Regarding GDPR there is still a lack of understanding as to how the rules impact the email marketing industry in countries outside the EU.
The regulation affects firms both inside and outside of the EU. GDPR is impacting any player that collects data on users who live in the EU (article 3 does not make any reference to citizenship). In other words, companies with visitors from EU countries, need to store, and utilise data according to the GDPR.
We, as a service provider, run servers physically located in the EU, and distribute opt-out links with an “access key” for each mailer. Also, data will be retained only for the period of our agreement with a client, and it will be used solely for the purposes covered by our platform (i.e. tracking unsubscribe requests), as required by any email compliance law.
Companies outside the EU might need to designate a representative in the EU. The representative can be subject to enforcement proceedings in case of non-compliance.
GDPR does allow for data transfers to countries whose legal regime is considered by the European Commission to provide for an “adequate” level of personal data protection (Argentina, Canada, New Zealand, Switzerland, Uruguay and the US but limited to the Privacy Shield framework).
GDPR regulation allow fines of up to 20 million Euros OR 4% of annual global revenue. We encourage you to become familiar with the GDPR law, and obtain legal advice as to how this may impact your business.