Personal data issues in the email database

Personal data issues in the email database

Have you collected contacts from orders or by other ways in the past and now do not know what to do with them? It is good to have an overview in your database, from which source you collected data about users. Do you know what personal information you can store in your email database?

Consent is always necessary

As for customers from orders, you can continue to use this database for marketing activities. Attention, here it is necessary to have the so-called authorized consent provided for the website.

However, if you do not know where you got some contacts from in a part of your database, you need to access the entire database in a slightly different way. It depends on whether you have obtained contacts from a pop-up window, competitions or otherwise. In this case, you need to use a reactivation campaign. Simply send a campaign to these customers to ask them and give them a voluntary opportunity to work with their data and use it for marketing purposes. If they do not give you permission, then unfortunately you can no longer process them.

Legitimate interest and consent

With a legitimate interest, you can only send a newsletter if the information obligation has been fulfilled. However, there is a condition that such newsletter is not personalized and not profiled. If you have full approval, you can post an advertising newsletter and work with the data that the user has agreed to.

IT solutions

In many SMEs, conventional IT solutions are not so sophisticated. When it comes to e-mail, they usually use their exchange server and their local e-mail systems, such as Outlook on employees' desktops. Searching and browsing old e-mails with personal information can be achieved in MS Exchange. These emails can be identified, moved to special storage, and then securely deleted using special deletion software. Finding and deleting such emails on an employee's computer can also be easy. Once identified, they can be moved to a designated repository and then safely removed by a specialized data wipe solution. This can be done either on the client computer or through a network connection by an IT administrator. Both processes work only for those emails that are active on the client computer.

Backed up emails

From a technical point of view, you can only find and safely delete emails that are still alive or accessible on the server. Backup emails pose a threat to GDPR compliance, and no simple solutions are available yet. Backup emails can be found, recovered, and extracted. However, by safely deleting personal information and e-mail from a backed-up mailbox, you can save the remaining e-mail as a completely new backup, especially if the backup is stored on a tape.

It is now up to companies that implement highly integrated solutions or have at least an email archiving system that can process, store and back up all data under one roof. And, if necessary, they are also able to safely delete data when needed. Using such a specialized archiving solution may be the best way to comply with GDPR. A more advanced solution that combines many more modern business management and processing tools, such as CRM, enterprise CMS, and more, is the best solution to avoid huge fines.