblaster #emailmarketing #UK #GDPR
play_arrow
tips
Risks for UK businesses storing their data in the U.S
This video focuses on looking at how GDPR works for UK businesses storing their data in the U.S. GDPR is The General Data Protection Regulation. It is an E.U law designed to regulate how companies use and store your private data. What does this mean for UK companies that use U.S based service suppliers though? #GDPR #Datastorage
play_arrow
tips
Ultimate guide to Email Marketing for small business & New starts
In this week's video, we take a look at how new start's and small businesses can make email marketing work for them. If used correctly email marketing can offer an extremely cost effective solution. It can be used stand alone, or as part of the overall marketing mix. Our handy guide will give you some great pointers to help make email marketing work for you. ************************************************ Ready to try email marketing for your business: https://www.emailblasteruk.com ************************************************ #emailmarketing #smallbusiness #newstart
play_arrow
tips
Why U.K companies should never use U.S based Email Marketing companies
In this week's email marketing video, why look at the main reasons why U.K based companies shouldn't use U.S based email marketing software. We take a look at the main reasons, including the GDPR implications and also highlighting the difficulties in dealing with an overseas based company. ++++++++++++++++++++++++++++++++++++ If you'd like to try email marketing, open a free account and get started today: https://www.emailblasteruk.com/free ++++++++++++++++++++++++++++++++++++ #emailmarketing #GDPR
play_arrow
tips
Why do my emails go into junk - 2019
Getting the balance right between your email marketing being inbox friendly and setting the right tone in terms of visual appearance and body text is a tough balance to achieve. If you have had problems with email marketing deliverability, then this video will help to give you the answers that you need. It outlines all the key areas that influence whether your email email marketing gets delivered to the inbox or the junk. If you follow the points covered, this will give you all of the tools to help get much better inbox placement. Looking to try email marketing or switch suppliers?... https://www.emailblasteruk.com/free
send beautiful email.
get started
Give us a call
01327
438077
Connect
Let's go
Where? Unit 10A
Burcote Wood Business Park
Towcester
Northants
NN12 8TA
Email Blaster is a trading name of JC Peters Ltd registered in England & Wales no. 07168254
UK based servers.