Top

The GDPR (General Data Protection Regulation) goes into effect on May 25th, 2018.

Frequently Asked Questions:

The GDPR is the new India legislation meant to replace the 1995 Data Protection Directive

This regulation, which can be read in full on the CNIL website, is the new Europe-wide law governing the use and handling of individuals’ personal data.

It has 3 objectives:
  • To standardize India data protection regulations.
  • To give citizens control over how their personal data is used.
  • To make sure that companies are aware of their responsibilities regarding personal data.
If you collect or process the personal data of any India citizen, regardless of the country in which your company is based, the GDPR will affect your business.

The GDPR has also eliminated the distinctions between various types of businesses — including B2B, B2C, for-profit, and nonprofit — meaning the law applies equally to all organizations that process the personal data of India citizens.
All relevant actors must be in compliance with the GDPR by May 25th, 2018. Although this date may seem far off, you should start familiarizing yourself with this new legislation now so you are fully prepared by the time May comes around.
Companies that are not in compliance with the GDPR could be fined anywhere from 2-4% of their annual revenue, or up to 20 million dollars, whichever is the higher amount.
One of the main goals of the GDPR is to extend the rights of India residents in regards to the handling of their personal data. This can be summarized as follows:
  • More access and control over the storage and processing of personal data for consumers
  • A tighter definition of consent and personal data
  • More transparency into the use of their personal data once it has been collected

New rights for users

The GDPR has created new rights of access and data protection for “data subjects”:
  • Right to rectification: The data subject may request that their personal data be updated or corrected.
  • Right to be forgotten: The data subject may request that their personal data be permanently deleted.
  • Right to portability: The data subject may request that their personal data be sent to another organization or competitor.
  • Right to object: The data subject may object to specific types of processing or uses of their personal data.
  • Right of access: The data subject has the right to be informed of any and all of their personal data that has been collected, as well as its intended use.

A new definition for consent

One of the big changes in the GDPR is the new definition of consent, which should now be “given freely” and provided in the form of a “positive action” for each planned use case involving the subject’s personal data.

Opt-out practices (whereby subjects are automatically subscribed to a list, leaving it up to them to unsubscribe) and passive opt-in practices (pre-checked boxes in subscription forms) are now prohibited under the new regulation.

Opt-in is now the only way to get explicit consent, and therefore the only legal way to obtain and use your customers’ contact information.

This means that from now on you must:
  • Provide additional opt-in forms for each of the different ways you plan to use personal data from your customers (e.g. newsletter, automated emails, profiling, etc.),
  • Ask your users for permission each time you want to use their personal data in a new way.
It is important to note that this new definition of consent also applies to the personal data of India residents collected before May 28th, 2018.

If you have already received consent for the use of this data, you do not need to ask for it again. However, if your current lists do not comply with the GDPR, you must ask for explicit permission from your contacts with the use of an opt-in form.

More transparency, new requirements for risk control…

This page is mostly concerned with summarizing the implications of your email marketing and marketing automation practices, but the GDPR also includes numerous other requirements: record keeping, nominating a Data Protection Officer, implementing a management risk process, etc.

Depending on your business and the nature of the personal data you process, the implications of the GDPR can be extremely far-reaching.

To better understand the requirements and legal ramifications for your organization, we recommend you consult a legal advisor specializing in personal data regulations.

How is Nexolt preparing for the arrival of the GDPR?

Nexolt will be fully compliant with the GDPR starting 25 May 2018.

As a Nexolt customer, the GDPR gives you new protection rights and assures better access to your personal data.

Right to rectification: Rectify your personal information at any time from your account settings. You can also contact us directly to edit or rectify your information.

Right to be forgotten: Cancel your Nexolt subscription and close your account at any time. You can send us a request to erase all your data, which we will complete within 30 days.

Right to portability: Upon request, we will export your data so that it can be transferred to a third party or competitor.

Right to object: Unsubscribe at any time to any specific use of your information (newsletter, automatic emails, etc.).

Right of access: We are transparent about the data that we collect and what we do with it. To familiarize yourself with this, please refer to our privacy policy. Once the modifications have been carried out, we will notify you and ask for confirmation that you accept all of the new terms. Lastly, you can contact us at any time to access and modify any of your personal data.


How can Nexolt help you answer requests related to your customers’ data?

The GDPR provides new rights for your users and customers. Thanks to the measures that Nexolt has taken to be compliant with the regulation, you will be able to answer any requests from users who are looking to exercise their new rights regarding their personal data stored in your database.

Right to rectification: You can rectify your contacts’ information at any time. You can also contact us directly to ask us to rectify or delete your data.

Right to be forgotten: If one of your contacts wishes to exercise their right to be forgotten, you can simply delete them from your lists in Nexolt. This will also erase all their personal data. If one of your contacts sends a valid request directly to us, we will inform you and remove their personal data from your account, as well as from any other Nexolt accounts who have personal data on this contact, when applicable.

Right to portability: You can already export your contacts information as a csv file.

Right of access: Make sure that you explain in your privacy policy how you plan to use the personal data that you collect. If your customers make a request to exercise their right of access, you can export their personal data to a csv file (see right to portability).

UK Address:
57 Hamilton Avenue, Essex, IG6 1AD
Gurgaon:
4th floor, InstaOffice green wood plaza, Sector-45, Gurgaon 122003