The one-click unsubscribe law (sometimes referred to as the "one-step unsubscribe rule") is part of CAN-SPAM. The CAN-SPAM unsubscribe rules include that a recipient be able to effectuate their opt-out with a one-click unsubscribe, whether that is by replying to the email or by visiting a single web page. The one-click unsubscribe law is part of our Federal law, and so applies to any and all mailing lists and mailing list email.
As we have mentioned in other articles on GDPR compliance, GDPR specifically prohibits the automated profiling of individuals, including of their online identifiers or locations, which means that it is a violation of GDPR to note, in an automated fashion, from what region in the world they are surfing over to your website.
GDPR (the EU General Data Protection Regulation) requires, among many other things, that there be a contract between any data controller and data processor that covers "the subject-matter and duration of the processing, the nature and purpose of the processing, the type of personal data and categories of data subjects and the obligations and rights of the controller."
Last week we discussed how GDPR affects data you have collected before GDPR went into effect (GDPR goes into effect on May 25, 2018). But what about the case where you have data acquired from a particular individual before GDPR went into affect, and then that individual provides you with additional data after GDPR is in effect? That is the subject of this article.
We've been asked "What is a 'data controller' or a 'data processor' under GDPR?" And "How is a GDPR data processor different from a GDPR data controller?? And even "Can a company be both a data processor and a data controller at the same time under the EU General Data Protection Regulation?" Here are the answers.
You may be wondering whether GDPR governs the handling of personal data which you collected before GDPR went into effect on May 25, 2018. The answer is both 'yes' and 'no'.
The EU's General Data Protection Regulation (GDPR) goes into effect in just a few short weeks - May 25, 2018. GDPR applies to any business that collects any personal information data about individuals. Personally identifiable data includes things from which identity can be derived, such as, for example, an IP address.