- Email Marketing subscriber opt ins. Rather than asking users to opt out of email marketing permission, we are now required to ask users to opt in. This change has already been implemented.
- Protecting customer data. You may have noticed customer emails and phone numbers have been removed from the attendee list. This is to protect loss of customer data. This is still available through your Tonic dashboard.
- Force password reset. GDPR laws state that any automatically generated password delivered in plain text to a user within an email will require a password change on first log-in. As of now, when you invite a new user to have access to your dashboard in Tonic, they won't be emailed their password, but instead a link to activate their own password/account.
When these new laws are in place we become your "data processor" and it is our responsibility to ensure that your data is stored and collected in a GDPR compliant manner. You become the "data controller" and it is your responsibility to then handle and use that data in a GDPR compliant manner. A good rule of thumb is "don't do anything stupid with your data" - don't bombard customers with marketing, do not email/phone/SMS them if they haven't opted into your marketing and don't leave copies of customer data downloaded and un-password protected on your laptops.
As the data processor we are not legally in a position to give you personal advice on how to control your data in a GDPR compliant manner, so if you are unsure on what is expected of you, we strongly advise you to do online research and perhaps seek professional assistance.
A) Does the data need to be destroyed after a certain period of time?
B) Do confirmation emails, follow up emails, reminder emails need marketing permission?
C) Do you need to get your database to re-opt in?