Global Email:Privacy and Global Email: Difference between revisions
No edit summary |
No edit summary |
||
Line 5: | Line 5: | ||
{{CustomTOC}} | {{CustomTOC}} | ||
==What is GDPR | ==What is GDPR?== | ||
As of the 25th of May 2018, the European Union implemented the General Data Protection Regulations (GDPR). | As of the 25th of May 2018, the European Union implemented the General Data Protection Regulations (GDPR). | ||
Line 28: | Line 28: | ||
Other information related to emails, namely information about domains, is not considered personal data. You may find that some requests do include contact information about the domain owner, but this information is gathered from external sources, all of which are GDPR compliant in their own right. | Other information related to emails, namely information about domains, is not considered personal data. You may find that some requests do include contact information about the domain owner, but this information is gathered from external sources, all of which are GDPR compliant in their own right. | ||
For Global Email specifically, we have gone beyond simple compliance. | |||
While GDPR does allow companies to store emails | While GDPR does allow companies to store unencrypted emails as long as they cannot be connected to other personally identifiable information, we have gone a step further. | ||
We store information about the connection status of the MX server in the form of encrypted hashes. This means that users get the best of both worlds: the performance of our non-European email verification, and the assurance that we are more than fully GDPR compliant. Additionally, all our encryption is one-way. | |||
It is important to note that GDPR does allow for US-based companies to leverage data gathered and stored outside of the GDPR sphere of influence. Therefore, we use our US-hosted cache of nearly 800 million emails to bolster email verification in Europe. | It is important to note that GDPR does allow for US-based companies to leverage data gathered and stored outside of the GDPR sphere of influence. Therefore, we use our US-hosted cache of nearly 800 million emails to bolster email verification in Europe. |
Revision as of 17:03, 14 October 2020
Global Email Navigation | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
| ||||||||
| ||||||||
| ||||||||
Sample Code |
What is GDPR?
As of the 25th of May 2018, the European Union implemented the General Data Protection Regulations (GDPR).
These regulations apply to anyone who processes data gathered or stored in the European Union, regardless of where the data processor is located.
Overall, GDPR obligates all data collectors and processors working in Europe or with European data to transparently collect, store, and process that data, and to do so with only the minimum amount of data needed for the task at hand.
Additionally, GDPR dictates that data systems must implement data privacy and protection by default.
Article 6 of GDPR outlines the 6 scenarios when an organization can legally use personal data at length. Overall, it comes down to either needing to, or doing so with the explicit consent of the individual source of the data.
On the consumer side, GDPR outlines many rights afforded to individuals regarding their data - rights to be informed, access, erasure, etc. Chapter 3 of the GDPR outlines these rights in full.
For more information, see this summary of GDPR from the European Union itself, or the full text of the regulations.
Is Global Email compliant with GDPR?
Melissa Data as a company is fully GDPR compliant.
Emails are overall less sensitive compared to other personal data, such as full names and addresses. GDPR does allow companies to store actual emails - no hashing or other obfuscation required - such that it is hard to connect any email to any other piece of personal information, whether internally or in the event of a breach.
Other information related to emails, namely information about domains, is not considered personal data. You may find that some requests do include contact information about the domain owner, but this information is gathered from external sources, all of which are GDPR compliant in their own right.
For Global Email specifically, we have gone beyond simple compliance.
While GDPR does allow companies to store unencrypted emails as long as they cannot be connected to other personally identifiable information, we have gone a step further.
We store information about the connection status of the MX server in the form of encrypted hashes. This means that users get the best of both worlds: the performance of our non-European email verification, and the assurance that we are more than fully GDPR compliant. Additionally, all our encryption is one-way.
It is important to note that GDPR does allow for US-based companies to leverage data gathered and stored outside of the GDPR sphere of influence. Therefore, we use our US-hosted cache of nearly 800 million emails to bolster email verification in Europe.
Please do not hesitate to reach out to us with any questions regarding our GDPR compliance.